Messages

just migrated to dnsmasq (need this IPv6 prefix)
;)

Yes, I linked it in my first answer.

Thanks I'll read it (didn't see it the first time)

And the difference to DHCPv6-derived IPs is that SLAAC-provided IPs are pushed, i.e. they are applied immediately when the GUA prefix changes.

The only thing you do not have is "known" static IPv6s that you can reference in DNS names (because the prefix can change). Usually, you do not need them anyways, because you can always use the IPv4 for internal purposes in DNS. All of that is covered in the HOWTO I linked above.

https://forum.opnsense.org/index.php?topic=45822.0
This one ?
Thanks again

ISC DHCPv6 gives wan routable ipv6 from my ISP [...] to other devices

SLAAC can do that without any DHCP present at all.

Yes but at my knowledge without fixed IPs ?

every server inside the lan (homelab) has a statiq IP fddd:31e8:3076:XX:YY
DHCPv6 with prefix and RA managed on carpv6 (also updated with IPv6 changes) and RA advertises fddd:31e8:3076:XX:YY
Do not send any DNS configuration to clients

fddd:31e8:3076:: is an ULA prefix that is not routed outside of your LAN, unless you use NAT66 or you still have the assigned GUA prefix IPv6s on top for outside access. If you use those ULA IPs for server access, fine.

But then, why / how do you rely on ISC DHCPv6?

I can see only two things it could provide: routeable IPv6 addresses, which can be handed out via SLAAC as well and leases and/or reservations which allow to use internal DNS names (which you say you do not use).

Frankly, I do not get what you are missing.

Oupsi
yes you are right
and it's on purpose (internal dns for exemple with no wan rights)

then ISC DHCPv6 gives wan routable ipv6 from my ISP (2 servers are ban from being contacted from the outside world) to other devices (iphones windows mac etc)

If you have a changing prefix use dnsmasq for dhcpv6, it can construct from a partial prefix:

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements

Thank you :)
Already looked at it but I don't need dnsmasqu at all. Overkill for DHCP only ?

There is a problem with your approach with ISC DHCPv6 as well: The prefix change will potentially go unnoticed for as long as your lease time, because your clients will use the old prefix for as long.

With dynamic IPv6 prefixes, you basically have two choices:

a. Use SLAAC in "assisted" mode, where DHCPv6 only supplies the DNS server (besides RDNSS) - if at all, because DNSv4 is sufficient to supply both IPv4 and IPv6 resolution. This is the safest/easiest approach and shown here. Any local traffic is done via IPv4, such that you do not need DHCPv6 to supply specific IPv6 to your devices in order to adress those in DNS.

b. If you need to have fixed IPv6, you will need to use some adresses on top of GUA that you can use for internal DNS purposes. Keep in mind that LUA will probably not work, because it is prioritized lower than even IPv4. Still, you can use any unused IPv6 prefix.

every server inside the lan (homelab) has a statiq IP fddd:31e8:3076:XX:YY
DHCPv6 with prefix and RA managed on carpv6 (also updated with IPv6 changes) and RA advertises fddd:31e8:3076:XX:YY
Do not send any DNS configuration to clients

Not a single failure for ages but I do rely on ISC DHCPv6

thanks

Hello

I understand that ISC will be deprecated end of month.
Switching to a plugin for "legacy" purposes.

I want to know if
KEA or Dnsmasq DNS&DHCP can do the same magic that I have with ISC : prepopulation of subnet, subnet mask and available range form the LAN IPv6 ?

My ISP can change the IPv6 from time to time and this functionnality from ISC is a game changer in my case

Thanks for help

Hello all :)

Something is very bothering
with ISC DHCPv6
Subnet Subnet mask Available range are prepopulated

Not the case with kea or dnsmasq. Or am I missing something ?

Thanks for clarifications

Wrong post

Thanks :)

So in NPTv6
   2a01:cb00:xxxx:yyyy::/64   fd2a:ef:f0:73:xxxx::/64   None

from 2a01:cb00:xxxx:yyyy::11 ping fd2a:ef:f0:73:xxxx::53
request timed out

Not working

Hello

I have a functionnal ipv6 network

My ISP delegate 2a01:cb00:xxxx:xxxx::/64
Opnsense DHCP distribute ip with 2a01:cb00:xxxx:xxxx::

Everything is fine and runing.

But sometime my ISP changes the delegation. Not a good thing with server.

Could I use ULA for certains servers (Active Directory and Pi-Hole for exemple) and route 2a01:cb00:xxxx:xxxx:: to this ULA ?
How could I have fixed ipv6 in the lan whatever the prefix is ?

Thanks for help (I'm lost TBH)

Hello

Today I have inside ISC DHCPv6 two DNS server for everyone from the setting: "DNS servers"

Is there a way for a specific DHCPv6 Static Mappings to have different DNS server that the one for everyone ?

Thanks for help

ok
this is why my FW are crashing (no reboot juste gone for FW2)

Hello

I have a functionnal wireguard setting. I can ping everything over ipv4 (LAN or WAN)
But no access to ipv6 ping.

on server peers allowed IP: 0.0.0.0./0,::/64
on client : ::/0

Thanks for help