[SOLVED] Static IPv6 address for only some devices?

Started by yarn, February 15, 2026, 08:27:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 15, 2026, 08:27:28 PM Last Edit: Today at 12:40:16 AM by yarn
How to set up DNSmasq (or Kea if needed) such that some devices will have a static IPv6 address?
I want most of my devices to use SLAAC (possibly with privacy extension), but for some I want them to have stable static addresses, so that I can register them with a dynamic DNS client. It doesn't matter if they have SLAAC addresses as well.

I could achieve this via DHCP ranges ::1000 ~ ::2000, but that makes all the devices DHCPv6 (Managed).
If I use :: as range, the leases are not offer to the devices, as the M bit in Router Advertisement is 0. Even if I explicitly enable DHCPv6 solicitation in clients, the router does not respond with a reply, even though static leases are present.
Is it possible to somehow only make only those devices do DHCPv6?
Or can I not offer addresses in DHCPv6 except for those devices?
February 15, 2026, 09:52:49 PM #1
You don't need DHCPv6 for that. SLAAC addresses are static, too. Devices may create temporary privacy addresses for outbound connections, but the primary SLAAC address uses a static interface identifier and is always available for inbound connections.

If your prefix changes, you can still use Dynamic DNS. The OPNsense DynDNS client allows combining a dynamic prefix with a static interface identifier.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 15, 2026, 11:11:24 PM #2 Last Edit: Today at 02:28:41 AM by yarn
Quote from: Maurice on February 15, 2026, 09:52:49 PMSLAAC addresses are static, too.
...
The OPNsense DynDNS client allows combining a dynamic prefix with a static interface identifier.
I see, indeed! (Turns out what I meant was stable-privacy but it's stable as well.)
I found the token option in systemd-networkd which lets SLAAC produce the simple static address I wanted.
Though I still prefer if there is a way to do this in OPNsense, so that these configurations are all in one place.
Today at 01:32:11 AM #3
A stable-privacy interface identifier (RFC 7217) is only stable as long as the prefix is stable, but then you wouldn't need dynamic DNS.
If your prefix is dynamic, you indeed have to use EUI-64 or a token (which most devices still do).

ISC DHCPv6 allows static mappings without an address range for dynamic leases. RA flags are configured independently (in radvd).
Kea does not (yet) support dynamic prefixes, so that's probably not an option.
Not sure about dnsmasq.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions