IPv6 on LAN, SLAAC - no temporary addresses

[Maurice]

If you can't get a WAN address, a LAN interface address works, too. It has some caveats though. What if the LAN interface is down etc.? I see no reason not to use a WAN address if you can easily get one (which seems to be the case for @macklij).

There have been some requests to allow the WAN interface to track its own delegated prefix to create a WAN address. That would be a good solution for ISPs like @meyergru's.

[meyergru]

Yup, we discussed that and Franco tried to make it work, but it was more difficult than expected.

Luckily, my LAN interface is always up, so I can live with that. I would use it only in a pinch, however.

[macklij]

From this I take it Meyergru gets a /64 from his ISP? Otherwise wouldn't rely on the LAN GUA?

[bimbar]

If you can't get a WAN address, a LAN interface address works, too. It has some caveats though. What if the LAN interface is down etc.? I see no reason not to use a WAN address if you can easily get one (which seems to be the case for @macklij).

There have been some requests to allow the WAN interface to track its own delegated prefix to create a WAN address. That would be a good solution for ISPs like @meyergru's.

For those addresses you should use loopback interfaces, not physical ones.

[Maurice]

@macklij No. As mentioned, the WAN address typically is outside of the delegated prefix and assigned by the ISP independently (via DHCPv6 IA_NA or SLAAC). The size of the delegated prefix is unrelated to this. But some ISPs only offer a prefix and no WAN address at all (luckily not yours). In such a case, one can use the delegated prefix to create a WAN address (which is then inside the delegated prefix). Unfortunately, OPNsense doesn't support this (yet).

@bimbar A loopback interface with track6 configuration? Interesting idea. Could work.

[meyergru]

From this I take it Meyergru gets a /64 from his ISP? Otherwise wouldn't rely on the LAN GUA?

No, I get /56, but only an IPv6 prefix, no IPv6 GUA on the LAN interface. OpnSense has no means (yet) to assign a prefix to the WAN interface. Usually the DHCPv6 client tries to get both a prefix for delegation (IA_PD) and a WAN IPv6 (IA_NA). My ISP does not hand out anything at all if I ask for that, so by using the setting "Request only an IPv6 prefix", I get a /56 prefix only and make do by using the LAN IPv6 GUA instead.

[macklij]

@meyergru
@Maurice

Thanks for the explanations. I am beginning to get my head around IPv6.  Probably enough to be a danger to myself.  :D

[Maurice]

For those addresses you should use loopback interfaces, not physical ones.

I now tried this and it doesn't work. Loopback interfaces don't have a MAC address, so EUI-64 isn't possible. As a result, setting a loopback interface to "Track Interface" mode entirely breaks dhcp6c:

Code Select Expand


Notice dhcp6c link layer address is too short (lo1)
Notice dhcp6c failed to get default IF ID for lo1
Error dhcp6c failed to parse configuration file


[doktornotor]

I must be missing the grand idea behind turning a perfectly working setup into a collection of completely unneeded broken hacks.

You do NOT need GUA on WAN. Just move on.

[bimbar]

For those addresses you should use loopback interfaces, not physical ones.

I now tried this and it doesn't work. Loopback interfaces don't have a MAC address, so EUI-64 isn't possible. As a result, setting a loopback interface to "Track Interface" mode entirely breaks dhcp6c:

Code Select Expand


Notice dhcp6c link layer address is too short (lo1)
Notice dhcp6c failed to get default IF ID for lo1
Error dhcp6c failed to parse configuration file


You probably need a static prefix for that, but it would be the right way to do it, if it is possible.