IPv6 outbound NAT done with LLA instead of GUA

[r0000000m]

Hello,

I want to use outbound IPv6 NAT. But the NAT is done using the Link Local Address (LLA) instead of GUA (Globally Unique Address) when NATing to "Interface Address". So of course I can't reach the Internet. How could I customize that ?

As a workaround I created an Interface alias in order to NAT to this alias' IP. (IP 2001:db8:8101:f700::1).
But it's a static address and I want to be able to NAT to an IP address obtained via SLAAC, because there is no guarantee that my ISP won't change the SLAAC prefix 2001:db8:8101:f700::/56. And I can't create an Interface Alias with a SLAAC obtained IP.

Thanks !

Romain

Code Select Expand

vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
        ether 52:54:00:f2:98:08
        hwaddr 52:54:00:f2:98:08
        inet6 fe80::5054:ff:fef2:9808%vtnet1 prefixlen 64 scopeid 0x2
        inet6 2001:db8:8101:f700:5054:ff:fef2:9808 prefixlen 64 autoconf
        inet6 2001:db8:8101:f700::1 prefixlen 56
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active

Code Select Expand


nat on vtnet1 inet6 all -> (vtnet1:0) port 1024:65535

[jvandenbroek]

I have the exact same question, the only workaround is setting the address manually. In my case it's randomly assigned by the OpenVPN server, so I can't make it static. I think pfSense does support this, but haven't tested it (there is a manual for it). Hopefully someone can pick this up, thanks!