Use IPv6 ULA addresses for Pi-hole

Deutsche Telekom - Speedport W 724V

1 Like

A post was split to a new topic: IPv6 ULA and Fritzbox

Fritzbox Cable 6490 (Firmware 6.51) Thanks @Dmx !

This option is also available in the Fritzbox 7490 and @Erdnussknacker suggests that it should be available on all Fritzboxes running FRITZ!OS firmware greater equal version 6.50.

4 Likes

A post was merged into an existing topic: IPv6 ULA and Fritzbox

So I started getting IPv6 from my ISP recently. And here's how I got ULA working with pi-hole and pfsense router.
I get IPv6 by DHCP6 on the WAN interface with "Use IPv4 connectivity as parent interface" & "Send IPv6 prefix hint" checked, and a prefix size of 64. On the LAN side it's set to track-interface (wan).

  1. Set ULA in RA subnet (pfsense)
    In Services > DHCPv6 > RA, under Advertisements, add a subnet fd00:: and prefix /64
    Note: We don't need DHCPv6 server. It's disabled by default - it's ok to leave it as it is.
  2. Set static pihole IPv6 (ULA)
    On the pihole, set a static IPv6 (Debian in my case) fd00::20/64 without any gateway or DNS. Refresh your interface "ifdown ens160; ifup ens160" and check your IP with ifconfig. Ideally you should see an fe (link-local),fd(static ULA)and 2000 (GLA) IP, and you should be able to ping6 google.
  3. Check connectivity
    Now you should be able to ping pihole's IPv6 (fd00::20) from your computer.
  4. Add pihole ULA in pfsense DNS
    In pfsense System > General, assuming you have already entered pihole's IPv4 address there, add pihole's IPv6 address as well with the gateway as none. RA will send the LAN interfaces' IPv6 to clients (which changes on boot).
    Note: This is assuming that you have DNS forwarder enabled.
  5. A reboot maybe required to realize the setting done in step 1 and/or 4
1 Like

For all users of the Speedport Hybrid router by Deutsche Telekom: take a look at the above screenshot for the Speedport W 724V, it's the same as for the Hybrid.

Home network -> Home network (LAN) -> Name and address of the router -> Use local IPv6 address (ULA)

What is the suggested way if the router does not have the option to turn on ULA? I'm having a "Connect Box" from my ISP (UPC). :frowning:

1 Like

I wonder this as well. I have an Arris gateway from Spectrum and am using the Pi-hole as a DHCP server. Is there any way the Pi can handle this, or does it need to be the gateway?

Anyone know how to do this with a Ubiquiti Edgerouter-X? I have one of those behind a XB3 set to bridge mode and I appear to be getting IPv6 and really slow page loads sometimes.

If you have slow page loads, take a look at our guide for IPTables rules and see if those help. I have an ER-X SFP and just have a few rules to handle things. I'm not sure offhand how to set up ULA but I do know it's possible, but done via command line when setting up the DHCP server portion.

1 Like

Literally following the same guide you linked. I'll skip to that section if you think that's the issue though.

I noticed my IPv6 GUA changes, whenever I reboot my router and found @DL6ER script here, unfortunately, this script runs 'pihole -g' (and restarts dnsmasq or FTLDNS), even if the IPv6 address didn't change, so I improved the script.

Using GUA: Replace the first few digits ('2a02' in my case) in the grep command to match your own!!!
Using LUA: Replace '2a02' in the grep command with 'fc\|fd' (see @DL6ER script)

#!/bin/bash

# read current IPv6 address from file
CURRENT_IPV6_ADDRESS=$(ip -6 a | grep '2a02' | awk -F " " '{gsub("/[0-9]*",""); print $2}')

# read/compare previous IPv6 address from file
file=/etc/pihole/setupVars.conf
if ! grep -q "$CURRENT_IPV6_ADDRESS" $file; then
	sed -i.bak "/IPV6_ADDRESS/d;" "/etc/pihole/setupVars.conf"
	echo "IPV6_ADDRESS=${CURRENT_IPV6_ADDRESS}" >> "/etc/pihole/setupVars.conf"
	{
		echo to: <your gmail address>
		echo from: <your gmail address>
		echo subject: pihole IPv6 address change
		echo
		cat /etc/pihole/setupVars.conf
	} | /usr/sbin/ssmtp <your gmail address>
	/usr/local/bin/pihole updateGravity
fi

The script also sends me a mail, whenever the IPv6 address changed, for this to work, you need to follow the instruction in my manual, section 4.9 (install mail) and change 'your gmail address' in the script, with the desired gmail address (needs to be changed 3 times)

In order to automate the IPv6 update, you might want to add it to cron. Create /etc/cron.d/IPv6check, containing:

29 6    * * *   root    PATH="$PATH:/home/pi/" /home/pi/IPv6check.sh

change the time to something appropriate for you, I run it at 06h29

edit
correct wrong SUFFIX in sed -i command, changed from sed -i.setupVars.bak to sed -i.bak
/edit

edit2
When the job runs with cron, pihole -g isn't a valid command. Replaced the command with /usr/local/bin/pihole updateGravity
/edit2

3 Likes

Hello. When running the 4th command: echo "IPV6_ADDRESS=${IPV6_ADDRESS}" >> "/etc/pihole/setupVars.conf" I get a permission denied error, even when using sudo. I’m trying to add the IPV6 address to the config file but having no success. Any ideas? Thanks.

Can't edit the existing entry, so here is the latest version of the script, the echo command is eliminated in this version.

Using GUA: Replace the first few digits (‘2a02’ in my case) in the grep command to match your own!!!
Using LUA: Replace ‘2a02’ in the grep command with ‘fc|fd’ (see @DL6ER script)

#!/bin/bash

# get current IPv6 address
CURRENT_IPV6_ADDRESS=$(ip -6 a | grep '2a02' | awk -F " " '{gsub("/[0-9]*",""); print $2}')

# read configured IPv6 address from /etc/pihole/setupVars.conf
file=/etc/pihole/setupVars.conf
OLD_IPV6_ADDRESS=$(grep 'IPV6_ADDRESS=' "$file" |sed 's/^IPV6_ADDRESS=//')

# read/compare previous IPv6 address from file
if ! grep -q "$CURRENT_IPV6_ADDRESS" $file; then
	sed -i.bak "s/$OLD_IPV6_ADDRESS\b/$CURRENT_IPV6_ADDRESS/g" "$file"
	{
		echo to: <your gmail address>
		echo from: <your gmail address>
		echo subject: pihole IPv6 address change
		echo
		cat /etc/pihole/setupVars.conf | grep 'ADDRESS'
	} | /usr/sbin/ssmtp <your gmail address>
	/usr/local/bin/pihole updateGravity
fi

Remember, the mail portion of the script only works if you setup mail, as explained in my manual , section 4.9 (install mail) and change ‘your gmail address’ in the script, with the desired gmail address (needs to be changed 3 times)

1 Like

Hello. Thanks for your response. This is very very confusing. The script you provided seems to update IPV6 addresses when they change, but the IPV6 address the Pi is using is a fe80 address that from my understanding is the static/LAN IP address. Correct me if I’m wrong, but isn’t that different from adding the ULA to vars.config file???

If you're using a static IPv6 address, you don't need this script.
The script is only intended to overcome changing IPv6 addresses.
As far as I know, setupVars.conf can only contain one IPv6 address. The address is used by pihole-FTL to return the correct address, incase you're using blocking modes that would show a blocking page, e.g. BLOCKINGMODE=IP-NODATA-AAAA or BLOCKINGMODE=IP

1 Like

Thank you for your approach but I encountered a small problem during the implementation :wink:

The GUA also contained the letters FD and therefore I got the GUA and the ULA address.

pi@ns17:~ $ IPV6_ADDRESS=$(ip -6 a | grep 'fc\|fd' | awk -F " " '{gsub("/[0-9]*",""); print $2}')
pi@ns17:~ $ echo ${IPV6_ADDRESS}
2a0a:xxxx:xxxx:xxxx:xxxx:xxxx:xxfd:xxxx fdxx::xxxx:xxxx:xxxx:xxxx

With a small modification, only the ULA are displayed.

pi@ns17:~ $ IPV6_ADDRESS=$(ip -6 a | grep '\<fc\|\<fd' | awk -F " " '{gsub("/[0-9]*",""); print $2}')
pi@ns17:~ $ echo ${IPV6_ADDRESS}
fdxx::xxxx:xxxx:xxxx:xxxx
2 Likes

Ah, yes, I should really have thought about adding an anchor there. I just edited the first message in this thread to use what you proposed.

A post was split to a new topic: IPv6 address question

A post was split to a new topic: ULA prefix length for DHCP