• Re: RPi associating two IPs with its one and only wifi interface

    From Anssi Saari@anssi.saari@usenet.mail.kapsi.fi to comp.sys.raspberry-pi on Wed Jan 14 19:49:29 2026
    From Newsgroup: comp.sys.raspberry-pi

    Pancho <Pancho.Jones@protonmail.com> writes:

    On 12/30/25 20:00, David Higton wrote:
    In message <10iv40e$1e1ba$1@dont-email.me>
    Pancho <Pancho.Jones@protonmail.com> wrote:

    IPv6 seems like a world of pain.
    In my experience it just works.


    I'm surprised. Accepting that you do not do some of the things I do,
    like policy routing rules based upon a host computer IP...

    I actually do that. I route my IPTV boxes out via an alternate interface
    due to some stupid contractual issues. So all I did was add routing
    rules with ip -6 rule add from $addr table Magic and all the Magic table
    has is a defaultroute out via the other interface. Same as IPv4. But
    maybe your policy routing is something different?

    For sure this would be a problem if the IPv6 addresses were changing all
    the time but they haven't.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From John R Walliker@jrwalliker@gmail.com to comp.sys.raspberry-pi on Wed Jan 14 17:57:35 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 14/01/2026 17:49, Anssi Saari wrote:
    Pancho <Pancho.Jones@protonmail.com> writes:

    On 12/30/25 20:00, David Higton wrote:
    In message <10iv40e$1e1ba$1@dont-email.me>
    Pancho <Pancho.Jones@protonmail.com> wrote:

    IPv6 seems like a world of pain.
    In my experience it just works.


    I'm surprised. Accepting that you do not do some of the things I do,
    like policy routing rules based upon a host computer IP...

    I actually do that. I route my IPTV boxes out via an alternate interface
    due to some stupid contractual issues. So all I did was add routing
    rules with ip -6 rule add from $addr table Magic and all the Magic table
    has is a defaultroute out via the other interface. Same as IPv4. But
    maybe your policy routing is something different?

    For sure this would be a problem if the IPv6 addresses were changing all
    the time but they haven't.

    Some routers will let you use the source mac address in routing rules
    which nicely overcomes the problem with varying IPv6 addresses.

    John

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.sys.raspberry-pi on Wed Jan 14 21:13:10 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Wed, 14 Jan 2026 17:57:35 +0000, John R Walliker wrote:

    Some routers will let you use the source mac address in routing rules
    which nicely overcomes the problem with varying IPv6 addresses.

    That could also be handled with a VLAN.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Pancho@Pancho.Jones@protonmail.com to comp.sys.raspberry-pi on Thu Jan 15 01:17:23 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 1/14/26 17:49, Anssi Saari wrote:
    Pancho <Pancho.Jones@protonmail.com> writes:

    On 12/30/25 20:00, David Higton wrote:
    In message <10iv40e$1e1ba$1@dont-email.me>
    Pancho <Pancho.Jones@protonmail.com> wrote:

    IPv6 seems like a world of pain.
    In my experience it just works.


    I'm surprised. Accepting that you do not do some of the things I do,
    like policy routing rules based upon a host computer IP...

    I actually do that. I route my IPTV boxes out via an alternate interface
    due to some stupid contractual issues. So all I did was add routing
    rules with ip -6 rule add from $addr table Magic and all the Magic table
    has is a defaultroute out via the other interface. Same as IPv4. But
    maybe your policy routing is something different?

    For sure this would be a problem if the IPv6 addresses were changing all
    the time but they haven't.

    Yes, that is the kind of thing but.. there was a bug in the pfSense
    firewall rules. pfSense is a freeBSD firewall/router.

    The bug was that pfSense allows you to predicate firewall rules on an
    "alias", which can be a list of Full Qualified Domain Names. Something
    like if the source host FQDN is in this alias, route over this gateway
    to the WAN. The FQDNs resolve to an IPv4 and IPv6 addresses and then
    checks the IP value in a packet and routes accordingly. This works fine
    for a WAN FQDN, like e.g. www.google.com, it includes both IPv4 and IPv6 addresses. However, for hosts on my LAN, e.g. myhost.home.arpa if there
    was an IPv4 address it gave only IPv4 and ignored the IPv6 one. I can
    work around it by creating an extra FQDN for IPv6 e.g.
    myhost.ipv6.home.arpa, but it takes time to understand why things don't
    work.

    Then there is the issue of the extra random IPv6 addresses it was
    creating, which aren't included in DNS, in the FQDN at all.

    That is the second IPv6 bug in pfSense, after the MTU/packet
    fragmentation bug I mentioned earlier, which I'm still trying to get to
    the bottom of.

    IPv6 seems surprisingly hard. Surprising if a significant proportion of
    people are using it.

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.sys.raspberry-pi on Thu Jan 15 05:10:21 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Thu, 15 Jan 2026 01:17:23 +0000, Pancho wrote:

    That is the second IPv6 bug in pfSense, after the MTU/packet
    fragmentation bug I mentioned earlier, which I'm still trying to get
    to the bottom of.

    IPv6 seems surprisingly hard.

    pfSense is built on FreeBSD and uses that network stack instead of
    Linux, isn’t it?
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Pancho@Pancho.Jones@protonmail.com to comp.sys.raspberry-pi on Thu Jan 15 13:33:44 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 1/14/26 21:13, Lawrence D’Oliveiro wrote:
    On Wed, 14 Jan 2026 17:57:35 +0000, John R Walliker wrote:

    Some routers will let you use the source mac address in routing rules
    which nicely overcomes the problem with varying IPv6 addresses.

    That could also be handled with a VLAN.

    If your network hardware handles VLAN tags.

    I have numerous switches (unmanaged) and WiFi access points, none of the
    ones I tested were compatible with VLAN tags (i.e. The network device
    stripped the VLAN tag off packets rather than dumbly passed the packet
    through with VLAN tag intact).

    VLANs also aren't ideal as you may wish to implement policy routing on a protocol (e.g. VoIP) or WAN destination, not just upon a LAN host.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Pancho@Pancho.Jones@protonmail.com to comp.sys.raspberry-pi on Thu Jan 15 13:34:36 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 1/15/26 05:10, Lawrence D’Oliveiro wrote:
    On Thu, 15 Jan 2026 01:17:23 +0000, Pancho wrote:

    That is the second IPv6 bug in pfSense, after the MTU/packet
    fragmentation bug I mentioned earlier, which I'm still trying to get
    to the bottom of.

    IPv6 seems surprisingly hard.

    pfSense is built on FreeBSD and uses that network stack instead of
    Linux, isn’t it?

    Yeah, I wasn't pointing out the bugs as directly relevant to Linux. I
    was mentioning them to support my suspicions about a general lack of
    maturity of IPv6 in products.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From John R Walliker@jrwalliker@gmail.com to comp.sys.raspberry-pi on Thu Jan 15 13:53:06 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 15/01/2026 13:33, Pancho wrote:
    On 1/14/26 21:13, Lawrence D’Oliveiro wrote:
    On Wed, 14 Jan 2026 17:57:35 +0000, John R Walliker wrote:

    Some routers will let you use the source mac address in routing rules
    which nicely overcomes the problem with varying IPv6 addresses.

    That could also be handled with a VLAN.

    If your network hardware handles VLAN tags.

    I have numerous switches (unmanaged) and WiFi access points, none of the ones I tested were compatible with VLAN tags (i.e. The network device stripped the VLAN tag off packets rather than dumbly passed the packet through with VLAN tag intact).

    VLANs also aren't ideal as you may wish to implement policy routing on a protocol (e.g. VoIP) or WAN destination, not just upon a LAN host.

    There does seem to be a lot of variation in how different switches
    behave. The HP 1820 and 1810 series web managed switches along with
    a variety of Netgear web managed switches all propagate vlan tags in
    their default state.
    They can can be configured to detag vlans on specific ports if
    necessary.
    I have some Allied Telesis managed switches that block vlans by default.

    John

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.sys.raspberry-pi on Fri Jan 16 04:59:34 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Thu, 15 Jan 2026 13:33:44 +0000, Pancho wrote:

    On 1/14/26 21:13, Lawrence D’Oliveiro wrote:

    On Wed, 14 Jan 2026 17:57:35 +0000, John R Walliker wrote:

    Some routers will let you use the source mac address in routing
    rules which nicely overcomes the problem with varying IPv6
    addresses.

    That could also be handled with a VLAN.

    If your network hardware handles VLAN tags.

    I’m sure this could be done using a Linux box as your network
    switch/router.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Anssi Saari@anssi.saari@usenet.mail.kapsi.fi to comp.sys.raspberry-pi on Sun Jan 18 01:08:05 2026
    From Newsgroup: comp.sys.raspberry-pi

    John R Walliker <jrwalliker@gmail.com> writes:

    Some routers will let you use the source mac address in routing rules
    which nicely overcomes the problem with varying IPv6 addresses.

    Indeed. I wish I could do that easily in Linux but it seems a bit of a
    chore. But looks like nftables packet marking and policy based routing
    together can accomplish it. So all I need is the marking part and a
    little tweaking of my policy routing to use those marks instead of
    source IPv6 addresses.

    Something to do later, I'm working on something else right now.

    --- Synchronet 3.21b-Linux NewsLink 1.2