Project

General

Profile

Actions
Copy link

Feature #15632

closed

Feature Request: IPv6 EUI-64 support

Added by Jonathan Lee 7 days ago. Updated 5 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
DHCP Server (IPv6)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

Hello fellow Redmine community members

I can’t seem to find a way to enable EUI-64 on pfSense plus.

Is there a way we can add this feature?

Actions
Copy link
 #1

Updated by Jim Pingle 5 days ago

  • Status changed from New to Rejected

That's a bit ambiguous but also that isn't something a router/DHCP server does. That's a method for forming an IPv6 address but it's not one that's handled centrally.

DHCPv6 doesn't have a mechanism where the server knows the MAC of the client to form such an address, for example there are no options in Kea that form addresses in that way. It also conflicts with the idea of pulling random addresses from a pool when allocating from DHCP. When it does happen, the client does that on its own and the client chooses between actually using its MAC or randomizing the value for privacy.

When the client is allocating its own address in that way, it's called SLAAC and that is possible already. It's controlled via Router Advertisements (https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6-ra.html#dhcpv6-vs-stateless-address-autoconfiguration) when the mode is set for Unmanaged, Assisted, or Stateless DHCP modes.

Actions
Copy link
 #2

Updated by Jonathan Lee 5 days ago

Hello Jim I have found a way to active EUI-64 with some help of the Netgate forum. With the non KEA use of course

pfSense can enable this and it will reflect when you run a ipconfig /all

RESOLVED:

To enable EUI-64

change system tunables

net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1
ipv6_privacy=YES
check status IPV6 dhcp leases and specifically look at the DUID this will now reflect the MAC address of the host using the address. That is it. Mine are clear and match the MAC address now. Easy

"DUID (Device Unique Identifier) is a key part of the DHCPv6 protocol that helps to ensure that each client device on a network has a unique IP address. This prevents the possibility of duplicate IP assignments, which can lead to network issues such as routing loops and DNS conflicts."

The DUID will not utilize the 48-BIT mac address to help with assignment of ipv6 this can be broken down to find the MAC address after. Windows will automatically de-cipher the ipv6 to show the host MAC address now.

I just learned this. My Netflix kept saying I was in Germany with HE tunnel running this was my reason why I wanted it adapted

Actions
Copy link

Also available in: Atom PDF