How to configure DHCPv6 Static Mappings?

empbilly · Dec 1, 2015, 8:55 PM

Hello guys,

My dhcpv6 is enable togheter with RA in "Assisted" mode and router priority in "high".

I tried to configure static dhcpv6 for a computer with windows7, but not working.

Test that I try:

1. On a windows 7 that had taken ipv6 via RA I copied the DUID and tried to set up another statically ipv6 in "dhcpv6 static mapping", but it did not work.

What is the correct way to set up?

hda · Dec 1, 2015, 9:28 PM

Static IP for host with:
a) dhcp6-server + RA(managed) & no-block bogon networks in the LAN
OR
b) config (prefix+subnet+your64bitnumberofchoice) in the W7 host + pfSense RA(router-only)

empbilly · Dec 1, 2015, 9:38 PM

@hda:

Static IP for host with:
a) dhcp6-server + RA(managed) & no-block bogon networks in the LAN
OR
b) config (prefix+subnet+your64bit-numberofchoice) in the W7 host + pfSense RA(router-only)

Hda, thanks for the answer! :D

"no-block bogon networks" will go work with public IP/IPv6 configured on the interface vlan10, for example?

hda · Dec 1, 2015, 10:01 PM

@empbilly:

"no-block bogon networks" will go work with public IP/IPv6 configured on the interface vlan10, for example?

Yes with RA, (in Interfaces:"vLAN10") you need to allow broadcast to like ff02::, at least as long as this numbers are in that bogon list…

empbilly · Dec 2, 2015, 6:36 PM

Thanks for your help Hda! Everything works!

In windows pcs and linux with network-manager get an ip and default route automatically.

In linux without network-manager I setting manually iface eth/vlan inet6 dhcp + add default route and works.

Cya,

awebster · Dec 3, 2015, 9:14 PM

In Linux, you might need to adjust the system variables as follows:

net.ipv6.conf.eth0.accept_ra -> 1

This will enable the system to accept router advertisements and set the IPv6 default gateway automatically. By default this is disabled.

empbilly · Dec 4, 2015, 9:01 PM

@awebster:

In Linux, you might need to adjust the system variables as follows:

net.ipv6.conf.eth0.accept_ra -> 1

This will enable the system to accept router advertisements and set the IPv6 default gateway automatically. By default this is disabled.

I tried to set this, but not worked.

empbilly · Dec 10, 2015, 3:37 PM

Hello guys,

Any missconfiguration here. Some linux pcs get ipv6 by RA, but my configuration are in Dhcpv6. According to this link, when RA is set to "managed", clients will get addresses assigned only via dhcpv6.

My config:
pfsense 2.1.5 (I can't update the time, because I have no hardware available)
Vlan10 interface with uncheck Block bogon networks
Dhcpv6 enable with a specific range
RA with managed config, router priority high and the same range of dhcpv6

hda · Dec 10, 2015, 4:31 PM

@empbilly:

…when RA is set to "managed", clients will get addresses assigned only via dhcpv6 ...

Yes and that will be quasi-static, right ? RA will advertize your pfSense & DNS. You don't need DNS input OR RA priority high explicitly set. But what is your problem again, no 2.2.5 ?

empbilly · Dec 10, 2015, 4:37 PM

@hda:

Yes and that will be semi-static, right ?

What do you mean with "semi-static"?

@hda:

But what is your problem again, no 2.2.5 ?

No updated to 2.2.5 and no is a big problem, but as I say, some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

My pfsense version (2.1.5) may be the problem?

hda · Dec 10, 2015, 4:53 PM

@empbilly:

What do you mean with "semi-static"?

Sorry, quasi-static meaning as-if static.

…some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

Hmm, and what do you think is the task of RA and the DHCPv6Server ? Are you confusing with SLAAC ?

empbilly · Dec 10, 2015, 5:20 PM

Hmm, and what do you think is the task of RA and the DHCPv6Server ?

I am confused by your question. You asked me "if I think the problem is with the RA or the dhcpv6"?

Are you confusing with SLAAC ?

SLAAC == dhcpv6 disable and RA with Unmanaged configuration, right?

hda · Dec 10, 2015, 5:29 PM

@empbilly:

…some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

What do you mean by this statement ?? Maybe some screenshots of pfSense ?

empbilly · Dec 10, 2015, 6:01 PM

Ok. For your understanding. :D

Interface:

Dhcpv6:

R.A:

Static mapping:

xxxx:0:xxxx:3000::/63
3000::/64 subnet for static mappings
3001::/64 subnet for dhcpv6 and R.A

In my linux pc (ubuntu) not have network-manager and I configured the /etc/network/interfaces manually.

auto vlan300
iface vlan300 inet dhcp
vlan_raw_device eth0

iface vlan300 inet6 dhcp

My ifconfig:

Why so many addresses? My linux is crazy!? Pfsense is crazy!? :o

What do you mean by this statement ??

I think the pfsense in version 2.1.5 is broken and somehow is addressing both interface vlan300 addresses configuration as of dhcpv6 + RA configuration.

hda · Dec 10, 2015, 9:22 PM

First, 2.2.5 is the leading firmware ;)

Use /64 masks in config of static IPv6.
If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::
No need for RA LOW, just normal.
Do not specify anything for RA-subnets, (Nil input.)

You have some double and (SLAAC) addr for host. Restart host after corrections.
Hosts have /128 numbers.

empbilly · Dec 10, 2015, 7:17 PM

First, 2.2.5 is the leading firmware

Yea, I should be with 2.2.5, but I need another machine with 3 gb network card.

If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::

Not /64, but /63.
/63 have a range of 3000:: to :3001:ffff:ffff:ffff:ffff
So, 3000:: is for static mapping and 3001:: for dhcpv6

No need for RA LOW, just normal.

Ok.

Do not specify anything for RA-subnets, (Nil input.)

But, if I not specify antything, "the Router Advertisement (RA) Daemon will advertise to the subnet to which the router's interface is assigned." In router's interface we have assigned :3000::1/63.

You have some double and (SLAAC) addr for host. Restart host after corrections.

Restart host or just restart the network (/etc/init.d/networking restart)?

hda · Dec 10, 2015, 9:23 PM

@empbilly:

…In router's interface we have assigned :3000::1/63.

Do not do that ! You should stick to /64 masks.

Good luck with the exotic config.

empbilly · Dec 10, 2015, 7:29 PM

Do not do that ! You should stick to /64 masks.

Why not?

hda · Dec 11, 2015, 6:18 PM

Routing issues.
The first 64 bits are for the prefix with subnet.
The vLAN should have an unique subnet. So, :3000: xor :3001:
Last 64 bits reserved for the Interface ID (i.e. host addressing, i.e. SLAAC).

If you use DHCP6Server you could define xxx:3000::101 to xxx:3000::999 if you like.
And static with config on the host like xxx:3000::12 or xxx:3000::babe (/128) :)

awebster · Dec 11, 2015, 12:07 PM

@empbilly,
Forget what you've been doing with IPv4 subnets. The general consensus in the IPv6 world is that the "subnet" is no larger and no smaller than /64.
That leaves you with 64 bits of usable host addresses in a single subnet.
To put that into perspective 64 bits = The entire world's Internet MULTIPLIED BY The entire world's Internet, and there would still be loads of addresses left over squeezed into a single IPv6 subnet.
Technically when using only SLAAC its less, but still >40 bits.
The only place where you'd see a netmask larger than /64 would be in the case of RA prefix delegation on a router where it is expected that other routers on the same subnet would take the prefixes, again a /64, to use on one of their other interfaces.