• Setup IPv6 dual stack with ISP Deutsche Telekom

    6
    0 Votes
    6 Posts
    11k Views
    M

    This is working for me: https://moerbst.wordpress.com/2016/07/31/ipv6mit-pfsense-an-dsl-der-telekom/ It's in german language but with screenshots for every step, so it should be no problem :-)

  • 0 Votes
    14 Posts
    3k Views
    johnpozJ

    That is not the default setting.. So clearly at some point you said, I only want tcp/udp outbound – so that would break ping/traceroute, etc..

  • IPv6 setup via Comcast/pfsense, working from WAN of pfsense, but not LAN

    9
    0 Votes
    9 Posts
    3k Views
    T

    How have you configured your WAN and your LAN?
    At least in my area, Comcast will hand out a /64 prefix or a /60.
    If you want the simplest config,

    your WAN interface should be set up to use DHCP6

    leave "DHCPv6 Prefix Delegation size" at 64

    check the "Send IPv6 prefix hint" checkbox

    then for IPv6 on your LAN interface set it up to "track interface" pointing to the WAN interface with the "IPv6 Prefix ID" set to 0 (you can't change it if you requested a /64 on the WAN).

    That should be enough to get legitimate IPv6 addresses on your LAN.

    Tim

  • PfSense + Sixxs + PPPoE

    10
    0 Votes
    10 Posts
    2k Views
    D

    When they don't support it, they should at least stop breaking it.

    Frankly, time to find a new ISP. This thing just works (pretty much everywhere when you drop the MTU to 1280) unless some lame ISP screws that intentionally or just by some clueless misconfiguration of their equipment.

  • DHCP6 Server missing IAID field for reservations

    7
    0 Votes
    7 Posts
    2k Views
    D

    @richardd:

    What I'm missing in pfSense DHCP6 is the option to use the MAC address for identification

    No such thing exists for DHCP6.

  • Again IPv6 issue with final 2.2.3

    15
    0 Votes
    15 Posts
    2k Views
    M

    YOu had to reboot your ISP equipment Im almost sure about that. If you use PPPoE sometimes when pppoe session is not disconnected properly it simply doesnt work until you reboot things :)

    Glad you made it working.

  • Not Getting IPv6 .. Please Help

    10
    0 Votes
    10 Posts
    2k Views
    johnpozJ

    So your double natting to this pfsense box 192.168.1.1 which is in front of your pfsense box that also nats.  Does that pfsense have a public on its wan?

    You mention your at school - is this the schools network?  Or do you have your own private internet connection.  Many schools lock down their networks, where they don't even want you running nat that would allow you to put non registered devices on their network.  It would be quite possible that they are blocking protocol 41 which is required for a HE tunnel.

    From the HE faq

    *Two important notes:

    Your IPv4 endpoint address must be reachable via ICMP ECHO_REQUEST (Internet Control Message Protocol).
        If you are using a NAT (Network Address Translation) appliance, please make sure it allows and forwards IP protocol 41.

    What is IP Protocol 41?
        IP Protocol 41 is one of the Internet Protocol numbers. Within the IPv4 header, the IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet.

    Even if they do allow it.. Not sure it would work through a double nat?  Do you have access to this pfsense in front of yours - is it allowing protocol 41?  Is it sending it to your 2nd pfsense wan IP?  See attached.

    protocol41.png
    protocol41.png_thumb

  • How many instances of dhcp6c are expected?

    4
    0 Votes
    4 Posts
    2k Views
    B

    It appears this may still be a bug in 2.2.2  My PPPoE sessions being renewed seem to completely break DHCP6 prefix delegation with my ISP.  The WAN link comes up and can be used to communicate but routing for the delegated subnet is completely broken.

    I was able to confirm that killing the processes and re-saving the wan config as suggested on the documentation page here https://doc.pfsense.org/index.php/DHCPv6_Client_XID_Mismatch resolved the issue.

  • Limiter and IPv6

    22
    0 Votes
    22 Posts
    6k Views
    C

    @doktornotor:

    Can people here retest this with latest 2.2.3 snapshots? Seems working for me.

    Ditto, seems fine for me as well, but more widespread testing would be appreciated.

  • Creating an Internal Dual Stack LAN

    8
    0 Votes
    8 Posts
    2k Views
    M

    Thank You Johnpoz & Gertjan. … :D learningg  ....  :-*

  • Missing PPPoE option for IPv6

    5
    0 Votes
    5 Posts
    2k Views
    H

    @doktornotor:


    Also note that the IPv6 display for PPPoE has never worked properly -- neither in the GUI dashboard, nor in the console menu.

    +1, that is, the WAN IPv6 prefix + MACderivative parallel to the WAN IPv4 entry.
    Luckily I know my steady /48 on beforehand, so I can issue the different subnets for the SLAAC, Static or DHCPv6 LAN's ;)

  • Native IPv6 with dynamic /56 range

    21
    0 Votes
    21 Posts
    12k Views
    T

    For those still encountering issues with Comcast's odd DHCPv6 setup
    FYI, another trick to doing this if you don't want to have to change the MAC address and aren't willing to wait a week:

    Modify the WAN dhcp settings to request a /60 as previously detailed
    Download http://www.ipv6.mtu.edu/wide_mkduid.pl which is a simple perl script to create a dhcp6c_duid file.
    Run it on a Linux box (or something with Perl installed) like so
    $ ./wide_mkduid.pl -t now -m <pfsense wan="" mac="" address="">successfully created /home/timw/dhcp6c_duid
    DUID is 00:01:00:06:55:77:0a:34:XX:XX:XX:XX:XX:XX (MAC redacted)

    copy over the generated dhcp6c_duid to the pfsense box (I scp'd it into /tmp)
    Save a copy of /var/db/dhcp6c_duid (just in case anything goes wrong)
    cp /tmp/dhcp6c_duid /var/db/dhcp6c_duid
    Go into the WAN settings in the Web UI and just resave them.

    Immediately after doing this I was received my shiny new /60 prefix delegation.</pfsense>

  • IPv6 Tunnel Broker not working - Ping return code -1

    9
    0 Votes
    9 Posts
    3k Views
    C

    The gif tunnel being /128 is fine.

    @furgussen:

    kernel: cannot forward src fe80:2::20c:29ff:fe2a:fba2, dst 2001:0:9d38:6abd:307a:377a:a785:7ba6, nxt 6, rcvif vmx1, outif gif0

    Which is bizarre.  I don't know why pfSense is trying to foward link-local out to the internet.

    Because something is sourcing traffic from its link-local IP destined to its LAN MAC. This looks like what'd happen if you didn't configure your routed /64 on your LAN interface, or didn't configure RAs or DHCPv6 to assign IPv6 IPs to clients.

  • Ipv6 lan hostnames and matching ipv6/ipv4 hosts to QOS rules

    6
    0 Votes
    6 Posts
    2k Views
    H

    @jayjanssen:

    Thanks, but that seems unsatisfying…

    But that's how it works… Feel free to experiment with DHCPv6-Server to learn about address routing mask /64. One should reserve the last 64 bits for addressing LAN hosts. SLAAC fits right in, but you can make what you want with static or dhcpv6.

  • DHCPv6 Server help

    19
    0 Votes
    19 Posts
    4k Views
    Y

    but I had use PF2.1.X version , ipv6 work in andriod.  only PF2.2.X IPV6 not work.

  • Openvpn roadwarrior ipv6 setup?

    12
    0 Votes
    12 Posts
    4k Views
    johnpozJ

    I don't need that binding on that interface for sure.. So just removed it..

  • Router Solicitation on WAN

    2
    0 Votes
    2 Posts
    2k Views
    H

    @Rhongomiant:

    I am being told by an ISP that has multiple gateways for redundancy that my pfSense devices should be able to get the gateway IP from Router Advertisements after sending a Router Solicitation. I realize that this will work if I use SLAAC

    No, you use RA in combination with SLAAC, DHCPv6-server or Static IPv6 assignment. And your pfSense devices are on the LAN.
    Configure your LAN IPv6 as static first with another unique subnet value than WAN,  mask /64, not some other value there.

  • IPv6 DHCP

    3
    0 Votes
    3 Posts
    2k Views
    L

    Seems that DHCPv6 server has no problem. Problem is the default settings of Windows

    I've installed the following Microsoft fixes from https://support.microsoft.com/en-us/kb/929852
    Microsoft Fix it 50440
    Microsoft Fix it 50443

  • Radvd[41259]: sendmsg: Can't assign requested address

    8
    0 Votes
    8 Posts
    5k Views
    S

    Update - General System Logs also states:
    Note- my logs are latest first.

    php-fpm[60244]: /interfaces.php: Creating rrd update script
    snmpd[78479]: disk_OS_get_disks: adding device 'ada0' to device list
    check_reload_status: Reloading filter
    check_reload_status: updating dyndns lan
    php-fpm[60244]: /interfaces.php: Shutting down Router Advertisment daemon cleanly
    check_reload_status: Restarting ipsec tunnels
    check_reload_status: Syncing firewall

  • 2.2.1: No IPv6 assigned to LAN anymore

    64
    0 Votes
    64 Posts
    26k Views
    F

    Just an update. I got an Intel 350-T4 adapter (igb) and am using one of the ports for my wan (untagged) IPv6 is now working properly. Is this an issue with tagged interfaces on em cards?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.