IPv6 on LAN, SLAAC - no temporary addresses

[Maurice]

If you can't get a WAN address, a LAN interface address works, too. It has some caveats though. What if the LAN interface is down etc.? I see no reason not to use a WAN address if you can easily get one (which seems to be the case for @macklij).

There have been some requests to allow the WAN interface to track its own delegated prefix to create a WAN address. That would be a good solution for ISPs like @meyergru's.

[meyergru]

Yup, we discussed that and Franco tried to make it work, but it was more difficult than expected.

Luckily, my LAN interface is always up, so I can live with that. I would use it only in a pinch, however.

[macklij]

From this I take it Meyergru gets a /64 from his ISP? Otherwise wouldn't rely on the LAN GUA?

[bimbar]

If you can't get a WAN address, a LAN interface address works, too. It has some caveats though. What if the LAN interface is down etc.? I see no reason not to use a WAN address if you can easily get one (which seems to be the case for @macklij).

There have been some requests to allow the WAN interface to track its own delegated prefix to create a WAN address. That would be a good solution for ISPs like @meyergru's.

For those addresses you should use loopback interfaces, not physical ones.

[Maurice]

@macklij No. As mentioned, the WAN address typically is outside of the delegated prefix and assigned by the ISP independently (via DHCPv6 IA_NA or SLAAC). The size of the delegated prefix is unrelated to this. But some ISPs only offer a prefix and no WAN address at all (luckily not yours). In such a case, one can use the delegated prefix to create a WAN address (which is then inside the delegated prefix). Unfortunately, OPNsense doesn't support this (yet).

@bimbar A loopback interface with track6 configuration? Interesting idea. Could work.

[meyergru]

From this I take it Meyergru gets a /64 from his ISP? Otherwise wouldn't rely on the LAN GUA?

No, I get /56, but only an IPv6 prefix, no IPv6 GUA on the LAN interface. OpnSense has no means (yet) to assign a prefix to the WAN interface. Usually the DHCPv6 client tries to get both a prefix for delegation (IA_PD) and a WAN IPv6 (IA_NA). My ISP does not hand out anything at all if I ask for that, so by using the setting "Request only an IPv6 prefix", I get a /56 prefix only and make do by using the LAN IPv6 GUA instead.

[macklij]

@meyergru
@Maurice

Thanks for the explanations. I am beginning to get my head around IPv6.  Probably enough to be a danger to myself. 

[Maurice]

For those addresses you should use loopback interfaces, not physical ones.

I now tried this and it doesn't work. Loopback interfaces don't have a MAC address, so EUI-64 isn't possible. As a result, setting a loopback interface to "Track Interface" mode entirely breaks dhcp6c:

Code: [Select]

Notice dhcp6c link layer address is too short (lo1)
Notice dhcp6c failed to get default IF ID for lo1
Error dhcp6c failed to parse configuration file


[doktornotor]

I must be missing the grand idea behind turning a perfectly working setup into a collection of completely unneeded broken hacks.

You do NOT need GUA on WAN. Just move on.

[bimbar]

For those addresses you should use loopback interfaces, not physical ones.

I now tried this and it doesn't work. Loopback interfaces don't have a MAC address, so EUI-64 isn't possible. As a result, setting a loopback interface to "Track Interface" mode entirely breaks dhcp6c:

Code: [Select]

Notice dhcp6c link layer address is too short (lo1)
Notice dhcp6c failed to get default IF ID for lo1
Error dhcp6c failed to parse configuration file


You probably need a static prefix for that, but it would be the right way to do it, if it is possible.