Feature #9224
closed
Cannot configure STATICALLY-allocated IPv6 addresses on pfSense
0%
Description
Hello,
On current version of pfSense, one cannot configure STATIC IPv6 addresses allocated by our ISP (RCS&RDS, Romania).
The ISP use the following scheme for offering static IPv6 to its clients:
a. a special /10 link-local address, provided by the ISP, must be configured statically on the client's device
b. for this address, the default gateway is also a link-local address (typically fe80::1 - apparently the ISP's CPE installed on the same physical wire, in client's home)
c. an IPv6 prefix of routable addresses (typically /128 or /64) is assigned to the client; at least one such address must be configured on the client's device, on the same interface
Current pfSense will not allow such a scheme, because:
- a link-local IPv6 address cannot be statically configured on an interface (pfSense signals an error)
- a link-local IPv6 address (such as fe80::1) cannot be designate as default-gateway (pfSense signals an error)
- it is presently difficult and counter-intuitive to configure multiple static IP addresses on the same interface, via the VirtualIP option
Please remove the three limitations above, in order to make pfSense usable for a large class of devices that need statically-configured IPv6 addresses, such as routers.
This suggestion was also opened as Request ID [#INC-17808] at NetGate Support.
Best regards,
Răzvan
Updated by Joshua Sign over 5 years ago
Hello,
Please can you tell us the pfsense version you use ?
I got 2.4.4_1 and there is "Static IPv6 Configuration" inputs in interfaces configuration, but i don't use it.
Can you repport the error you talk about ?
Maybe it could be the input validation error ?....
Regards,
Josh_
Updated by Răzvan Sandu over 5 years ago
Hello and thanks! :)
I've tested all this in the very latest version of pfSense, namely 2.4.4-p1, which I've downloaded from the official website and installed on a standard PC with multiple NICs (which I use as a router).
Indeed, there is an option for configuring static IPv6 addresses but, as I've explained in my initial ticket:
- a link-local IPv6 address (say fe80::2a02:2f0b:1c/10) cannot be statically configured on an interface ( pfSense signals an error )
- a link-local IPv6 address (such as fe80::1) cannot be designated as default-gateway (pfSense signals an error )
- it is presently difficult and counter-intuitive to configure multiple static IP (IPv6) addresses on the same interface, via the VirtualIP option
The scenario I've reported is easily reproducible by simply trying to set fe80::2a02:2f0b:1c/10 as a static IPv6 on a pfSense interface, with default gateway via fe80::1, as well as setting a "routable" IPv6 address (say 2a02:2f0b:1c:7:5e95:1338:e05e:6b73/64) as a secondary address on the same interface via the VirtualIP option.
IMHO, pfSense should directly allow setting multiple static IPv6 addresses on the same interface, no matter if they're link-local or not.
All this leads to the impossibility of using static IPv6 addresses assigned by ISP, via the scheme described in detail in the initial ticket. I suspect my ISP is not the only one using such a scheme, so removing these configuration barriers will widely expand pfSense's chances in the IPv6 world.
The good news for pfSense is that various other proprietary networking software, embedded in commercial hardware routers, still have such IPv6 quirks, so removing this configuration barrier in pfSense will increase its commercial advantage.
Friendly regards & a Happy New Year,
Răzvan
Updated by Jim Pingle over 4 years ago
- Category set to Interfaces
- Status changed from New to Rejected
This appears to work fine but you have the procedure backward. Set the routable address as the interface address, set the link-local as an IP alias VIP, and then the gateway can be created. Not sure how well it works since I don't have a similar setup to test but I received no errors when adding things that way. Follow up on the forum if you need assistance as this appears to be a configuration issue.