Use IPv6 ULA addresses for Pi-hole

DL6ER · March 10, 2017, 3:49pm

Many users have reported that frequently changing IPv6 addresses cause page load to be slow or even prevent from working at all. The issues can be fixed by updating the IPv6 address in /etc/pihole/setupVars.conf followed by a run of pihole -g.

However, this solution turns out to be very inconvenient since it might be necessary to change the IPv6 address on a regular basis (maybe even multiple times a day). An alternative approach we are currently looking into is the usage of ULA addresses which should not be changing, even though the upstream GUA address may change.

Usually, there exists a setting in the router for enabling ULA addresses in the local network. Examples of how the corresponding settings look like on some routers are posted in this thread. As before, copy the address and replace it in your /etc/pihole/setupVars.conf

Hint: The following code snipet might come in handy

IPV6_ADDRESS=$(ip -6 a | grep '\<fc\|\<fd' | awk -F " " '{gsub("/[0-9]*",""); print $2}')
echo ${IPV6_ADDRESS}
sed -i.setupVars.bak "/IPV6_ADDRESS/d;" "/etc/pihole/setupVars.conf"
echo "IPV6_ADDRESS=${IPV6_ADDRESS}" >> "/etc/pihole/setupVars.conf"
pihole -g

DL6ER · March 10, 2017, 3:50pm

Deutsche Telekom - Speedport W 723V

DL6ER · March 10, 2017, 3:50pm

Deutsche Telekom - Speedport W 724V

DL6ER · March 11, 2017, 6:03pm

A post was split to a new topic: IPv6 ULA and Fritzbox

DL6ER · March 12, 2017, 8:17pm

Fritzbox Cable 6490 (Firmware 6.51) Thanks @Dmx !

This option is also available in the Fritzbox 7490 and @Erdnussknacker suggests that it should be available on all Fritzboxes running FRITZ!OS firmware greater equal version 6.50.

DL6ER · July 1, 2017, 11:10am

A post was merged into an existing topic: IPv6 ULA and Fritzbox

spacemonkey · August 15, 2017, 7:26am

So I started getting IPv6 from my ISP recently. And here's how I got ULA working with pi-hole and pfsense router.
I get IPv6 by DHCP6 on the WAN interface with "Use IPv4 connectivity as parent interface" & "Send IPv6 prefix hint" checked, and a prefix size of 64. On the LAN side it's set to track-interface (wan).

Set ULA in RA subnet (pfsense)
In Services > DHCPv6 > RA, under Advertisements, add a subnet fd00:: and prefix /64
Note: We don't need DHCPv6 server. It's disabled by default - it's ok to leave it as it is.
Set static pihole IPv6 (ULA)
On the pihole, set a static IPv6 (Debian in my case) fd00::20/64 without any gateway or DNS. Refresh your interface "ifdown ens160; ifup ens160" and check your IP with ifconfig. Ideally you should see an fe (link-local),fd(static ULA)and 2000 (GLA) IP, and you should be able to ping6 google.
Check connectivity
Now you should be able to ping pihole's IPv6 (fd00::20) from your computer.
Add pihole ULA in pfsense DNS
In pfsense System > General, assuming you have already entered pihole's IPv4 address there, add pihole's IPv6 address as well with the gateway as none. RA will send the LAN interfaces' IPv6 to clients (which changes on boot).
Note: This is assuming that you have DNS forwarder enabled.
A reboot maybe required to realize the setting done in step 1 and/or 4

mibere · March 19, 2018, 5:10pm

For all users of the Speedport Hybrid router by Deutsche Telekom: take a look at the above screenshot for the Speedport W 724V, it's the same as for the Hybrid.

Home network -> Home network (LAN) -> Name and address of the router -> Use local IPv6 address (ULA)

blubbsy · March 21, 2018, 2:07pm

What is the suggested way if the router does not have the option to turn on ULA? I'm having a "Connect Box" from my ISP (UPC).

tcikoritys · July 1, 2018, 2:22am

I wonder this as well. I have an Arris gateway from Spectrum and am using the Pi-hole as a DHCP server. Is there any way the Pi can handle this, or does it need to be the gateway?

Maxburn · July 4, 2018, 11:46pm

Anyone know how to do this with a Ubiquiti Edgerouter-X? I have one of those behind a XB3 set to bridge mode and I appear to be getting IPv6 and really slow page loads sometimes.

DanSchaper · July 4, 2018, 11:57pm

If you have slow page loads, take a look at our guide for IPTables rules and see if those help. I have an ER-X SFP and just have a few rules to handle things. I'm not sure offhand how to set up ULA but I do know it's possible, but done via command line when setting up the DHCP server portion.

Maxburn · July 5, 2018, 12:28am

Literally following the same guide you linked. I'll skip to that section if you think that's the issue though.

jpgpi250 · August 4, 2018, 8:18am

I noticed my IPv6 GUA changes, whenever I reboot my router and found @DL6ER script here, unfortunately, this script runs 'pihole -g' (and restarts dnsmasq or FTLDNS), even if the IPv6 address didn't change, so I improved the script.

Using GUA: Replace the first few digits ('2a02' in my case) in the grep command to match your own!!!
Using LUA: Replace '2a02' in the grep command with 'fc\|fd' (see @DL6ER script)

#!/bin/bash

# read current IPv6 address from file
CURRENT_IPV6_ADDRESS=$(ip -6 a | grep '2a02' | awk -F " " '{gsub("/[0-9]*",""); print $2}')

# read/compare previous IPv6 address from file
file=/etc/pihole/setupVars.conf
if ! grep -q "$CURRENT_IPV6_ADDRESS" $file; then
	sed -i.bak "/IPV6_ADDRESS/d;" "/etc/pihole/setupVars.conf"
	echo "IPV6_ADDRESS=${CURRENT_IPV6_ADDRESS}" >> "/etc/pihole/setupVars.conf"
	{
		echo to: <your gmail address>
		echo from: <your gmail address>
		echo subject: pihole IPv6 address change
		echo
		cat /etc/pihole/setupVars.conf
	} | /usr/sbin/ssmtp <your gmail address>
	/usr/local/bin/pihole updateGravity
fi

The script also sends me a mail, whenever the IPv6 address changed, for this to work, you need to follow the instruction in my manual, section 4.9 (install mail) and change 'your gmail address' in the script, with the desired gmail address (needs to be changed 3 times)

In order to automate the IPv6 update, you might want to add it to cron. Create /etc/cron.d/IPv6check, containing:

29 6    * * *   root    PATH="$PATH:/home/pi/" /home/pi/IPv6check.sh

change the time to something appropriate for you, I run it at 06h29

edit
correct wrong SUFFIX in sed -i command, changed from sed -i.setupVars.bak to sed -i.bak
/edit

edit2
When the job runs with cron, pihole -g isn't a valid command. Replaced the command with /usr/local/bin/pihole updateGravity
/edit2

PiMajesty · April 3, 2019, 1:02am

Hello. When running the 4th command: echo "IPV6_ADDRESS=${IPV6_ADDRESS}" >> "/etc/pihole/setupVars.conf" I get a permission denied error, even when using sudo. I’m trying to add the IPV6 address to the config file but having no success. Any ideas? Thanks.

jpgpi250 · April 3, 2019, 8:00am

Can't edit the existing entry, so here is the latest version of the script, the echo command is eliminated in this version.

Using GUA: Replace the first few digits (‘2a02’ in my case) in the grep command to match your own!!!
Using LUA: Replace ‘2a02’ in the grep command with ‘fc|fd’ (see @DL6ER script)

#!/bin/bash

# get current IPv6 address
CURRENT_IPV6_ADDRESS=$(ip -6 a | grep '2a02' | awk -F " " '{gsub("/[0-9]*",""); print $2}')

# read configured IPv6 address from /etc/pihole/setupVars.conf
file=/etc/pihole/setupVars.conf
OLD_IPV6_ADDRESS=$(grep 'IPV6_ADDRESS=' "$file" |sed 's/^IPV6_ADDRESS=//')

# read/compare previous IPv6 address from file
if ! grep -q "$CURRENT_IPV6_ADDRESS" $file; then
	sed -i.bak "s/$OLD_IPV6_ADDRESS\b/$CURRENT_IPV6_ADDRESS/g" "$file"
	{
		echo to: <your gmail address>
		echo from: <your gmail address>
		echo subject: pihole IPv6 address change
		echo
		cat /etc/pihole/setupVars.conf | grep 'ADDRESS'
	} | /usr/sbin/ssmtp <your gmail address>
	/usr/local/bin/pihole updateGravity
fi

Remember, the mail portion of the script only works if you setup mail, as explained in my manual , section 4.9 (install mail) and change ‘your gmail address’ in the script, with the desired gmail address (needs to be changed 3 times)

PiMajesty · April 3, 2019, 10:40am

Hello. Thanks for your response. This is very very confusing. The script you provided seems to update IPV6 addresses when they change, but the IPV6 address the Pi is using is a fe80 address that from my understanding is the static/LAN IP address. Correct me if I’m wrong, but isn’t that different from adding the ULA to vars.config file???

jpgpi250 · April 3, 2019, 2:45pm

If you're using a static IPv6 address, you don't need this script.
The script is only intended to overcome changing IPv6 addresses.
As far as I know, setupVars.conf can only contain one IPv6 address. The address is used by pihole-FTL to return the correct address, incase you're using blocking modes that would show a blocking page, e.g. BLOCKINGMODE=IP-NODATA-AAAA or BLOCKINGMODE=IP

BitStream · October 22, 2019, 2:37pm

Thank you for your approach but I encountered a small problem during the implementation

The GUA also contained the letters FD and therefore I got the GUA and the ULA address.

pi@ns17:~ $ IPV6_ADDRESS=$(ip -6 a | grep 'fc\|fd' | awk -F " " '{gsub("/[0-9]*",""); print $2}')
pi@ns17:~ $ echo ${IPV6_ADDRESS}
2a0a:xxxx:xxxx:xxxx:xxxx:xxxx:xxfd:xxxx fdxx::xxxx:xxxx:xxxx:xxxx

With a small modification, only the ULA are displayed.

pi@ns17:~ $ IPV6_ADDRESS=$(ip -6 a | grep '\<fc\|\<fd' | awk -F " " '{gsub("/[0-9]*",""); print $2}')
pi@ns17:~ $ echo ${IPV6_ADDRESS}
fdxx::xxxx:xxxx:xxxx:xxxx

DL6ER · October 22, 2019, 3:04pm

Ah, yes, I should really have thought about adding an anchor there. I just edited the first message in this thread to use what you proposed.