I though (and wanted) my ipv6-ip to be static, (not the temporary ipv6-adresses of course, but the "secret" ipv6 address) but it doesn't seem to be, have i misunderstood something? Is there a setting that decides this?
My settings is IPv6 Configuration Type: DHCPv6 with Prefix delegation size 48
What is a "secret" address?
The first 48 bits of any routeable IPv6 (i.e. GUA) you are using is determined by your ISP. If he hands out dynamic prefixes, you obviously cannot have static GUAs, no matter how the lower 64 bits are determined. Why do you need static IPv6, seriously? If you really do, you can use only static ULAs in that situation.
Maybe it would be beneficial for you to read this (https://forum.opnsense.org/index.php?topic=45822.0).
Did you set a ,,DHCP Unique Identifier" and enabled ,,Prevent release" in Interfaces->Settings?
For the unique identifier you can use the ,,insert existing DUID" below the input field.
I don't actually know if it will work, but I had the same issue. But since I set the DUID yesterday, I ll get the same prefix after a reboot. Hope it will stay that way...
This explains the DUID: https://datatracker.ietf.org/doc/html/rfc8415
Quote from: meyergru on February 18, 2025, 09:27:08 PMWhat is a "secret" address?
The first 48 bits of any routeable IPv6 (i.e. GUA) you are using is determined by your ISP. If he hands out dynamic prefixes, you obviously cannot have static GUAs, no matter how the lower 64 bits are determined. Why do you need static IPv6, seriously? If you really do, you can use only static ULAs in that situation.
Maybe it would be beneficial for you to read this (https://forum.opnsense.org/index.php?topic=45822.0).
I am sure it is not the right way to say it, but I have several adresses, some are temporary and what the outside world normally uses to communicate with my computer, but there is also the "regular" ipv6-adress which no-one needs to know besides me.
I need it because it is more convenient to communicate with my gear if they have a static address. You can get around it with dyndns and the like but a static address is useful.
Quote from: senser on February 18, 2025, 09:32:55 PMDid you set a ,,DHCP Unique Identifier" and enabled ,,Prevent release" in Interfaces->Settings?
For the unique identifier you can use the ,,insert existing DUID" below the input field.
I don't actually know if it will work, but I had the same issue. But since I set the DUID yesterday, I ll get the same prefix after a reboot. Hope it will stay that way...
This explains the DUID: https://datatracker.ietf.org/doc/html/rfc8415
Thanks, I will try that, and see how it works out.
Quote from: flac_rules on February 19, 2025, 09:45:12 AMI am sure it is not the right way to say it, but I have several adresses, some are temporary and what the outside world normally uses to communicate with my computer, but there is also the "regular" ipv6-adress which no-one needs to know besides me.
I need it because it is more convenient to communicate with my gear if they have a static address. You can get around it with dyndns and the like but a static address is useful.
What you mean is the EUI-64-derived static IPv6 (often called "management address") vs. the dynamic "privacy extensions" IPv6. How to have both is explained in the linked article.
Quote from: meyergru on February 19, 2025, 10:02:17 AMQuote from: flac_rules on February 19, 2025, 09:45:12 AMI am sure it is not the right way to say it, but I have several adresses, some are temporary and what the outside world normally uses to communicate with my computer, but there is also the "regular" ipv6-adress which no-one needs to know besides me.
I need it because it is more convenient to communicate with my gear if they have a static address. You can get around it with dyndns and the like but a static address is useful.
What you mean is the EUI-64-derived static IPv6 (often called "management address") vs. the dynamic "privacy extensions" IPv6. How to have both is explained in the linked article.
Just to be clear, I have both, it is just that the static address isn't static. (that is, i am not sure what the "main/static" address is derived from, but i have 4 adresses, 2 temporary ones, one link-local and one "regular")
I fully understand your situation.
Note that I said "EUI-64-derived" address, meaning the static lower 64 bits of the GUA IPv6. I told you before that if your ISP does only dynamic prefixes, the whole GUA address cannot be static.
While you can try to keep your ISP from using dynamic prefixes, most ISPs will ignore that. I also gave you a link that explains how to handle that situation for different purposes and also shows how the static lower 64 bits are generated. Please read it and then keep asking questions.
OP, are you talking about LAN hosts here (as opposed to the firewall itself)?
If those hosts are Windows, this might be an interesting read: https://www.networkacademy.io/ccna/ipv6/ipv6-on-windows
If you want a "static" address on Windows hosts, I think your choices are to disable "RandomizeIdentifiers" (note that "UseTemporaryAddresses" should remain in effect), or use DHCPv6 with static mappings.