assinging private ipv6 addresses in LAN dhcpv6
I do have 2 wan connections and my ISP's provide ipv6.
I configured my WAN's and get can the ipv6's on my wan interfaces.
I'm wondering why we can't use private IP addresses within FD00::/7
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Bonesoul
Thanks for posting in our business forum.
Will send emails to the team as feedback. Thanks a lot for bringing this up to us.
- Copy Link
- Report Inappropriate Content
thanks, waiting for the the news.
From my educated guess, assigning private ipv6's within the network would require a NAT6 implementation, which seems to missing atm.
- Copy Link
- Report Inappropriate Content
An great example why we need to be able to use fd00/7 addresses with NAT6 support (private ipv6 addresses - www.wikiwand. com/en/Unique_local_address) and only deliver them in home / business networks to local nodes:
www.reddit. com/r/homelab/comments/161axo7/just_found_out_all_ipv6_devices_in_my_home/
Without fd00/7 addresses and assigning public ipv6 addresses, your network is basically vulnerable to external access without proper ipv6 firewall configuration (which i wonder if with current omada ACL rules possible for ipv6 traffic?)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
also looking for an update on this.
- Copy Link
- Report Inappropriate Content
I'm encountering same problem recently after bought a Wi-Fi 7 router(Archer BE550), the short answer from my aspect is:
TP-Link just does not support NAT6(or the condition to build a private IPv6 LAN) in their consumer grade product
To avoid port scanner from public internet(which already observed from my machine's log), I want to change my IPv6 setup from pass through to DHCPv6 since a single public address on my WAN port is enough for home network usage, but i found no matter what kind of private local IPv6 address I've try, It's always prompted for Invalid address.
So if you want to enable DHCPv6 in a TP-Link router, you must use an address block from 2000::/3, e.g. 2001:1111:2222:3333::/64, otherwise, you will get an invalid address error.
Even if you pick an address block from 2000::/3 and set it into the DHCPv6, your IPv6 still will not work, because the TP-Link router does not have NAT6 capability to translate between IPv6 WAN and LAN, I have made countless search and query through internet and GPTs, and read the whole user manual and data sheet on TP official site about my router, they only mentioned the support of NAT(yes, every Wi-Fi router on market should support NAT4), not NAT6
By now, from my view, if you cannot set a firewall on modem(if modem are responsible for PPPoE), the only choice if you pick a TP router, is use bridge mode(pass through) if you still want reach global IPv6 network, or just disable IPv6 entirely on your network.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 816
Replies: 8
Voters 0
No one has voted for it yet.