2 dhcpv6 in LAN (solved)

[stanthewizzard]

Hello

Is there a way to have 2 DHCP v6
first comes from ISP
2a01:cb00:c53:

Then second one from Windows DHCP
fd07:1972:2406:

I need to have an external ip from my ISP (it's currently working)
And 1 inside the lan

Thanks for help

[doktornotor]

I need to have an external ip from my ISP (it's currently working)
And 1 inside the lan

But that "external IP" is also "inside LAN".

I would strongly suggest reading this thread: https://forum.opnsense.org/index.php?topic=33902.0

Finally, the inventor of DHCPv6 should be tortured daily.

[stanthewizzard]

yes you are totally right
doesn't bother me and this is ipv6 way

Currently I need to have for every machine
a lease 2a01:cb00:c53: (slaac)
a lease fd07:1972:2406: (windows dhcpv6)

Is this doable ?
thank you

[doktornotor]

Technically, SLAAC is not a "lease".
https://www.networkacademy.io/ccna/ipv6/stateless-address-autoconfiguration-slaac

It is doable but completely pointless at the same time. IPv4 will be preferred to ULA. Almost everywhere.

Perhaps describe your goal here instead of drafting solutions (for potentially non-existent problems).

[stanthewizzard]

 ;D for the non existent

So DNS are windows and with this IP fd07:1972:2406:2014::5 / fd07:1972:2406:2014::4
need to be able to have fixed ip also within this range

dhcp lease are 2a01:cb00:c53:

And want to be able to make 2a01:cb00:c53: ping fd07:1972:2406:2014::4 (the easiest way would be for every machine to have 2a01:cb00:c53: and fd07:1972:2406:2014:: address ?)

Thank you again

[doktornotor]

But - why? Use the GUA prefix on Windows DHCPv6 server. I mean, this whole thing is seriously pointless. To illustrate this, run the command on some Windows box:

Code Select Expand


netsh interface ipv6 show prefixpolicies
Querying active state...

Precedence  Label  Prefix
----------  -----  --------------------------------
        50      0  ::1/128
        40      1  ::/0
        35      4  ::ffff:0:0/96
        30      2  2002::/16
         5      5  2001::/32
         3     13  fc00::/7
         1     11  fec0::/10
         1     12  3ffe::/16
         1      3  ::/96


50 is localhost, 40 is GUA. That 35 is IPv4 (well, IPv4 to IPv6 mapped addresses). Still WAY higher precedence than ULA (fc00::7).

Now, with that, try to ping some dual-stack hostname from that fd07:: and see for yourself what's gonna be used.

[stanthewizzard]

ok

and I'm unable to ping fd07:1972:2406:2014::4 :(

This is where I'm quite lost

EDIT:
And what I don't understand is. DNS has fd07:1972:2406:2014::4 and 2a01:cb00:c53:c5d6::16e4 (but not trace of that lease in the opnsense DHCPV6)

[doktornotor]

Uhm... what I am suggesting is to ditch the entire ULA idea unless you have a very specific reason for using it. (I want to play with pings is not one).

SLAAC + RA/RDNSS happily coexists with the DHCPv6 "design afterthought" if you insist on using it.

but not trace of that lease in the opnsense DHCPV6)

P.S. And do NOT run multiple DHCP servers unless configured for failover (which Windows DHCP server does not support with IPv6). Yeah, there's not a trace of something that's completely outside of the configured DHCP server scope, or what's stateless and not configured by DHCPv6 for that matter.)

[stanthewizzard]

OK

I have the lease now
Static one

I'll switch fully to 2a01:cb00:c53:c5d6::

There is no way to have some sort of private ipv6 address that can be routed between this public one (safe if ISP change the allocated prefix) ?

[doktornotor]

There is no way to have some sort of private ipv6 address that can be routed between this public one  (safe if ISP change the allocated prefix)

See, that's what I meant by "describe your goal here". I assume you are looking for this:
https://docs.opnsense.org/manual/nptv6.html

And be sure to tick "full help" and carefully read the notes there.

With that said, a sane ISP that does NOT change allocated prefixes is highly preferred.

More references:
- https://github.com/opnsense/core/issues/5284

[stanthewizzard]

I'm totally stucked with this ISP

My goal is not exactly that
ex:
windows 11 2a01:cb00:c53:c5d6::xxxx is unable to ping fd07:1972:2406:2014::4 (not cool as it is the dns server)

Thank again for all the help (really)

[doktornotor]

If you run the normal routing diagnostic (such as netstat -rn) on the client and the router, you'll quickly see why. (And no, running one DHCP server per prefix is certainly not the solution.)

[stanthewizzard]

I listened

Everything is 2a01:cb00:c53:c5d6::xxxx (and some wiht fixed IP)

I can ping fd07:1972:2406:2014::4 from any host (after a windows server reboot it was ok)

Everything is now ok

THANKS !!!  :-*

[CruxtheNinth]

I listened

Everything is 2a01:cb00:c53:c5d6::xxxx (and some wiht fixed IP)

I can ping fd07:1972:2406:2014::4 from any host (after a windows server reboot it was ok)

Everything is now ok

THANKS !!!  :-*

may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/

(sorry if links are not allowed, please search in your favorite search engine for ipv6 ula is broken)

[doktornotor]

may i recommend reading into: https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/

I already linked to that indirectly, and expanded on that with a later post offering a practical demo.

So yes, IOW - overall this is a nice exercise in getting dual-stack working that will not be used anyway.