Track Interface with 26.1

Started by mrt12, January 30, 2026, 03:04:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 30, 2026, 03:04:45 PM
Good day,
so I already switched in the past away from ISC DHCPD to Kea. It seemed to work fine so far, besides the fact that Kea cannot register DHCPv4 leases in DNS. But I can live with that, I generated static entries for the most important things, so its not a huge thing.

So today I just upgraded to 26.1 and also it still seems to work fine. However, I understand from the release notes, that "Track Interface" is something that is legacy and should not be used anymore. Also in the config page of my LAN interface it reads "Track interface (legacy)". So I tried to switch to "Identity Association" which, apparently, seems to be the new thing.
However, it gives me always the error:

Code Select
The DHCPv6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration.
I am confused, because under "Services", "Kea DHCPv6" it is disabled. Furthermore, I have uninstalled the ISC-DHCP Plugin, so to my understanding, the DHCPv6 server should not be running at all.

I think I would need this Identity Association, as I needed previously "Track Interface". This is because my ISP gives me a /56 IPv6 Prefix, and I want several subnets of it to be delegated to my different VLANs. So What do I need to change to achieve the same behaviour as before? is is it not even possible anymore?
Note that I don't use dnsmasq, I try the KEA route, as I have already configured it so far to my liking, so if possible, I will prefer not to switch. Also I would prefer not to go back to ISC, as I understand, this is end-of-life, so I don't want to use it anymore.
Also note that the IPs handed out by my ISP are technically not fixed ones. I have dynamic IPs, even though I notice that my IP has not changed since more than 2 years, but technically, I think it can any time, so for this reason my setup needs to be compatible with that and also the delegated prefixes.


January 30, 2026, 04:10:54 PM #1 Last Edit: January 30, 2026, 04:15:03 PM by franco
Should be this one:

# opnsense-patch https://github.com/opnsense/core/commit/c264c905


Cheers,
Franco

PS: you are right about the rest
Today at 01:53:54 PM #2
Hi everybody,

I will be in the same situation when I upgrade to 26.1 and honestly, I am somehow confused with the IPv6 topic.

I have a FTTH account with Telekom in Germany. I also get a /56 prefix.

My current setup:
KEA DHCP for IPv4. Different VLANs with different subnets.

For my VLAN interfaces and IPv6, I did the following:
- In the WAN interface I put "IPv6 Configuration Type: DHCPv6"
- In the LAN VLANS I put "IPv6 Configuration Type: Track interface"
 - Under "Track IPv6 Interface" I put my WAN interface and I assigned a unique prefix for each interface
- Under "Services" KEA DHCPv6 is disabled
- Under "Services" ISC DHCPv6 is enabled for the VLANs and shows the IP ranges
- "Service -> Router Advertisments" is set to "Assisted" for the single LAN VLANS.

DNSMasq is not enabled.

I have this IPv6 setup since the beginning and put it following a howto for my provider.

Will this still work with the 26.1 upgrade? (I think so with ISC running as a plugin...?)
More important: Is this the way to go? What would now be the recommended way for my setup?
- Different prefixes for my VLANS
- Dynamic IPv6 /56 prefix received from my provider when dialing in via PPPoE.

I think this will be relevant for a lot of users at least in Germany ;)


Cheers
Mario
Today at 02:36:33 PM #3
Again, nothing changes on the upgrade. We only added ways to get out of the historic automatic ISC-DHCPv6/Radvd integration which is also required to better configure Dnsmasq and Kea/Radvd IPv6 setups.


Cheers,
Franco
Today at 04:50:00 PM #4
Hi Franco,

thanks, clear.
However, what I would like to understand is if my way is currently still the recommended way with different prefixes for different subnets, or if there is now an alternative more "standard" way with KEA or DNSmasq.

Maybe I also not really understand the difference between "track interface" and "Identity Association".

Thanks
Mario
Today at 05:26:12 PM #5 Last Edit: Today at 05:28:25 PM by franco
Hi Mario,

The prefix behaviour doesn't change at all. dhcp6c distributes prefixes to LAN interfaces in both Track interface and Identity association mode.

What's up to you is how you want to provide DHCPv6 servers on LAN and this is where the Track/Identity modes start to differ marginally*. If you're already using Kea or DNSmasq for IPv6 in your LAN you can consider switching to Identity association but should check if you currently use Radvd as it will require manual configuration for your LAN interfaces then too (if you don't use Radvd - Router Advertisements then maybe Dnsmasq is already doing that also).


Cheers,
Franco

* To answer your question identity association is what track interface's "Allow manual adjustment of DHCPv6 and Router Advertisements" mode checked is. It will differ more in the future and Track interface will be phased out when ISC-DHCP is going to be removed which could be 2028 or so. We have no plans for removal yet.
Today at 06:23:26 PM #6
Quote from: franco on Today at 05:26:12 PMin the future and Track interface will be phased out when ISC-DHCP is going to be removed which could be 2028 or so.
But...

Maybe...

Just maybe...

It would be a good idea to start encouraging your users to already move to KEA/DNSmasqd/KEA+Radvd in combination with Identity Association to avoid a couple of things :
- ISC plug-in issues during future upgrades.
- A lot of misunderstanding about Track Interface vs. Identity Association and when to use which or why they both exist.

And minimize the amount of support needed for all of the above ?!



In my case I was kind of expecting things to go wrong with the ISC DHCP plug-in stuff so I have switched to KEA already in my 25.7.x install because I had a lot of bad experiences with this kind of upgrades in the past and wanted to avoid unnecessary issues in future updates/upgrades :)

(Sorry for showing a bit of lack of trust... LOL!)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 08:33:27 PM #7
> - ISC plug-in issues during future upgrades.

Unlikely.  The most critical transition is from 25.7.11 to 26.1. After that the required ISC-DHCP files will remain on the disk without further intervention. Normal erratic behaviour always applies but that's from other factors.

> - A lot of misunderstanding about Track Interface vs. Identity Association and when to use which or why they both exist.

We have time now to update the documentation as the situation evolves and people ask the same questions and 5 months to figure out the next steps before anything changes.  That's also why we opted for a maintenance free update regarding ISC DHCP functionality: add new features only and make sure they work as expected before removing other things.

> And minimize the amount of support needed for all of the above ?!

We're in the minimized version of the transition I hope.

> In my case I was kind of expecting things to go wrong with the ISC-DHCP plugin

That wasn't the goal here.  Maybe it wasn't clear.  Yet ISC-DHCP is the Sword of Damocles in this situation which could fall any second due to security related incidents.  We don't know, we don't expect it but it could always happen.  Now all the tools for migration are there.  If you have to use them that's a different question.  Personally, I still use ISC-DHCP for IPv4 and IPv6.

> (Sorry for showing a bit of lack of trust... LOL!)

Why not.  It's probably the smarter approach.  :)

Cheers,
Franco
Print
Go Up Pages1
User actions