Text only | Text with Images

OPNsense Forum

English Forums => 26.1 Series => Topic started by: yarn on February 15, 2026, 08:27:28 PM

Title: [SOLVED] Static IPv6 address for only some devices?
Post by: yarn on February 15, 2026, 08:27:28 PM
How to set up DNSmasq (or Kea if needed) such that some devices will have a static IPv6 address?
I want most of my devices to use SLAAC (possibly with privacy extension), but for some I want them to have stable static addresses, so that I can register them with a dynamic DNS client. It doesn't matter if they have SLAAC addresses as well.

I could achieve this via DHCP ranges ::1000 ~ ::2000, but that makes all the devices DHCPv6 (Managed).
If I use :: as range, the leases are not offer to the devices, as the M bit in Router Advertisement is 0. Even if I explicitly enable DHCPv6 solicitation in clients, the router does not respond with a reply, even though static leases are present.
Is it possible to somehow only make only those devices do DHCPv6?
Or can I not offer addresses in DHCPv6 except for those devices?
Title: Re: Static IPv6 address for only some devices?
Post by: Maurice on February 15, 2026, 09:52:49 PM
You don't need DHCPv6 for that. SLAAC addresses are static, too. Devices may create temporary privacy addresses for outbound connections, but the primary SLAAC address uses a static interface identifier and is always available for inbound connections.

If your prefix changes, you can still use Dynamic DNS. The OPNsense DynDNS client allows combining a dynamic prefix with a static interface identifier.

Cheers
Maurice
Title: Re: Static IPv6 address for only some devices?
Post by: yarn on February 15, 2026, 11:11:24 PM
Quote from: Maurice on February 15, 2026, 09:52:49 PMSLAAC addresses are static, too.
...
The OPNsense DynDNS client allows combining a dynamic prefix with a static interface identifier.
I see, indeed! (Turns out what I meant was stable-privacy (https://www.networkmanager.dev/docs/api/latest/settings-ipv6.html) but it's stable as well.)
I found the token (https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#static:ADDRESS) option in systemd-networkd which lets SLAAC produce the simple static address I wanted.
Though I still prefer if there is a way to do this in OPNsense, so that these configurations are all in one place.
Title: Re: [SOLVED] Static IPv6 address for only some devices?
Post by: Maurice on February 16, 2026, 01:32:11 AM
A stable-privacy interface identifier (RFC 7217) is only stable as long as the prefix is stable, but then you wouldn't need dynamic DNS.
If your prefix is dynamic, you indeed have to use EUI-64 or a token (which most devices still do).

ISC DHCPv6 allows static mappings without an address range for dynamic leases. RA flags are configured independently (in radvd).
Kea does not (yet) support dynamic prefixes, so that's probably not an option.
Not sure about dnsmasq.
Text only | Text with Images