| ▲ | candiddevmike a day ago |
| I wish I could switch my network to all IPv6 and use NAT64/DNS64, but Android, the world's most popular OS, purposefully disables DHCPv6. I am forced to support IPv4/DHCPv4 for the foreseeable future to support these broken devices. |
|
| ▲ | throw0101c a day ago | parent | next [-] |
| > I wish I could switch my network to all IPv6 and use NAT64/DNS64, but Android, the world's most popular OS, purposefully disables DHCPv6. It does not "disable" DHCPv6. It does not support DHCPv6. Android (really Lorenzo Colitti) in/famously WONTFIX adding DHCPv6 client support: * https://issuetracker.google.com/issues/36949085 Of course after over a decade of denying that Android needs some kind of DHCP in IPv6, it seems that Android may finally be getting some kind of solution: * https://android-developers.googleblog.com/2025/09/simplifyin... * Via: https://blog.ipspace.net/2025/09/android-dhcpv6-prefix-deleg... Hopefully, having admitted (?) the error of their ways with being SLAAC-only they'll also add 'regular' DHCPv6 in addition to DHCPv6-PD. |
| |
| ▲ | denkmoon 19 hours ago | parent [-] | | Holy hell the android dhcpv6 situation is deranged. Been following Mr Colitti’s antics for awhile but only just learned of this prefix delegation news. So now I can delegate an entire subnet but can’t just have a regular address. Why oh why can’t we just have a goddamn normal every day dhcpv6 client like every other os on the planet |
|
|
| ▲ | franklyworks a day ago | parent | prev | next [-] |
| Android supports SLAAC and has good support transitional tech like xlat464 and DHCP option 108. I have used these on my network and office to move to IPv6-only for Android. What about lack of DHCPv6 prevents you from using IPv6 on Android? |
| |
| ▲ | candiddevmike a day ago | parent [-] | | I can't run SLAAC and DHCPv6 at the same time without giving devices multiple addresses, and Android doesn't support DHCPv6, so I'd have to carve out a separate, SLAAC-based, android-only network. And then figure out firewall rules, multicast reflection, etc. | | |
| ▲ | justincormack a day ago | parent | next [-] | | Why is giving multiple addresses a problem? | | |
| ▲ | candiddevmike a day ago | parent [-] | | No control over which source address is used. I'm assigning a lot of clients DHCP reservations so I can use static addresses for monitoring and firewall rules. With multiple addresses on the same network, clients may use their SLAAC address which won't match the firewall rule. | | |
| ▲ | db48x a day ago | parent | next [-] | | That still doesn’t really make sense. Why not run SLAAC on one subnet and have a single firewall rule for the whole thing? You’re not running any major servers on an Android phone, so it won’t be anything complex. | | |
| ▲ | tsimionescu a day ago | parent [-] | | SLAAC can only run on a subnet that's larger than /64, which they might not have access to. | | |
| ▲ | db48x a day ago | parent [-] | | Strictly speaking it can and does run on subnets that are exactly /64. Does anyone actually hand out smaller delegations today? | | |
| ▲ | tsimionescu a day ago | parent [-] | | My point is that they might only be getting 1 /64 from their ISP; or getting a /62 or something small, and needing more subnets anyway. In these situations, you may not have an extra /64 to dedicate to SLAAC for certain devices. | | |
| ▲ | db48x a day ago | parent [-] | | Right. I was merely correcting your statement that SLAAC needs more than 64 bits to work with. But my question remains; do any ISPs hand out smaller delegations than a /64? |
|
|
|
| |
| ▲ | justincormack 21 hours ago | parent | prev | next [-] | | There are APIs in Linux to control source address selection but might be fiddly https://www.davidc.net/networking/ipv6-source-address-select... | |
| ▲ | franklyworks a day ago | parent | prev [-] | | Ah, this makes sense. |
|
| |
| ▲ | gspr a day ago | parent | prev [-] | | I thought this was a problem too. Then I realized that addresses are not in short supply, so I stopped caring that some devices get multiple addresses. The ones I care about are handed out over DHCPv6, and the firewall works accordingly. The rest gets basic connectivity and nothing else. Works great for me. | | |
| ▲ | candiddevmike a day ago | parent [-] | | Don't you have problems with clients using the wrong source address and not matching firewall rules? | | |
| ▲ | kstrauser a day ago | parent | next [-] | | Different person here, but no. I never write firewall rules based on individual source addresses. They’re too easy to fake. And with IPv6’s privacy extensions, you never know what source address a given machine will have anyway. | | |
| ▲ | gspr 21 hours ago | parent [-] | | Interesting. How do you deal with destination addresses on your local network? DHCPv6 like the other poster and myself? | | |
| ▲ | kstrauser 15 hours ago | parent [-] | | I haven’t had a need for DHCPv6. I’d use DNS (or better, mDNS) to assign a hostname to the destination’s fixed IPv6 address or ULA, both of which are static. I don’t ever manually assign an IPv6 address to a host, though. I just let SLAAC do the thing it was designed for. |
|
| |
| ▲ | gspr a day ago | parent | prev [-] | | No. Admittedly, my firewall rules are all about granting something extra beyond the basics. I only do this for clients I care about anyway, so I can always tell them to use the right address. |
|
|
|
|
|
| ▲ | dmm a day ago | parent | prev | next [-] |
| Android supports DHCPv6, just not stateful DHCPv6. You can give each device its own /64 or if you really want to track a devices usage you should use an authenticated layer on top of your base network. |
|
| ▲ | avidiax a day ago | parent | prev [-] |
| Why can't you use stateless autoconfig? |
| |
| ▲ | candiddevmike a day ago | parent [-] | | Because I want to control the suffix assigned to devices for firewall rules and monitoring purposes. | | |
| ▲ | avidiax a day ago | parent [-] | | Seems like the wrong layer unless your network has more than one router/gateway. Use MAC as the key for firewall and monitoring. Then you don't have multiple rules per device. | | |
|
|
