Feature #13070
closed
Allow auto prefix with manual prefix-length in NPt
100%
Description
The current NPt functionality in 22.05 does not allow for overriding the prefix-length of an automatically tracked interface. Allowing this would get around the following issue:
ISP provides Dynamic IPv6 with PD allowing a single prefix ID. Only a single interface can be configured with "Track Interface", hence needing to translate multiple ULA prefixes to a single GUA prefix. To avoid potential conflicts, NPt must be done with a prefix length such as /80.
This is covered in the feature redmine here:
https://redmine.pfsense.org/issues/4881#note-36
Related issues
Updated by Viktor Gurov almost 2 years ago
- Related to Feature #4881: Allow NPt to use dynamic IPv6 networks added
Updated by Viktor Gurov almost 2 years ago
- Assignee set to Viktor Gurov
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Jim Pingle almost 2 years ago
- Status changed from New to Pull Request Review
Updated by Marcos M almost 2 years ago
Thank you very much!! I'll have to wait for the dynamic prefix to change from the ISP to see how that goes, but testing this so far has gone well!
Updated by Viktor Gurov almost 2 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 303c51fc2351300c3b5586bea0b885ada6a3f3e5.
Updated by Marcos M almost 2 years ago
The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently than the auto rule. For example:
Manual NPt rule:
# rule Src prefix: fc00:0DB8:d9f3:5:5::/80 Dst prefix: 2001:0DB8:4407:e8:5::/80 # results 2001:0DB8:4407:e8:5::1[32320] (fc00:0DB8:d9f3:5:5::1[32320]) -> 2607:f8b0:4012:808::200e[32320] 2001:0DB8:4407:e8:50::1[50564] (fc00:0DB8:d9f3:50:50::1[50564]) -> 2607:f8b0:4012:808::200e[50564]
Auto NPt rule:
# rule Src prefix: fc00:0DB8:d9f3:5:5::/80 Dst prefix: LAN (<track interface>/64) /80 # results 2001:0DB8:4407:e8::1[32320] (fc00:0DB8:d9f3:5:5::1[32320]) -> 2607:f8b0:4012:808::200e[32320] 2001:0DB8:4407:e8::1[50564] (fc00:0DB8:d9f3:50:50::1[50564]) -> 2607:f8b0:4012:808::200e[50564]
The translation should be fc00:0DB8:d9f3:50:50:x:x:x/80 to y:y:y:y:50:x:x:x/80 - so keep the ::50:x:x:x/80, don't replace it with ::x:x:x/80.
Updated by Viktor Gurov almost 2 years ago
Marcos Mendoza wrote in #note-6:
The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently than the auto rule. For example:
Manual NPt rule:
[...]Auto NPt rule:
[...]The translation should be
fc00:0DB8:d9f3:50:50:x:x:x/80toy:y:y:y:50:x:x:x/80- so keep the::50:x:x:x/80, don't replace it with::x:x:x/80.
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/730
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Pull Request Review
Updated by Marcos M almost 2 years ago
Applied patch and switched to /64 and it's looking good now. So it was the manual rule that was broken before and the /80 was unintentionally working around it. Now it all works with /64:
2001:0DB8:4407:e8:5::1[1554] (2001:0DB8:d9f3:5:5::1[1554]) -> 2607:f8b0:4012:808::200e[1554] 2001:0DB8:4407:e8:50:6a74:3ff5:eeac[1] (2001:0DB8:d9f3:50:50:6a74:3ff5:eeac[1]) -> 2607:f8b0:4000:80e::200e[1]
Nice!
Updated by Viktor Gurov almost 2 years ago
- Status changed from Pull Request Review to Feedback
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Resolved