Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY

    Scheduled Pinned Locked Moved IPv6
    36 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @JKnott
      last edited by Bob.Dig

      @jknott I think he meant that he can not have gateway-monitoring to a public IPv6-address because WAN has no public IPv6-address with this ISP, which is a bummer.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @Bob.Dig
        last edited by

        @bob-dig

        I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        Bob.DigB lohphatL 2 Replies Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8 @JKnott
          last edited by Bob.Dig

          @jknott Interesting.

          Or it is maybe this:

          Static route
          Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.

          JKnottJ lohphatL 2 Replies Last reply Reply Quote 0
          • JKnottJ
            JKnott @Bob.Dig
            last edited by JKnott

            @bob-dig

            I suspect the problem is with a link local WAN address, there is no usable subnet and the non local gateway may be a way around that. I don't think removing a static route would fix that.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • lohphatL
              lohphat @JKnott
              last edited by lohphat

              @jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

              I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.

              About that. I'm using the WAN i/f in the ping and it works fine. That's what's really confusing me.

              Update: Aha!

              I tried the ping from the WAN and LAN and noticed that ping is using the LAN interface even though WAN is selected -- so that may explain why the monitor IP is failing as it doesn't know to use the LAN interface instead.

              Screenshot 2022-11-06 194647.png

              SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

              1 Reply Last reply Reply Quote 0
              • lohphatL
                lohphat @Bob.Dig
                last edited by

                @bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                @jknott Interesting.

                Or it is maybe this:

                Static route
                Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.

                Just tried this. Didn't work.

                SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                JKnottJ Bob.DigB 2 Replies Last reply Reply Quote 0
                • JKnottJ
                  JKnott @lohphat
                  last edited by

                  @lohphat

                  Have you tried what I suggested about the non-local gateway?

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  lohphatL 1 Reply Last reply Reply Quote 0
                  • lohphatL
                    lohphat @JKnott
                    last edited by

                    @jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                    Have you tried what I suggested about the non-local gateway?

                    Yes. No joy -- didn't work.

                    SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @lohphat
                      last edited by

                      @lohphat

                      Well, I guess you'll have to rely on the IPv4 monitor then. I have no idea why some ISPs don't provide a WAN address. It's not as though there's an address shortage.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • Bob.DigB
                        Bob.Dig LAYER 8 @lohphat
                        last edited by

                        @lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                        Just tried this. Didn't work.

                        What happens if you uncheck that and then create your own static route to that same external IP...

                        lohphatL 1 Reply Last reply Reply Quote 0
                        • lohphatL
                          lohphat @Bob.Dig
                          last edited by

                          @bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                          What happens if you uncheck that and then create your own static route to that same external IP...

                          Will try that shortly.

                          Related question: Why doesn't the WAN config for Ipv6 offer a place to assign a Prefix ID like the other i/f configs do since they're tracking the WAN IPv6 config delegation?

                          It seems that the WAN config should be able to assign the external WAN i/f an address. Or is that controlled by the ISP's RA?

                          Perhaps I can ask Verizon to have their side assign one...

                          SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                          JKnottJ 1 Reply Last reply Reply Quote 0
                          • JKnottJ
                            JKnott @lohphat
                            last edited by

                            @lohphat

                            That would really mess up routing. You'd have your internal prefix on the WAN interface.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            MikeV7896M 1 Reply Last reply Reply Quote 0
                            • MikeV7896M
                              MikeV7896 @JKnott
                              last edited by MikeV7896

                              @jknott How would it mess up routing?? The whole prefix is being routed to the router by the ISP anyway... For a while I had a virtual IP set up on my WAN interface using the "ff" prefix ID... I just had to manually change the VIP every time the prefix changed, which got old (and is part of why I'm not doing it anymore). But the IP worked just fine and could be pinged from the internet (since I allow pinging "WAN address" in my rules).

                              Verizon even does it in their own routers... taking the "ff" prefix ID and using the ::1 address for the WAN interface on the router.

                              The S in IOT stands for Security

                              Bob.DigB JKnottJ 2 Replies Last reply Reply Quote 0
                              • Bob.DigB
                                Bob.Dig LAYER 8 @MikeV7896
                                last edited by Bob.Dig

                                @mikev7896 Yeah, have read that here before, there is even a rfc for that if I remember correctly. But you loose one whole /64 just for one WAN address. Connection still would run over that fe80 address.

                                lohphatL 1 Reply Last reply Reply Quote 0
                                • JKnottJ
                                  JKnott @MikeV7896
                                  last edited by

                                  @mikev7896 said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                                  How would it mess up routing??

                                  What prefix were you planning on using? Are you going to use an alias?Will that alias start doing router solicitations? It's a situation where you want to be very careful.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  lohphatL 1 Reply Last reply Reply Quote 0
                                  • lohphatL
                                    lohphat @Bob.Dig
                                    last edited by

                                    @bob-dig This is why I expect the ISP to issue a WAN interface IPv6 address not related to the /56 prefix they assigned my gateway. Spectrum did, Verizon does not.

                                    SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                                    1 Reply Last reply Reply Quote 0
                                    • lohphatL
                                      lohphat @JKnott
                                      last edited by lohphat

                                      @jknott Spectrum would issue me a /56 prefix AND assign an address from another pool to my external WAN interface so that the link between they the ISP and my CPE was a routable segment.

                                      Verizon on the other hand makes the link between their CO router and my CPE a bridged connection using just link-local addresses.

                                      I just spent 45min on a Verizon chat to no resolution having to wade though three tiers of escalation to finally get someone who understood the request to have me call the router group directly @ 866 -849-3768

                                      SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                                      JKnottJ 1 Reply Last reply Reply Quote 0
                                      • JKnottJ
                                        JKnott @lohphat
                                        last edited by

                                        @lohphat

                                        I'm on Rogers and get a /56. While they provide a global WAN IP, it's not used for routing.

                                        PfSense running on Qotom mini PC
                                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                        UniFi AC-Lite access point

                                        I haven't lost my mind. It's around here...somewhere...

                                        Bob.DigB 1 Reply Last reply Reply Quote 0
                                        • Bob.DigB
                                          Bob.Dig LAYER 8 @JKnott
                                          last edited by Bob.Dig

                                          @jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

                                          While they provide a global WAN IP, it's not used for routing.

                                          Same here. That is why I think using one part of the prefix for WAN wouldn't be a technical problem, just waste of one /64.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.