advertise both ULA and GUA over ipv6 dhcpv6?

Started by js-opnsense, October 19, 2021, 01:51:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 19, 2021, 01:51:42 AM Last Edit: October 19, 2021, 01:56:45 AM by js-opnsense
Hi all,

Can anyone share a working config for a home IPv6 setup in which LAN clients get addresses from both a GUA prefix and a ULA prefix? I'd like to get SLAAC, and DHCPv6 ("Assisted" mode) working across _two_ subnets on my LAN.

The end goal I want is for the clients on my home network to get v6 addresses from two subnets:

(1) - the IPv6 prefix delegated from my Telus ISP to my WAN interface.  <GUA>/56
(2) - the local ULA prefix I chose (starting with fc/7:: ). <ULA>/48.

It seems I can either configure my LAN interface v6 config to:

  a.  "Static IPv6", in which case my clients get only addresses from (2).

  b. set the v6 LAN interface config to "Tracked" on the WAN, in which case my clients only get addresses from the GUA ISP-delegated prefix (1).


How do you get dhcpv6d and radvd to serve the two subnets simultaneously?

(In case it matters, I only have two physical interfaces on the router, WAN and LAN. I assume it might be possible to create some sort of virtual interface?)

Thanks

References: https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html  This article only got me halfway.

Running:
OPNsense 21.7.3_3-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021
October 19, 2021, 08:37:41 AM #1 Last Edit: October 19, 2021, 09:44:32 AM by Greelan
I only use SLAAC myself. In that case it is a simple matter of having the LAN track WAN for GUAs, and to configure ULAs as Virtual IPs (setting a /64 address as IP Alias for LAN). Radvd does the rest - it is set to Unmanaged in my case

Make sure you have checked the "Allow manual adjustment of DHCPv6 and router advertisements" in the LAN interface config, to allow full flexibility on configuration

I am not certain though that DHCPv6 will accommodate ULAs. It seems only to recognise the GUA prefix when I look at my settings

Edit: there is also this thread: https://forum.opnsense.org/index.php?topic=10035.0
January 08, 2025, 09:08:39 AM #2
Quote from: Greelan on October 19, 2021, 08:37:41 AMI only use SLAAC myself. In that case it is a simple matter of having the LAN track WAN for GUAs, and to configure ULAs as Virtual IPs (setting a /64 address as IP Alias for LAN). Radvd does the rest - it is set to Unmanaged in my case


I literally set my virtual ip as 'fd77:2ac4:81ba::/48' which seems to work for clients getting a ULA, but also causes an issue with ntp if it tries to bind. You mentioned a /64 - did you use the CIDR similar to above, or an actual address? Was the type of the virtual ip just a regular virtual ip, or other?
January 08, 2025, 10:22:21 AM #3
The VIP should be a host address within the subnet (at least that's what makes sense to me, and what has worked for me). Also you most likely want your LAN subnet to be /64, so the VIP might be something like fd77:2ac4:81ba:1234::1/64

I don't think you'll be able to get DHCP to handle the VIP, although I haven't tried...
January 09, 2025, 06:19:14 PM #4
While I haven't used NPTv6 myself yet, it sounds like that may be a solution. Assign local prefixes to your networks, then translate them to global ones as required.

May I ask what the exact problem is you want to solve? Why not use GUAs throughout?
Print
Go Up Pages1
User actions