I would like to provide IPv6 ULA addresses for several services to internal clients (e.g. IPv6 DNS Server). Unfortunetely my ISP changes my IPv6 prefix on a regular basis, thus I cannot use public GUA addresses to hand out to the clients. I decided to use pfSense NPTv6 feature to allow mapping between ULA and GUA addresses. pfSense is currently unable to adjust NPTv6 mappings to handle dynamic prefixes:
The script uses a 3rd party pfSense API to obtain configured NPTv6 destination prefixes. It compares this prefix with the prefix of a system's interface IPv6 address. In case they differ it updates the NPT destination prefix. The description of the NTPv6 entry defines the interface name.
I've tested this with:
- pfSense 2.5.0
- fauxAPI 1.4
- Multiple NPT mapping
- Multiple system "Tracking" interface
- /64 Prefix Size
Please make sure to have following packages installed:
- git (at least for the setup)
- jq
- bash
- awk / head / cut
- cron to let the script run regularly
- I dediced to use FauxAPI to have easy access to pfSense configuration. I've installed it using this instructions: https://github.com/ndejong/pfsense_fauxapi/blob/master/README.md
- Install the bash client library into a convienent place (I've used /root/bin):
mkdir -p /root/bin && cd /root/bin && git clone https://github.com/ndejong/pfsense_fauxapi_client_bash.git
mkdir -p /root/bin && cd /root/bin && curl https://raw.githubusercontent.com/gewuerzgurke84/pfSense-dynamicNptAddress/main/updateNptDestPrefix.sh > updateNptDestPrefix.sh && chmod +x updateNptDestPrefix.sh
- Set fauxapi apiKey+apiSecret+path to fauxapi client script
- Setup a cron to regulary check if NPT and system interface prefix matches