Hello
Is there a way to have 2 DHCP v6
first comes from ISP
2a01:cb00:c53:
Then second one from Windows DHCP
fd07:1972:2406:
I need to have an external ip from my ISP (it's currently working)
And 1 inside the lan
Thanks for help
Quote from: stanthewizzard on August 30, 2024, 10:30:35 AM
I need to have an external ip from my ISP (it's currently working)
And 1 inside the lan
But that "external IP" is also "inside LAN".
I would strongly suggest reading this thread: https://forum.opnsense.org/index.php?topic=33902.0
Finally, the inventor of DHCPv6 should be tortured daily.
yes you are totally right
doesn't bother me and this is ipv6 way
Currently I need to have for every machine
a lease 2a01:cb00:c53: (slaac)
a lease fd07:1972:2406: (windows dhcpv6)
Is this doable ?
thank you
Technically, SLAAC is not a "lease".
https://www.networkacademy.io/ccna/ipv6/stateless-address-autoconfiguration-slaac
It is doable but completely pointless at the same time. IPv4 will be preferred to ULA. Almost everywhere.
Perhaps describe your goal here instead of drafting solutions (for potentially non-existent problems).
;D for the non existent
So DNS are windows and with this IP fd07:1972:2406:2014::5 / fd07:1972:2406:2014::4
need to be able to have fixed ip also within this range
dhcp lease are 2a01:cb00:c53:
And want to be able to make 2a01:cb00:c53: ping fd07:1972:2406:2014::4 (the easiest way would be for every machine to have 2a01:cb00:c53: and fd07:1972:2406:2014:: address ?)
Thank you again
But - why? Use the GUA prefix on Windows DHCPv6 server. I mean, this whole thing is seriously pointless. To illustrate this, run the command on some Windows box:
netsh interface ipv6 show prefixpolicies
Querying active state...
Precedence Label Prefix
---------- ----- --------------------------------
50 0 ::1/128
40 1 ::/0
35 4 ::ffff:0:0/96
30 2 2002::/16
5 5 2001::/32
3 13 fc00::/7
1 11 fec0::/10
1 12 3ffe::/16
1 3 ::/96
50 is localhost, 40 is GUA. That 35 is IPv4 (well, IPv4 to IPv6 mapped addresses). Still WAY higher precedence than ULA (fc00::7).
Now, with that, try to ping some dual-stack hostname from that fd07:: and see for yourself what's gonna be used.
ok
and I'm unable to ping fd07:1972:2406:2014::4 :(
This is where I'm quite lost
EDIT:
And what I don't understand is. DNS has fd07:1972:2406:2014::4 and 2a01:cb00:c53:c5d6::16e4 (but not trace of that lease in the opnsense DHCPV6)
Uhm... what I am suggesting is to ditch the entire ULA idea unless you have a very specific reason for using it. (I want to play with pings is not one).
SLAAC + RA/RDNSS happily coexists with the DHCPv6 "design afterthought" if you insist on using it.
Quote
but not trace of that lease in the opnsense DHCPV6)
P.S. And do NOT run multiple DHCP servers unless configured for failover (which Windows DHCP server does not support with IPv6). Yeah, there's not a trace of something that's completely outside of the configured DHCP server scope, or what's stateless and not configured by DHCPv6 for that matter.)
OK
I have the lease now
Static one
I'll switch fully to 2a01:cb00:c53:c5d6::
There is no way to have some sort of private ipv6 address that can be routed between this public one (safe if ISP change the allocated prefix) ?
Quote from: stanthewizzard on August 30, 2024, 11:24:12 AM
There is no way to have some sort of private ipv6 address that can be routed between this public one (safe if ISP change the allocated prefix)
See, that's what I meant by
"describe your goal here". I assume you are looking for this:
https://docs.opnsense.org/manual/nptv6.html
And be sure to tick "full help" and
carefully read the notes there.
With that said, a sane ISP that does NOT change allocated prefixes is highly preferred.
More references:
- https://github.com/opnsense/core/issues/5284
I'm totally stucked with this ISP
My goal is not exactly that
ex:
windows 11 2a01:cb00:c53:c5d6::xxxx is unable to ping fd07:1972:2406:2014::4 (not cool as it is the dns server)
Thank again for all the help (really)
If you run the normal routing diagnostic (such as netstat -rn) on the client and the router, you'll quickly see why. (And no, running one DHCP server per prefix is certainly not the solution.)
I listened
Everything is 2a01:cb00:c53:c5d6::xxxx (and some wiht fixed IP)
I can ping fd07:1972:2406:2014::4 from any host (after a windows server reboot it was ok)
Everything is now ok
THANKS !!! :-*
Quote from: stanthewizzard on August 30, 2024, 12:33:39 PM
I listened
Everything is 2a01:cb00:c53:c5d6::xxxx (and some wiht fixed IP)
I can ping fd07:1972:2406:2014::4 from any host (after a windows server reboot it was ok)
Everything is now ok
THANKS !!! :-*
may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
(sorry if links are not allowed, please search in your favorite search engine for ipv6 ula is broken)
Quote from: CruxtheNinth on August 30, 2024, 12:51:14 PM
may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
I already linked to that indirectly (https://forum.opnsense.org/index.php?topic=33902.0), and expanded on that with a later post (https://forum.opnsense.org/index.php?topic=42557.msg210729#msg210729) offering a practical demo.
So yes, IOW - overall this is a nice exercise in getting dual-stack working that will not be used anyway.
Quote from: CruxtheNinth on August 30, 2024, 12:51:14 PM
Quote from: stanthewizzard on August 30, 2024, 12:33:39 PM
I listened
Everything is 2a01:cb00:c53:c5d6::xxxx (and some wiht fixed IP)
I can ping fd07:1972:2406:2014::4 from any host (after a windows server reboot it was ok)
Everything is now ok
THANKS !!! :-*
may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
(sorry if links are not allowed, please search in your favorite search engine for ipv6 ula is broken)
Added to pocket
Thanks
Quote from: doktornotor on August 30, 2024, 01:00:09 PM
Quote from: CruxtheNinth on August 30, 2024, 12:51:14 PM
may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
I already linked to that indirectly (https://forum.opnsense.org/index.php?topic=33902.0), and expanded on that with a later post (https://forum.opnsense.org/index.php?topic=42557.msg210729#msg210729) offering a practical demo.
So yes, IOW - overall this is a nice exercise in getting dual-stack working that will not be used anyway.
Everything is working now
thanks
Well, OK. It's working, just being unused. ;D
Must be the idea of "private addresses" from IPv4 experience that misleads people to try to use ULA.
Quote from: Patrick M. Hausen on August 30, 2024, 02:07:34 PM
Must be the idea of "private addresses" from IPv4 experience that misleads people to try to use ULA.
Probably, plus the stupid ISPs and changing prefixes. Making ULA less preferred than IPv4 in the stack somehow improved things here, at least using ULA does not break IPv4 on the way - https://datatracker.ietf.org/doc/html/rfc5220#section-2.2.2
Quote from: Patrick M. Hausen on August 30, 2024, 02:07:34 PM
Must be the idea of "private addresses" from IPv4 experience that misleads people to try to use ULA.
https://en.wikipedia.org/wiki/Unique_local_address
"...ULAs are somewhat analogous to IPv4 private network addressing,"
:P
"...but with significant differences."
;D
Quote from: doktornotor on August 30, 2024, 02:25:37 PM
Quote from: Patrick M. Hausen on August 30, 2024, 02:07:34 PM
Must be the idea of "private addresses" from IPv4 experience that misleads people to try to use ULA.
Probably, plus the stupid ISPs and changing prefixes. Making ULA less preferred than IPv4 in the stack somehow improved things here, at least using ULA does not break IPv4 on the way - https://datatracker.ietf.org/doc/html/rfc5220#section-2.2.2
This is exactly that
Stupid ISP
Misleading ipv4 habits