Welcome Guest ( Log In | Register )

69 Pages « < 66 67 68 69 >Bottom

Outline · [ Standard ] · Linear+

Unifi TMnet Streamyx/Unifi & IPv6, Now live!

views
     
squall0833
post Mar 6 2022, 11:24 PM

Regular
******
Senior Member
1,444 posts

Joined: Oct 2006
From: Jupiter


QUOTE(Anime4000 @ Mar 3 2022, 07:21 PM)
I at my office, yeah same problem, we had to disable IPv6 in Windows able to access website and stuff

rebooting router also not fix it
*
still not working leh

router shows connected ipv6

but windows pc or any phone on wifi have no ipv6 internet access

jasondotcom
post Mar 10 2022, 09:23 AM

F**K RACISM
******
Senior Member
1,630 posts

Joined: Jan 2003


Uhh noob question here. What is the point of this ipv6 over the ipv4?
Mr_47
post Jun 20 2022, 12:14 AM

***NOT MODERATOR *** Post : +10,000,000,00 Warn: 100%
*******
Senior Member
4,316 posts

Joined: Jan 2003
From: Bora-bora u jelly? Special: Age of multi-monitor



still dont use 2022

i dunno when i enable then got slow

better ipv4

and ps5 cant connect to unifi router lan if router set to enable both ipv4 and ipv6 so need to disable ipv6

This post has been edited by Mr_47: Jun 20 2022, 12:14 AM
rogue
post Aug 8 2022, 08:59 AM

Getting Started
**
Junior Member
75 posts

Joined: Jun 2006
This much I know for Home Unifi broadband, TM IPv6 assign /64 dynamic-prefix so when you reconnect or reboot router, you get new prefix but your devices still using old prefix address and when you try to access say youtube or any IPv6 sites the page just loading..

There's 2 ways to solve this:

1* reduce IPv6 DHCP leasetime to say 3 mins or lower in your router(troublesome)

2* TM assign static-prefix(best option)

If many customers bomb TM requesting to change from dynamic-prefix to static-prefix then maybe have hope :>

This post has been edited by rogue: Aug 8 2022, 09:02 AM
rogue
post Aug 8 2022, 09:11 AM

Getting Started
**
Junior Member
75 posts

Joined: Jun 2006
QUOTE(jasondotcom @ Mar 10 2022, 09:23 AM)
Uhh noob question here. What is the point of this ipv6 over the ipv4?
*
v4 is depleted already or almost there and it become 'rare' and expensive. v6 created to remedy this issue and enough IP for every human, animal, insect on this planet till doomsday..
rogue
post Aug 8 2022, 09:15 AM

Getting Started
**
Junior Member
75 posts

Joined: Jun 2006
QUOTE(squall0833 @ Mar 6 2022, 11:24 PM)
still not working leh

router shows connected ipv6

but windows pc or any phone on wifi have no ipv6 internet access
*
On Windows you can try in terminal this commands:

netsh int ipv6 sh addr | findstr 2001


If it show more than 2 IPv6 IP then your PC is still using old IPv6 address rather than new one.

Another command is: ping -6 www.google.com

see got reply or not.

soonwai
post Aug 10 2022, 02:39 AM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


QUOTE(rogue @ Aug 8 2022, 08:59 AM)
This much I know for Home Unifi broadband, TM IPv6 assign /64 dynamic-prefix so when you reconnect or reboot router, you get new prefix but your devices still using old prefix address and when you try to access say youtube or any IPv6 sites the page just loading..

There's 2 ways to solve this:

1* reduce IPv6 DHCP leasetime to say 3 mins or lower in your router(troublesome)

2* TM assign static-prefix(best option)

If many customers bomb TM requesting to change from dynamic-prefix to static-prefix then maybe have hope :>
*
What router are you using?

I also have the same problem with Mikrotik routers. However the solution is already in RFC9096. https://datatracker.ietf.org/doc/html/rfc9096

Many consumer routers I've seen are already doing this. It should deprecate the old prefixes when it gets a new one.

Like this:
CODE
% ifconfig en0
...
       inet6 2001:e68:5428:127b:141a:323b:3ea4:d300 prefixlen 64 deprecated autoconf secured
inet6 2001:e68:5428:127b:b1bd:556:6d06:843e prefixlen 64 deprecated autoconf temporary
inet6 2001:e68:5428:1308:88f:b395:75f1:bdce prefixlen 64 deprecated autoconf secured
inet6 2001:e68:5428:1308:a993:328a:8402:be2c prefixlen 64 deprecated autoconf temporary
inet6 2001:e68:5428:13f0:c9e:6d43:ad54:5571 prefixlen 64 deprecated autoconf secured
inet6 2001:e68:5428:13f0:bd51:c64f:9f4a:4704 prefixlen 64 deprecated autoconf temporary
inet6 2001:e68:5428:13f1:cad:93e6:2fe4:3acf prefixlen 64 deprecated autoconf secured
inet6 2001:e68:5428:13f1:cd56:5a78:c09f:754a prefixlen 64 deprecated autoconf temporary
inet6 2001:e68:5428:16ea:4:35:3e20:151d prefixlen 64 autoconf secured
inet6 2001:e68:5428:16ea:c41a:47c2:fdf:4204 prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex>)
status: active

This is after recycling my PPPoE connection a few times.

Unfortunately MikroTik RouterOS doesn't do this yet (since <2013) so have to use a script to check for new & different prefix and deprecate the old one every time PPPoE cycles and DHCPv6_Client gets a new /64. Which is basically RFC9096. doh.gif

This post has been edited by soonwai: Aug 10 2022, 05:40 PM
papyrous
post Aug 10 2022, 12:39 PM

Getting Started
**
Junior Member
196 posts

Joined: May 2017
QUOTE(soonwai @ Aug 10 2022, 02:39 AM)
What router are you using?

I also have the same problem with Mikrotik routers. However the solution is already in RFC9096. Or even better if TM would just give us the same /64 every time.https://datatracker.ietf.org/doc/html/rfc9096

Many consumer routers I've seen are already doing this. It should deprecate the old prefixes when it gets a new one.
*
I think this is why when using OPNsense +IPv6, on TM side it freezes and I'm unable to reauthenticate. had to call TM to reset account
soonwai
post Aug 10 2022, 05:42 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


QUOTE(papyrous @ Aug 10 2022, 12:39 PM)
I think this is why when using OPNsense +IPv6, on TM side it freezes and I'm unable to reauthenticate. had to call TM to reset account
*
My problem is local though. TM's side still OK. Just that my devices all end up with more than 1 valid prefix, don't know which one to use and ipv6 connectivity dies.
rogue
post Aug 15 2022, 12:27 PM

Getting Started
**
Junior Member
75 posts

Joined: Jun 2006
QUOTE(soonwai @ Aug 10 2022, 05:42 PM)
My problem is local though. TM's side still OK. Just that my devices all end up with more than 1 valid prefix, don't know which one to use and ipv6 connectivity dies.
*
Thanks for the reply. Yes the RFC is for a workaround for ppl that familar with it. Yet you end up with a bunch of deprecated addresses in each host which shouldn't be there in the first place lol. On your router I think the 'secured' address is the most current one. On Windows, it will show up as 'preferred'.

With static prefix, you and the millions of Unifi/StreamyX users won't have this issue.

If you have many devices in your LAN address renumbering will become a nightmare with dynamic prefix. Same goes for VPN if you run one at home with IPv6.

I've highlighted this to TM and they will bring this up to their upper management for further discussion and reconsideration. Hopefully it goes through and they fix it for good.
rogue
post Aug 15 2022, 12:29 PM

Getting Started
**
Junior Member
75 posts

Joined: Jun 2006
QUOTE(soonwai @ Aug 10 2022, 02:39 AM)
What router are you using?
Asus RT-AX56U with Merlin firmware.
squall0833
post Aug 21 2022, 03:08 AM

Regular
******
Senior Member
1,444 posts

Joined: Oct 2006
From: Jupiter


QUOTE(rogue @ Aug 8 2022, 09:15 AM)
On Windows you can try in terminal this commands:

netsh int ipv6 sh addr | findstr 2001


If it show more than 2 IPv6 IP then your PC is still using old IPv6 address rather than new one.

Another command is: ping -6 www.google.com

see got reply or not.
*
just to update

it was duplicated default route problem to users who upgraded Router OS from 6.x to 7.x, made my ipv6 no internet access, add-default-route for dhcp client has to be disabled to make ipv6 internet access work again
(only if you updated from RouterOS from 6.x to 7.x

if you have updated to 7.x and did factory reset, then reconfigure from start, then you will not have this issue

https://forum.mikrotik.com/viewtopic.php?t=181444#p899119 <<-- here's the solution



I also did Reset Configuration after updated to version 7.x and reconfigure everything last month, since my previous configuration was started from really old version RouterOS since I got my hap ac2 laugh.gif

This post has been edited by squall0833: Aug 21 2022, 03:15 AM
soonwai
post Aug 21 2022, 03:16 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


QUOTE(squall0833 @ Aug 21 2022, 03:08 AM)
just to update

it was duplicated default route problem to users who upgraded Router OS from 6.x to 7.x, made my ipv6 no internet access, add-default-route for dhcp client has to be disabled to make ipv6 internet access work again
(only if you updated from RouterOS from 6.x to 7.x

if you have updated to 7.x and did factory reset, then reconfigure from start, then you will not have this issue

https://forum.mikrotik.com/viewtopic.php?t=181444#p899119  <<-- here's the solution
I also did Reset Configuration after updated to version 7.x and reconfigure everything last month, since my previous configuration was started from really old version RouterOS since  I got my hap ac2 laugh.gif
*
Glad yours is working. This problem was first reported here: https://forum.lowyat.net/index.php?showtopi...ost&p=104329817 (Mikrotik likes to troll us with minor changes. LOL)

I didn't encounter it since the first time I used ROS7 was with RB5009 which I reconfigured from start.

The problem that rogue is talking about is different. Affects all RouterOS (consumer routers so far I see are OK.) If you switch off/on your PPPoE to get a new IPv6 prefix, your devices will end up with 2 valid IPV6 addresses with old & new prefix then ipv6 gg. I think the oldest post on Mikrotik forum asking for a fix to this is from 2013. sweat.gif

This post has been edited by soonwai: Aug 21 2022, 03:17 PM
soonwai
post Aug 21 2022, 04:40 PM


*******
Senior Member
9,989 posts

Joined: Oct 2007
From: KL


QUOTE(rogue @ Aug 15 2022, 12:27 PM)
Thanks for the reply. Yes the RFC is for a workaround for ppl that familar with it. Yet you end up with a bunch of deprecated addresses in each host which shouldn't be there in the first place lol. On your router I think the 'secured' address is the most current one. On Windows, it will show up as 'preferred'.

With static prefix, you and the millions of Unifi/StreamyX users won't have this issue.

If you have many devices in your LAN address renumbering will become a nightmare with dynamic prefix. Same goes for VPN if you run one at home with IPv6.

I've highlighted this to TM and they will bring this up to their upper management for further discussion and reconsideration. Hopefully it goes through and they fix it for good.
*
The RFC is more for the ppl doing the router's firmware. (Here's looking at you, Mikrotik.) I think most users won't have this problem. I see even the lowly TPLink C1200 deprecates old ipv6 prefixes.

In any case, having lots of deprecated addresses is fine. As long as there's only one prefix which is valid. Example:

CODE
PS C:\> netsh interface ipv6 show addresses | findstr 2001
Temporary  Deprecated    1h47m32s         0s 2001:e68:5428:366f:1df4:9de0:99f0:e616
Public     Deprecated    1h47m32s         0s 2001:e68:5428:366f:bca5:11ce:8c78:28c4
Temporary  Deprecated    1h59m13s         0s 2001:e68:5428:36f7:1df4:9de0:99f0:e616
Public     Deprecated    1h59m13s         0s 2001:e68:5428:36f7:bca5:11ce:8c78:28c4
Temporary  Preferred   6d23h59m5s  23h58m56s 2001:e68:5428:37de:1df4:9de0:99f0:e616
Public     Preferred  29d23h59m13s 6d23h59m13s 2001:e68:5428:37de:bca5:11ce:8c78:28c4

This is OK.

CODE
PS C:\> netsh interface ipv6 show addresses | findstr 2001
Temporary  Deprecated    1h40m55s         0s 2001:e68:5428:366f:1df4:9de0:99f0:e616
Public     Deprecated    1h40m55s         0s 2001:e68:5428:366f:bca5:11ce:8c78:28c4
Temporary  Deprecated    1h52m36s         0s 2001:e68:5428:36f7:1df4:9de0:99f0:e616
Public     Deprecated    1h52m36s         0s 2001:e68:5428:36f7:bca5:11ce:8c78:28c4
Temporary  Preferred  6d23h52m28s  23h52m19s 2001:e68:5428:37de:1df4:9de0:99f0:e616
Public     Preferred  29d23h59m35s 6d23h59m35s 2001:e68:5428:37de:bca5:11ce:8c78:28c4
Temporary  Preferred  6d23h59m46s  23h59m36s 2001:e68:5428:381d:1df4:9de0:99f0:e616
Public     Preferred  29d23h59m46s 6d23h59m46s 2001:e68:5428:381d:bca5:11ce:8c78:28c4

This is not.
Moogle Stiltzkin
post Oct 22 2022, 11:08 AM

Look at all my stars!!
*******
Senior Member
4,009 posts

Joined: Jan 2003
QUOTE(papyrous @ Aug 10 2022, 12:39 PM)
I think this is why when using OPNsense +IPv6, on TM side it freezes and I'm unable to reauthenticate. had to call TM to reset account
*
same but mine was with pfsense. no solution yet afaik sad.gif using ipv4 for now which seems to work stable without having this freezing issue/making it impossible to reconnect unless u call tmnut to reset account each time (which is not practical considering how often this happens)


QUOTE
The problem that rogue is talking about is different. Affects all RouterOS (consumer routers so far I see are OK.) If you switch off/on your PPPoE to get a new IPv6 prefix, your devices will end up with 2 valid IPV6 addresses with old & new prefix then ipv6 gg. I think the oldest post on Mikrotik forum asking for a fix to this is from 2013. sweat.gif
any relation to what soonwai is talking about?


cauz based on my own experience, when using ipv6 using asus rt merlin (during setup, u can select the unifi ISP special setting and this works flawlessly for tmnut), that worked fine without issue. but why is it that when try setup for pfsense got issue? (yes there is more manual settings to tinker with, so maybe a setting was not compatible and it resulted in this weird bug)

This post has been edited by Moogle Stiltzkin: Oct 22 2022, 11:15 AM
ansonlos
post Oct 31 2022, 11:50 AM

New Member
*
Newbie
10 posts

Joined: Jul 2009


I have updated my post with screenshots of my latest IPv6 settings on pfSense CE 2.6.0. Hope it helps with those having IPv6 stability issues on pfSense.
Moogle Stiltzkin
post Oct 31 2022, 02:51 PM

Look at all my stars!!
*******
Senior Member
4,009 posts

Joined: Jan 2003
QUOTE(ansonlos @ Mar 30 2015, 11:48 AM)
After much try and error and research, I've managed to get pfSense to work with UniFi's IPv6 allocation. For a bit of a background, I'm running the latest release of pfSense i.e. 2.2.1 and also I got this to work with my office's UniFi which is on Biz 10.

I'd just like to share my settings here to benefit those who might want to get IPv6 to work for their pfSense box.

1. Under "System -> Advanced -> Networking", make sure "Allow IPv6" is checked. Then go to "Interfaces", click on "WAN". Under IPv6 Configuration Type, choose "DHCP6". MTU should be 1492.

2. Under DHCP6 client configuration section, put a tick mark on "Request a IPv6 prefix/information through the IPv4 connectivity link". In the drop down list for DHCPv6 Prefix Delegation size, choose "56". (I have no idea why this is the case, but the allocated subnet for both the PPPoE and LAN are actually 64. I've tried choosing 64 here, but it doesn't work. Maybe 56 is for a Biz account. If 56 doesn't work for you, try choosing 64 especially if you're on home UniFi account.)

Also, put a tick mark for "Send an IPv6 prefix hint to indicate the desired prefix size for delegation". Click on "Save".

3. Now, go to "Interfaces", click on "LAN". Under IPv6 Configuration Type, choose "Track Interface". Type 1492 for MTU.

4. Under Track IPv6 Interface section, ensure IPv6 Interface "WAN" is selected and as for IPv6 Prefix ID, just type 0 (zero) here.

5. Under Private networks section, ensure "Block Bogons networks" is unchecked. Then, click "Save".

6. Finally, I've read that IPv6 requires ICMP to work. So under Firewall -> Rules, I've also created a rule to allow ICMP IPv6 traffic for both WAN and LAN.

I'm not entirely certain what the security implications are with the above settings to the firewall, so please be forewarned.

With the above settings, I'm able to get IPv6 addresses for PPPoE and LAN interfaces for pfSense and also devices connected to the LAN. Hope this helps those who are using pfSense.

[Update: 31 October 2022]: A forumer (@Moogle Stiltzkin) asked if I have changed my IPv6 settings on pfSense, so I have now attached updated screenshots of my setup. Compared to my previous setup, I have changed slightly the MTU, MSS for both WAN and LAN, also disabled DHCPv6 server on pfSense (I don't have a need to manage the IPs given out in my network) and Router Advertisements set to 'Assisted'. This is running on pfSense CE version 2.6.0. I'm not certain if my setup would help with the latest issues that some of you are experiencing. But I've been running with this setup with no issues.

[attachmentid=11295309]
[attachmentid=11295313]
[attachmentid=11295315]
[attachmentid=11295317]
*
ty for the update notworthy.gif
https://forum.lowyat.net/index.php?showtopi...&#entry73677223



actually i compiled some sources of info in regards to ipv6 setup for tmnut which i posted here
https://forum.lowyat.net/index.php?showtopi...ost&p=105694021

in summary, they seem to lean on using slaac which is tmnuts implementation for ipv6.

one of the reasons being
QUOTE
Switch to Auto prefix delegation

Then use SLAAC+stateless for best compatibility


The reason why I suggest use SLAAC+stateless is because Android devices (incl chromebook) not compatible with DHCPv6

When possible, do not use Auto default settings because may cause possible compatibility problems



did you notice any issues with ipv6 for your android devices with your setup? hmm.gif also any reason for using DHCPv6?

QUOTE
also disabled DHCPv6 server on pfSense (I don't have a need to manage the IPs given out in my network) and Router Advertisements set to 'Assisted'.


this is the part i don't understand. so with ur settings as such. any issues with multiple other devices having ipv6 working? with this setup? hmm.gif

This post has been edited by Moogle Stiltzkin: Oct 31 2022, 02:59 PM
Moogle Stiltzkin
post Oct 31 2022, 03:02 PM

Look at all my stars!!
*******
Senior Member
4,009 posts

Joined: Jan 2003
Ok so i sort of found an answer here comparing slaac vs dhcpv6

QUOTE
SLAAC and DHCPv6
When deploying IPv6, one of the fundamental questions the network engineer needs to ask is: DHCPv6, or SLAAC? As the argument between these two has reached almost political dimensions, perhaps a quick look at the positive and negative attributes of each solution are. Originally, the idea was that IPv6 addresses would be created using stateless configuration (SLAAC). The network parts of the address would be obtained by listening for a Router Advertisement (RA), and the host part would be built using a local (presumably unique) physical (MAC) address. In this way, a host can be connected to the network, and come up and run, without any manual configuration. Of course, there is still the problem of DNS—how should a host discover which server it should contact to resolve domain names? To resolve this part, the DHCPv6 protocol would be used. So in IPv6 configuration, as initially conceived, the information obtained from RA would be combined with DNS information from DHCPv6 to fully configure an IPv6 host when it is attached to the network.

There are several problems with this scheme, as you might expect. The most obvious is that most network operators do not want to deploy two protocols to solve a single problem—configuring IPv6 hosts. What might not be so obvious, however, is that many network operators care a great deal about whether hosts are configured statelessly or through a protocol like DHCPv6.

Why would an operator want stateful configuration? Primarily because they want to control which devices can receive an IPv6 address, and hence communicate with other devices on the network. When using DHCPv6, just like DHCP with IPv4, the operator can set parameters around what kinds of devices, or perhaps even which specific devices, will be able to receive an IPv6 address. Further, the DHCPv6 server can be tied to the DNS server, so each host which connects to the network can also be given a DNS entry. Proper DNS entries are often a requirement for many applications. There are Dynamic DNS (DDNS) implementations that can solve this problem, but they are not often considered secure enough for a controlled network environment.


Why would an operator want stateless autoconfiguration? First, because they want any random user who can successfully connect to the network to be able to get an IPv6 address without any other configuration, and without the provider needing run any sort of special protocol or configuration to allow this. In fact, DHCPv6, in some environments, at least, can be seen as an attack surface, or rather a hole through which attacks can potentially be driven. Second, stateful configuration also has a failover problem; if the DHCPv6 server fails, then hosts can no longer obtain an IPv6 address, and the network no longer works. This could be, to say the least, problematic for service providers. Finally, SLAAC has a set of privacy extensions outlined in RFC4941 that (theoretically) prevent a host from being tracked based on its IPv6 address over time. This is a very attractive property for edge facing service providers.

The original set of drafts, however, only provided for DNS information to be carried through DHCPv6, and had no failover mechanism for DHCPv6. These two things, together, made it impossible to use just one of these two options. More recent work, however, has remedied both parts of this problem, making either option able to stand on its own. RFC6106, which is a bit older (2010), provides for DNS advertisement in the RA protocol. This allows an operator who would like to run everything completely stateless to do so, including hosts learning which DNS resolver to use. On the other side, RFC8156, which was just ratified in July of 2017, allows a pair of DHCPv6 servers to act as a failover pair. While this is more complex than simple DHCPv6, it does solve the problem of a host failing to operate correctly simply because the DHCPv6 server has failed.

Which of the two is now the best choice? If you do not have any requirement to restrict the hosts that can attach to the network using IPv6, then SLAAC, combined with DNS advertisement in the RA, and possibly with DDNS (if needed), would be the right choice. However, if the environment must be more secure, then DHCPv6 is likely to be the better solution.

A word of warning, though—using DHCPv6 to ensure each host received an IPv6 address that can be used anyplace in the network, and then stretching layer 2 to allow any host to roam “anywhere,” is really just not a good idea. I have worked on networks where this kind of thing has been taken to a global scale. It might seem cute at first, but this kind of solution will ultimately become a monster when it grows up.


sauce
https://rule11.tech/slaac-and-dhcpv6/


i also found this


QUOTE
QUOTE
pfcode Jun 3, 2016,

HI,

I'm a newbie to IPv6. I have setup IPv6 on my pfSense WAN and LAN interface to be working without issue with RA router mode set to Unmanaged. DHCPv6 server on LAN is disabled. However, once I changed the RA router mode to Managed, after running for a period of time (~24 hours or less), IPv6 suddenly stopped working, e.g. using ipv6-test.com, it reported that IPv6 isn't supported anymore while my WAN and LAN still got the ipv6 address, can't reach any ipv6 website until RA router mode set back to Unmanaged.

And idea what I'm dong wrong?  Thanks.



MikeV7896 Jun 3, 2016,

Unmanaged = SLAAC (StateLess Address Automatic Configuration)
Managed = DHCPv6
Assisted = SLAAC preferred, DHCPv6 available

If you set your RA to managed, but don't have a DHCPv6 server on your network (either from pfSense or another device on your network), then your devices won't get an IPv6 address.

Also, it should be noted that Android devices only use SLAAC for IPv6 addresses, so you need to either be in Unmanaged or Assisted mode. And Windows will only get an IPv6 address via SLAAC; it won't use RDNSS provided DNS servers. DHCPv6 is required for DNS servers under Windows.

https://forum.netgate.com/topic/100931/ra-r...-vs-unmanaged/2



QUOTE
IPv6 Router Advertisements
Automatic address assignment for IPv6 works quite a bit differently than IPv4. Even so, most of the DHCP options are similar, but there are notable differences in behavior in how things are assigned and also how items like the gateway are handed off to clients. Unless otherwise noted, options of the same name work the same for DHCP and DHCPv6. DHCPv6 and Router Advertisements (RA) are configured under Services > DHCPv6 Server/RA. Under that page there are two tabs: One for DHCPv6 Server and one for Router Advertisements.

DHCPv6 vs Stateless Address Autoconfiguration
There are a few clients that do not have support for DHCPv6. Some clients only support Stateless Address Autoconfiguration, or SLAAC for short. There is no way for the firewall to have direct knowledge of a list of hosts on the segment using SLAAC addresses, so for some environments it is much less desirable because of the lack of control and reporting of addresses. Consider address tracking and operating system support requirements when deciding how to allocate IPv6 addresses to clients on the network.

Many operating systems such as Windows, macOS, FreeBSD, Linux, and their cousins contain DHCPv6 clients that are capable of obtaining addresses as expected via DHCPv6. Some lightweight or mobile operating systems such as Android do not contain a DHCPv6 client and will only function on a local segment with IPv6 using SLAAC.

Router Advertisements (Or: “Where is the DHCPv6 gateway option?”)
In IPv6, hosts locate a router through Router Advertisement (RA) messages sent from routers instead of by DHCP; IPv6-enabled routers that support dynamic address assignment are expected to announce themselves on the network to all clients. As such, DHCPv6 does not include any gateway information. So clients can obtain their addresses from DHCPv6 or SLAAC, but unless they are statically configured, they always locate their next hop by using RA packets sent from available gateways.


https://docs.netgate.com/pfsense/en/latest/...cp/ipv6-ra.html


hmm.gif

This post has been edited by Moogle Stiltzkin: Oct 31 2022, 06:14 PM
papyrous
post Nov 1 2022, 08:22 AM

Getting Started
**
Junior Member
196 posts

Joined: May 2017
[quote=Moogle Stiltzkin,Oct 31 2022, 03:02 PM]
Ok so i sort of found an answer here comparing slaac vs dhcpv6
sauce
https://rule11.tech/slaac-and-dhcpv6/
i also found this
MikeV7896 Jun 3, 2016,

Unmanaged = SLAAC (StateLess Address Automatic Configuration)
Managed = DHCPv6
Assisted = SLAAC preferred, DHCPv6 available

If you set your RA to managed, but don't have a DHCPv6 server on your network (either from pfSense or another device on your network), then your devices won't get an IPv6 address.

Also, it should be noted that Android devices only use SLAAC for IPv6 addresses, so you need to either be in Unmanaged or Assisted mode. And Windows will only get an IPv6 address via SLAAC; it won't use RDNSS provided DNS servers. DHCPv6 is required for DNS servers under Windows.[/quote]
https://forum.netgate.com/topic/100931/ra-r...-vs-unmanaged/2
https://docs.netgate.com/pfsense/en/latest/...cp/ipv6-ra.html
hmm.gif
*

[/quote]

test and see if your connection freezes up 😬
Moogle Stiltzkin
post Nov 1 2022, 11:39 AM

Look at all my stars!!
*******
Senior Member
4,009 posts

Joined: Jan 2003
QUOTE(papyrous @ Nov 1 2022, 08:22 AM)
test and see if your connection freezes up 😬
*
no time sadly sad.gif

bookmarked for later when i get the opportunity to do so.





fyi another interesting read for ipv6, in this instance it's mostly why we got slaac and dhcpv6, and why dhcpv6 is not supported on android (hint: it's by design rolleyes.gif )

QUOTE
When IPv6 was developed, initially with RFC 2460, there was this idea that:

QUOTE
Forget all you've learned about IPv4, and design IPv6 from the ground up


This sounds good in theory but ignores completely the lessons we’ve learned from IPv4. Not to mention, there is no such thing as greenfield. Almost all networks, are existing ones, you don’t get to start all over again. There was this very shiny view of end to end connectivity, /64 everywhere and only SLAAC allowed. I get all of that, it’s like saying “I wish there were no wars”, but unfortunately, people are stupid, so there will be wars. There’s this naivety, similar to a teenager that is growing up. You want to change the world, then you realize the world is run by money, mega corps, and dirty politicians.

This whole mess led to the holy wars of SLAAC + RDNSS vs DHCPv6. Please note that SLAAC didn’t even initially have the option of setting a DNS server. Basically, that meant you only had a partial implementation. It’s pretty useful to have a DNS server… Initially, Microsoft operating systems did support SLAAC but not RDNSS, Android did not want to support DHCPv6. That meant that you couldn’t support these two operating systems on the same subnet.

Much to my surprise, Android still has a broken IPv6 implementation in 2020. By design. They are not going to fix it. There are a couple of valid arguments from Google and Lorenzo Colitti, but they are pretty weak. The irony of it all though is that people are asking for it but Google is not willing to implement it, because they think they know better than their users. They will happily spy on you, serve you ads, and sell your data, but allowing you to run DHCPv6 would be doing you a disservice.

There’s no doubt that SLAAC works, and that it can work in fairly large environments, still, DHCPv6 is in my mind the better option. The fallacy here is that many IPv6 evangelists take this ivory tower view of ignoring business requirements. There are business requirements, and compliance requirements, where you need to track what host had what IP at what time. Also, enterprises do stupid things. That’s just a fact. Google is not the one that should decide what you get to do.

You could, of course, run both SLAAC and DHCPv6 simultaneously, but why? If you read the Google thread above, you will see that many people have wasted a lot of time, and have very valid business reasons, for why they want DHCPv6 implemented.

-Ability to assign suffix such as megacorp.com
-Register hosts in DNS
-Keep track of what host had what IP at a certain time
-Image deployment via PXE (think DHCP options)
-Other DHCP options used for example for WLC
-Ability to easily swap DNS server in entire network (think Umbrella deployment)
-Dot1X deployment where you want RADIUS server to see DHCP request
-Need to support IP phones

I’m sure there are some workarounds for some of the use cases but my point is: Enterprises need DHCPv6, Google, or anyone else for that matter, should not dictate what options you have at your hand. So, sadly, even in 2020, Android still has a broken IPv6 implementation.
https://lostintransit.se/2020/05/22/its-202...s-still-broken/

This post has been edited by Moogle Stiltzkin: Nov 3 2022, 08:43 AM

69 Pages « < 66 67 68 69 >Top
 

Change to:
| Lo-Fi Version
0.0190sec    0.32    6 queries    GZIP Disabled
Time is now: 28th March 2024 - 08:51 PM