ipv6 noob
-
Is there no way to turn off the router function? ISPs generally use DHCPv6-PD to provide a prefix to the customer. For example, my ISP provides a /56 prefix, which contains 256 /64s. However, that only works once. If the ISPs router takes that and hands out an address to pfSense, pfSense will not be easily be able to pass on a prefix to your LAN. I understand it may be possible, but I have no experience with that. BTW, I'm on a cable modem and it can be configured in bridge or gateway mode. I use bridge mode, so that pfSense can do what it has to.
Perhaps if you mentioned your ISP, someone else here can help with more specific info.
-
I did mention my isp. re read my last post.
-
@techpro2004 Next time put it in the topic because there are differences between ISPs and those in the same situation like you knows best.
-
@JKnott Fios requires using their router if you have their TV service, and their router needs to be first in line because they do some managed port forwards for certain functionality in their TV boxes. While this could be worked around with some of their older boxes (especially if you didn't care about those specific features), their newer ones can't even be set up without the Verizon router being first in line.
Hopefully, as they look into shifting to IPTV for the future (their multi-gig plans include an ONT that won't have QAM capabilities for TV, so it's assumed they'll move to IPTV) and have IPv6 global addresses for their STBs, port forward requirements will be a thing of the past and you won't need a Verizon router for TV service anymore. But if/when that will happen is anyone's guess (there is super limited testing of their multi-gig offering in a couple of areas in NYC; TV is not part of that offering at the moment though).
@techpro2004 Verizon's routers will pick up a /56, just like any other router on Fios service. But unlike pfSense, Verizon's router doesn't allow sub-delegation, so there's no automated way to take a part of that /56 prefix (like a /60) and assign it to a downstream router, like pfSense in your case.
There is a way that it could be made to work... using static routes in Verizon's router (which apparently some models have bugs with, so may not be reliable) and static settings in pfSense... but it would also be cumbersome to support because if your prefix changes in the future, you'd need to re-set up the static route and all of your IPv6 settings on pfSense with the new prefix. I can't provide help with this (and this wouldn't be the place for it anyway since it would involve advanced settings on Verizon's router) since I don't use a Verizon router, but that would be your path forward if you REALLY wanted to do it.
My recommendation would be that if you want to have IPv6 on pfSense, get rid of the Verizon TV service so you can get rid of the Verizon router.
-
so just for testing purposes, I bypassed the isp's router. I have an ipv6 address in ipconfig and on interfaces but test-ipv6.com shows no ipv6 address. traceroute6 also works. I am running squid and pfblocker-devel if it matters.
-
My rule of thumb is to start simple. Get it working first, then add the other stuff. That way, you know what's causing problems.
-
so I have 10/10 on test-ipv6.com but every time I reboot my pc or add a new device, I have to restart dhcp6 server and ra on pfsense, otherwise I get 0/10 but I do have a ipv6 address on my pc. any advice is welcome.
-
Why are you running dhcp6 on the LAN? You shouldn't use it, unless you have a need. Also, Android devices won't work with it. All you need is SLAAC.
-
Maybe I was not clear. I am in assisted mode so I have both dhcp6 and slaac
-
Once again, why? Unless you have a specific need for dhcp6, don't use it. SLAAC works fine. What is it you expect it to provide that SLAAC doesn't?
This goes back to my keep it simple rule. -
because it works this way and I am an ipv6 noob and am afraid to change settings.
-
so I switched to stateless and test-ipv6.com showed 10/10. Then I rebooted my win11 machine and now it shows 0/10. any advice is welcome. thanks.
-
Do you have other devices? Are they OK?
-
I realized the problem was my bridge so I am in the middle of a complete redesign of my network. Will post back when I know more. Hopefully the family wont object too much to the down time.
