Thread Info
  • State Not Answered
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 16018 views
  • Users 0 members are here
Options
Suggested

IPv6 DHCP

Andrew Titmus

Hello, first attempt so please kindly let me know if this is not the correct place.

 

Background

I am running UTM 9.411-3 in a home environment virtualised on Proxmox. My previous setup had multiple virtual network interfaces, one for each VLAN (and subnet) but I currently have two interfaces, one on the VLAN connected (through switches and a trunk) to the VDSL modem and the other connects to a layer 3 switch. Thereafter, the switch handles the inter-VLAN routing and has the UTM set as the default gateway.

 

First question

My ISP is IPv4 but I have a Hurricane Electric /48 IPv6 connection. If I set the internal interface on the UTM to be dual stacked (with any IPv6 address, but essentially either /64 routed or a /64 subnet from my routed /48 range) then the interface is shown as [down] and DHCP does not run. Occasionally it can be persuaded to be [up] with some rebooting and toggling on and off but it is a nuisance. Either up or down, the IPv6 routing works and all machines on the subnets can connect dual-stacked but without the benefit of IPv6. Is this correct? The workaround appears to be to create two interfaces (one v4 and one v6).

 

Second question

My other problem is with IPv6 DHCP relay. I would like the UTM to serve addresses for v4 and v6 via DHCP. V4, correctly, requires the range to be within the subnet of the adapter unless the relay option is selected. IPv6 appears to never permit a DHCP range to be set that does not match the adapter interface, irrespective of the relay setting. Is there a workaround for this or am I doing something wrong? I have the switch set to relay on v4 and v6 but my only solution to date has been to set the interface to a /48 subnet (so my DHCP ranges are within the scope of the adapter) and insert routing rules for the individual subnets.

 

Please accept my apologies if I am being an idiot, I do not work in IT, it is merely a hobby for me.

 

Many thanks,

 

Andrew

Parents
  • 0

    Hi Andrew,

    this is the 9.5 Beta Forum, so you might want to have your question moved by a Mod to a fitting 9.4 Subforum.

    I had a tunnelbroker for testing a while ago, if you take a /64 from the delegated /48 and assign that for LAN for example it should work, no idea why the interface would show as down, maybe something else is not properly configured. 

    Please post some screenshots (maybe anonymizer your prefix) and lets have a look.

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben

    Thank you for the incredibly quick reply and sorry for putting it in the wrong place. I was so busy searching other posts to make sure I wasn't duplicating a question, I hadn't noticed that I had moved forums. I should be grateful for something with the appropriate authority kindly moving this if possible.

     

    I will try the 9.5 beta to see if it makes any difference.

     

    As for the tunnelbroker, I have tried an address in a /64 subnet from the delegated /48 but I cannot then use the DHCP for IPv6 as the range does not sit in the /64 subnet - I had to use an address in the same range the relayed and routed VLANs.

     

    The following is in respect of question 2. I cannot get an image showing the interface as down at the moment, I have just created new interfaces so it is likely to work for a few reboots until playing up again.

     

    Andrew

  • 0 in reply to Andrew Titmus

    Andre: the DHCP range has to be in the same /64 as the IPv6 Adress of the Interface

     

    if you want some help, PM me with some telegram or skype and i can have a look with you (still some time on my hands today & tomorrow)

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben

    Ben, thank you that is very kind and I shall send a message.

     

    The devices (the addresses of which are to allocated by DHCP) are not in the same subnet as the UTM though, they are routed through the layer 3 switch and I am trying to have the UTM serve addresses through DHCP to the layer 3 switch which is set up as a DHCP agent, exactly the same way as it does already for IPv4. Can it not work like that with v6?

     

    The current setup is (if I can describe it textually with '-' being a network link)

     

    {internet} - UTM (172.27.100.1/24 & 2001:x:x:100::1/64) -[VLAN1]- layer 3 switch (172.27.100.254/24 & 2001:x:x:100::254/64) - multiple VLANs e.g. [2-10] each on different subnets.

    With IPv4, the switch relays the DHCP through to the UTM which assigns addresses based on the originating IP/VLAN. I was hoping that the IPv6 DHCP relay would work similarly.

     

    Andrew

Reply
  • 0 in reply to Ben

    Ben, thank you that is very kind and I shall send a message.

     

    The devices (the addresses of which are to allocated by DHCP) are not in the same subnet as the UTM though, they are routed through the layer 3 switch and I am trying to have the UTM serve addresses through DHCP to the layer 3 switch which is set up as a DHCP agent, exactly the same way as it does already for IPv4. Can it not work like that with v6?

     

    The current setup is (if I can describe it textually with '-' being a network link)

     

    {internet} - UTM (172.27.100.1/24 & 2001:x:x:100::1/64) -[VLAN1]- layer 3 switch (172.27.100.254/24 & 2001:x:x:100::254/64) - multiple VLANs e.g. [2-10] each on different subnets.

    With IPv4, the switch relays the DHCP through to the UTM which assigns addresses based on the originating IP/VLAN. I was hoping that the IPv6 DHCP relay would work similarly.

     

    Andrew

Children
  • 0 in reply to Andrew Titmus

    Hi,

    Have you turned on the advertisment function in the IPv6 tab? You need to go to the advanced tab.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thank you, I didn't but I have tried prefix advertisements as per the attached screenshot but it makes no difference for the DHCP operation. I have no DHCP clients on the same subnet as the UTM interface. The 'stateful' advertisement comes from the layer 3 switch/DHCP relay.

     

    Ben very kindly connected into my network last night and had a look but was unable to find any specific config problems. The issue seems to be the 'Relay mode' check box not operating the same was as for IPv4. I just don't know if this is the expected behaviour or if I am doing something silly.

     

    I suppose few people use the UTM as a DHCPv6 server through a relay as the size of network requiring DHCPv6 is likely to use a dedicated DHCP/DNS server.

    Andrew

Unfiltered HTML