Feature #13070
closed
Allow auto prefix with manual prefix-length in NPt
Added by Marcos M over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Description
The current NPt functionality in 22.05 does not allow for overriding the prefix-length of an automatically tracked interface. Allowing this would get around the following issue:
ISP provides Dynamic IPv6 with PD allowing a single prefix ID. Only a single interface can be configured with "Track Interface", hence needing to translate multiple ULA prefixes to a single GUA prefix. To avoid potential conflicts, NPt must be done with a prefix length such as /80.
This is covered in the feature redmine here:
https://redmine.pfsense.org/issues/4881#note-36
- Related to Feature #4881: Allow NPt to use dynamic IPv6 networks added
- Assignee set to Viktor Gurov
- Target version set to 2.7.0
- Plus Target Version set to 22.05
- Status changed from New to Pull Request Review
Thank you very much!! I'll have to wait for the dynamic prefix to change from the ISP to see how that goes, but testing this so far has gone well!
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently than the auto rule. For example:
Manual NPt rule:
# rule
Src prefix: fc00:0DB8:d9f3:5:5::/80
Dst prefix: 2001:0DB8:4407:e8:5::/80
# results
2001:0DB8:4407:e8:5::1[32320] (fc00:0DB8:d9f3:5:5::1[32320]) -> 2607:f8b0:4012:808::200e[32320]
2001:0DB8:4407:e8:50::1[50564] (fc00:0DB8:d9f3:50:50::1[50564]) -> 2607:f8b0:4012:808::200e[50564]
Auto NPt rule:
# rule
Src prefix: fc00:0DB8:d9f3:5:5::/80
Dst prefix: LAN (<track interface>/64) /80
# results
2001:0DB8:4407:e8::1[32320] (fc00:0DB8:d9f3:5:5::1[32320]) -> 2607:f8b0:4012:808::200e[32320]
2001:0DB8:4407:e8::1[50564] (fc00:0DB8:d9f3:50:50::1[50564]) -> 2607:f8b0:4012:808::200e[50564]
The translation should be fc00:0DB8:d9f3:50:50:x:x:x/80 to y:y:y:y:50:x:x:x/80 - so keep the ::50:x:x:x/80, don't replace it with ::x:x:x/80.
Marcos Mendoza wrote in #note-6:
The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently than the auto rule. For example:
Manual NPt rule:
[...]
Auto NPt rule:
[...]
The translation should be fc00:0DB8:d9f3:50:50:x:x:x/80 to y:y:y:y:50:x:x:x/80 - so keep the ::50:x:x:x/80, don't replace it with ::x:x:x/80.
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/730
- Status changed from Feedback to Pull Request Review
Applied patch and switched to /64 and it's looking good now. So it was the manual rule that was broken before and the /80 was unintentionally working around it. Now it all works with /64:
2001:0DB8:4407:e8:5::1[1554] (2001:0DB8:d9f3:5:5::1[1554]) -> 2607:f8b0:4012:808::200e[1554]
2001:0DB8:4407:e8:50:6a74:3ff5:eeac[1] (2001:0DB8:d9f3:50:50:6a74:3ff5:eeac[1]) -> 2607:f8b0:4000:80e::200e[1]
Nice!
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by