How to configure DHCPv6 Static Mappings?



  • Hello guys,

    My dhcpv6 is enable togheter with RA in "Assisted" mode and router priority in "high".

    I tried to configure static dhcpv6 for a computer with windows7, but not working.

    Test that I try:

    1. On a windows 7 that had taken ipv6 via RA I copied the DUID and tried to set up another statically ipv6 in "dhcpv6 static mapping", but it did not work.

    What is the correct way to set up?



  • Static IP for host with:
    a) dhcp6-server + RA(managed) & no-block bogon networks in the LAN
    OR
    b) config (prefix+subnet+your64bitnumberofchoice) in the W7 host + pfSense RA(router-only)



  • @hda:

    Static IP for host with:
    a) dhcp6-server + RA(managed) & no-block bogon networks in the LAN
    OR
    b) config (prefix+subnet+your64bit-numberofchoice) in the W7 host + pfSense RA(router-only)

    Hda, thanks for the answer! :D

    "no-block bogon networks" will go work with public IP/IPv6 configured on the interface vlan10, for example?



  • @empbilly:

    "no-block bogon networks" will go work with public IP/IPv6 configured on the interface vlan10, for example?

    Yes with RA, (in Interfaces:"vLAN10") you need to allow broadcast to like ff02::, at least as long as this numbers are in that bogon list…



  • Thanks for your help Hda! Everything works!

    In windows pcs and linux with network-manager get an ip and default route automatically.

    In linux without network-manager I setting manually iface eth/vlan inet6 dhcp + add default route and works.

    Cya,



  • In Linux, you might need to adjust the system variables as follows:

    net.ipv6.conf.eth0.accept_ra -> 1

    This will enable the system to accept router advertisements and set the IPv6 default gateway automatically.  By default this is disabled.



  • @awebster:

    In Linux, you might need to adjust the system variables as follows:

    net.ipv6.conf.eth0.accept_ra -> 1

    This will enable the system to accept router advertisements and set the IPv6 default gateway automatically.  By default this is disabled.

    I tried to set this, but not worked.



  • Hello guys,

    Any missconfiguration here. Some linux pcs get ipv6 by RA, but my configuration are in Dhcpv6. According to this link, when RA is set to "managed", clients will get addresses assigned only via dhcpv6.

    My config:
    pfsense 2.1.5 (I can't update the time, because I have no hardware available)
    Vlan10 interface with uncheck Block bogon networks
    Dhcpv6 enable with a specific range
    RA with managed config, router priority high and the same range of dhcpv6



  • @empbilly:

    …when RA is set to "managed", clients will get addresses assigned only via dhcpv6 ...

    Yes and that will be quasi-static, right ? RA will advertize your pfSense & DNS. You don't need DNS input OR RA priority high explicitly set. But what is your problem again, no 2.2.5 ?



  • @hda:

    Yes and that will be semi-static, right ?

    What do you mean with "semi-static"?

    @hda:

    But what is your problem again, no 2.2.5 ?

    No updated to 2.2.5 and no is a big problem, but as I say, some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

    My pfsense version (2.1.5) may be the problem?



  • @empbilly:

    What do you mean with "semi-static"?

    Sorry, quasi-static meaning as-if static.

    …some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

    Hmm, and what do you think is the task of RA and the DHCPv6Server ? Are you confusing with SLAAC ?



  • Hmm, and what do you think is the task of RA and the DHCPv6Server ?

    I am confused by your question. You asked me "if I think the problem is with the RA or the dhcpv6"?

    Are you confusing with SLAAC ?

    SLAAC == dhcpv6 disable and RA with Unmanaged configuration, right?



  • @empbilly:

    …some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

    What do you mean by this statement ?? Maybe some screenshots of pfSense ?



  • Ok. For your understanding. :D

    Interface:

    Dhcpv6:

    R.A:

    Static mapping:

    xxxx:0:xxxx:3000::/63
    3000::/64 subnet for static mappings
    3001::/64 subnet for dhcpv6 and R.A

    In my linux pc (ubuntu) not have network-manager and I configured the /etc/network/interfaces manually.

    auto vlan300
    iface vlan300 inet dhcp
    vlan_raw_device eth0
    
    iface vlan300 inet6 dhcp
    
    

    My ifconfig:

    Why so many addresses? My linux is crazy!? Pfsense is crazy!? :o

    What do you mean by this statement ??

    I think the pfsense in version 2.1.5 is broken and somehow is addressing both interface vlan300 addresses configuration as of dhcpv6 + RA configuration.



  • First, 2.2.5 is the leading firmware ;)

    Use /64 masks in config of static IPv6.
    If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::
    No need for RA LOW, just normal.
    Do not specify anything for RA-subnets, (Nil input.)

    You have some double and (SLAAC) addr for host. Restart host after corrections.
    Hosts have /128 numbers.



  • First, 2.2.5 is the leading firmware

    Yea, I should be with 2.2.5, but I need another machine with 3 gb network card.

    If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::

    Not /64, but /63.
    /63 have a range of 3000:: to :3001:ffff:ffff:ffff:ffff
    So, 3000:: is for static mapping and 3001:: for dhcpv6

    No need for RA LOW, just normal.

    Ok.

    Do not specify anything for RA-subnets, (Nil input.)

    But, if I not specify antything, "the Router Advertisement (RA) Daemon will advertise to the subnet to which the router's interface is assigned." In router's interface we have assigned :3000::1/63.

    You have some double and (SLAAC) addr for host. Restart host after corrections.

    Restart host or just restart the network (/etc/init.d/networking restart)?



  • @empbilly:

    …In router's interface we have assigned :3000::1/63.

    Do not do that ! You should stick to /64 masks.

    Good luck with the exotic config.



  • Do not do that ! You should stick to /64 masks.

    Why not?



  • Routing issues.
    The first 64 bits are for the prefix with subnet.
    The vLAN should have an unique subnet. So, :3000: xor :3001:
    Last 64 bits reserved for the Interface ID (i.e. host addressing, i.e. SLAAC).

    If you use DHCP6Server you could define xxx:3000::101 to xxx:3000::999 if you like.
    And static with config on the host like xxx:3000::12 or xxx:3000::babe (/128)  :)



  • @empbilly,
    Forget what you've been doing with IPv4 subnets.  The general consensus in the IPv6 world is that the "subnet" is no larger and no smaller than /64.
    That leaves you with 64 bits of usable host addresses in a single subnet. 
    To put that into perspective 64 bits = The entire world's Internet MULTIPLIED BY The entire world's Internet, and there would still be loads of addresses left over squeezed into a single IPv6 subnet.
    Technically when using only SLAAC its less, but still >40 bits.
    The only place where you'd see a netmask larger than /64 would be in the case of RA prefix delegation on a router where it is expected that other routers on the same subnet would take  the prefixes, again a /64, to use on one of their other interfaces.


Log in to reply