Ipv6 configured but unable to ping internet
-
@lolo54000 If you are using that /64 block on your WAN, they should give you another for LAN. IPv6 doesn't normally use NAT. The data center then routes your IPv6 LAN subnet traffic to your designated WAN IPv6 address. In other words you can't use the same IPv6 subnet on LAN and WAN.
Alternately there is NPt but I've never had to use it.
-
@steveits Ok and Can i split the /64 block into 2 block ?
Ex for the wan I use a /128 for only 1 ip and for lan i use a /118 with 1024 adress?
with the same start of adress? -
@lolo54000 You would think so but no, they didn't design it that way. So we just don't use a few quintillion addresses at a time.
Our data center gave us a /125 subnet for WAN, because on their end all their customers get one. Then we have a /64 for LAN.
A /128 would be one address. It needs to talk to its gateway.
-
@steveits I have tested to configure a /128 ip on my wan interface and no ipv6 ip on my lan interface and i'm unable to ping google from diagnostic/ping in pfsense.
My isp provide to me only a /64 block and no option to command another block of ipv6 -
@lolo54000 That is expected, an IP with a /128 mask cannot communicate with any other IP. That is the same as IPv4 with a /32 mask.
If they only gave you one /64 and not a separate WAN IP then I don't know if it is possible to get IPv6 on your LAN. Perhaps some sort of weird configuration like using a second WAN interface for IPv6 and bridging it to a second LAN? I think you need to go back to OVH and explain you're trying to configure a router not a computer.
-
If they give him just a /64, then he needs a firewall only, not a router. Can pfSense be configured that way. This is why we need to know what's being provided. Otherwise we're just guessing.
-
@steveits said in Ipv6 configured but unable to ping internet:
A /128 would be one address. It needs to talk to its gateway.
A /128 doesn't talk to anything on it's own. If they're providing that, then they're providing a link local address for the gateway.
-
@jknott said in Ipv6 configured but unable to ping internet:
If they give him just a /64, then he needs a firewall only, not a router.
He wrote it was a /64.
A parallel question is, what did OVH give him for IPv4? If that wasn't a routed subnet (with its own separate WAN IP), then I would suggest OVH is not intending for a router to be used. Which is what you're saying. :)
It does seem weird then that every server would have its own /64. Maybe they give out one /64 for all virtual servers in your account? And then one IPv4 for each server? I don't know, we do our own hosting so haven't used OVH. I think the bottom line is OP needs to go back to OVH and tell them of the desire to use a router in front of any servers.
-
@steveits Hi
The attibution of ip in ovh is like this
For each physical server we have 1 ipv4 (and can buy many another ipv4) and a /64 ipv6 blockIn my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6 .
In this ovh documentation on how to configure ipv6 on a physical server (https://docs.ovh.com/gb/en/dedicated/network-ipv6/#freebsd_1) all the configuration looks simple but is not applicable to pfsense because of the gui configuration and when i configure the same thing in the gui I don't have internet access.
-
@lolo54000 Maybe just start fresh, reinstall pfSense from scratch and this time don't use DHCP vor IPv6.
With one /64 you can't do much anyways but at least pinging from pfSense WAN should work. -
@lolo54000 said in Ipv6 configured but unable to ping internet:
In my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6
To have a router in front, you would need:
- an IPv6 for the router WAN
- an IPv4 for the router WAN
- OVH to route your other IP addresses to those IPs
- your servers to use your router LAN IPv4/IPv6 as their gateway
It sounds like they are simply not set up to handle a router, like you're asking for.