On 2015-06-26, Christian Weisgerber <na...@mips.inka.de> wrote: > On 2015-06-26, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > >> I've recently changed my ISP and they have native IPv6. My customer >> premises equipment, which is a GPON, supports both stateless as DHCPv6 >> on it's LAN interface. I want to put a OpenBSD firewall between this CPE >> and my internal network. > > So you have TWO networks. One between the CPE and your OpenBSD > firewall, and one containing the firewall and your internal machines. > >> I'm using OpenBSD 5.7 stable. My CPE receive a >> /64 prefix delegation from my ISP. > > So you get ONE network address. > > You can't use a single network address for two networks. This has > nothing to do with IPv6. It's the same with IPv4.
Actually that's fine, a point-to-point interface can be unnumbered, or in the case of IPv6, it can just have a link-local address. So PPP can *only* configure a link-local address. To get a globally routable address you must use another method, either SLAAC, DHCPv6 PD, or static configuration. SLAAC would only give you an address on a /64 for use on the PPP interface itself. DHCPv6 PD would give you a /64 or (if allowed by the ISP) a larger prefix to assign to interfaces as you choose. Normally you would assign this to "internal" interface/s, but assuming the ISP allows more than a /64, you *can* apply part of that delegation to the PPP interface if you would like it to have a globally routable address.
