Hi Peter, You have many options, here are 5 in no particular order.
Option 1) Since you have the AstLinux firewall disabled, you need to create a short startup script, create the file /mnt/kd/rc.elocal ... -- /mnt/kd/rc.elocal -- #!/bin/sh . /etc/rc.conf echo "[rc.elocal] Enabling autoconf SLAAC on $EXTIF" sysctl -w net/ipv6/conf/$EXTIF/accept_ra=2 >/dev/null sysctl -w net/ipv6/conf/$EXTIF/autoconf=1 >/dev/null exit 0 -- Then make it executable ... -- chmod 755 /mnt/kd/rc.elocal -- Manually running /mnt/kd/rc.elocal or a reboot will enable the sysctl settings. Note that it can take awhile before the RA's are received. Option 2) If you enabled the AstLinux firewall (with a single interface would need to allow TCP 80,443,22 and such to continue to manage it) then you could add a firewall related config variable IP_FORWARDING=0 ... -- add to /mnt/kd/rc.conf.d/user.conf -- IP_FORWARDING=0 -- This only works if you are using one interface, no AstLinux OpenVPN, etc. . Option 3) If you have static IPv6 prefixes from your ISP (not typical except for Business accounts) you could set static addresses ... Network tab -> External Interface: -> Connection Type: [ Static IP ] and define Static IPv4 and IPv6 addresses Note: if IPv6 Gateway: is left empty it use a Router Advertisement (RA) to set the default IPv6 route. A /64 prefix gives you a lot of addresses to pick a unique non-SLACC static IPv6 for your AstLinux box. Option 4) If you have dynamic IPv6 prefixes from your ISP (typical) you could set static ULA addresses (fdnn:... addresses) with pfSense doing Network Prefix Translation (NPTv6) at the edge. Same configuration as with "Option 3" but using a ULA instead of a GUA. ULA's have the advantage they are always static to your internal network, and can be mapped to GUA's at the router's edge. While this documentation applies to AstLinux as the router, the terminology and references may be helpful: IPv6 ULA / NPTv6 Configuration https://doc.astlinux-project.org/userdoc:tt_ipv6_ula_nptv6_config Option 5) If your pfSense configuration supports DHCPv6 server, you could enable DHCPv6 client on your external interface. Network tab -> External Interface: -> Connection Type: [ Static IPv4/DHCPv6 ] and define under External DHCPv6 Client Settings: DHCPv6 Client Address: [ enabled ] DHCPv6 Prefix Delegation: [ disabled ] Reboot to apply any changes. Summary) The simplest is probably "Option 1" to answer your question, given your current configuration. Personally I'm a big fan of using ULA's "Option 4" on my internal network. Use AstLinux's "unique-local-ipv6" command from the CLI, generate one you like, write it down and use it for all your internal IPv6, forever. Carve up the /48 into /64's of your choosing. One drawback is it requires manual documentation keeping track of ULA's and ULA prefixes you use. On the plus side, ULA's are simple, and if/when the GUA prefix changes your internal ULA IPv6 will not miss a beat. Hope this was more helpful than confusing. :-) Understanding these options will help you learn IPv6. Lonnie On Sep 2, 2017, at 6:23 AM, Dr. Peter Voigt <pvo...@uos.de> wrote: > My AstLinux is installed on an APU1D4 behind a pfSense machine, e.g. the > AstLinux firewall is disabled and the only AstLinux interface I am > using is "external interface on eth0". AstLinux is working now for > about two years without any issues. > > I have recently discovered that my ISP provides real dual stack > IPv4/IPv6 connectivity. Therefore I have started to play with IPv6 to > improve my knowledge. I changed the pfSense configuration to obtain an > IPv6 address besides the IPv4 one. Furthermore, I am using stateless > autoconfiguration (SLAAC) to provide IPv6 global addresses to my > various devices in my different wired and wireless home networks. This > works fine with all devices tested so far. > > No I would like to obtain a global IPv6 address on the external > interface of AstLinux. I tested various configurations on the page > "Network Configuration Settings" and subsections "External Interface" > and "External DHCPv6 Client Settings" of the WebGUI without success so > far. All I could achive is a link-local address for the external > interface but I would like to obtain a global IPv6 address from pfSense. > > I appreciate any comments on this. As I have just recently started to > learn IPv6, I may even suffer from a basic misunderstanding. > > Thanks in advance, > Peter ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
