Feature #15632
closed
Feature Request: IPv6 EUI-64 support
Added by Jonathan Lee 7 days ago.
Updated 5 days ago.
Category:
DHCP Server (IPv6)
Description
Hello fellow Redmine community members
I can’t seem to find a way to enable EUI-64 on pfSense plus.
Is there a way we can add this feature?
- Status changed from New to Rejected
That's a bit ambiguous but also that isn't something a router/DHCP server does. That's a method for forming an IPv6 address but it's not one that's handled centrally.
DHCPv6 doesn't have a mechanism where the server knows the MAC of the client to form such an address, for example there are no options in Kea that form addresses in that way. It also conflicts with the idea of pulling random addresses from a pool when allocating from DHCP. When it does happen, the client does that on its own and the client chooses between actually using its MAC or randomizing the value for privacy.
When the client is allocating its own address in that way, it's called SLAAC and that is possible already. It's controlled via Router Advertisements (https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6-ra.html#dhcpv6-vs-stateless-address-autoconfiguration) when the mode is set for Unmanaged, Assisted, or Stateless DHCP modes.
Hello Jim I have found a way to active EUI-64 with some help of the Netgate forum. With the non KEA use of course
pfSense can enable this and it will reflect when you run a ipconfig /all
RESOLVED:
To enable EUI-64
change system tunables
net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1
ipv6_privacy=YES
check status IPV6 dhcp leases and specifically look at the DUID this will now reflect the MAC address of the host using the address. That is it. Mine are clear and match the MAC address now. Easy
"DUID (Device Unique Identifier) is a key part of the DHCPv6 protocol that helps to ensure that each client device on a network has a unique IP address. This prevents the possibility of duplicate IP assignments, which can lead to network issues such as routing loops and DNS conflicts."
The DUID will not utilize the 48-BIT mac address to help with assignment of ipv6 this can be broken down to find the MAC address after. Windows will automatically de-cipher the ipv6 to show the host MAC address now.
I just learned this. My Netflix kept saying I was in Germany with HE tunnel running this was my reason why I wanted it adapted
Also available in: Atom
PDF