IPv6 not assigning to LAN device - ISP Hyperoptic UK
-
@jknott May I know why your package length is longer than mine by 20? Does it matter?
-
Here's yours:
And mine:
Mine shows that identity association section, which yours doesn't have. I'm not sure why the difference. Possibly some config issue, though I'm not sure what. Can you do a screen shot of your WAN DHCP6 client config?
-
@samleemc I have same issue with HO with Pfsense.
Did you managed to solve the problem, can you please share with us?
Regards
-
@digitalberg unfortunately, I am unable to solve the issue. I believe the issue is at Hyperoptic side. Tried to contact Hyperoptic support, but I think it is not being escalated to the right team.
-
@samleemc Thanks. I will contact HO tomorrow as well to get more info and let you know too.
Is your Pfsense on a virtual environment or physical box?
-
@digitalberg physically box. NIC is Intel i225
-
@digitalberg any luck from your side?
This is the reply I get from Hyperoptic on the handshake.
-
@samleemc You are lucky; at least you got the response :) No, they haven't even bothered to contact me yet. It's been over four days now.
I figured out that Tunnel Broker is the best option for us.
So I used Cloudflare Teams (zero trust) and tested it with PFSense; it worked like a charm with full 1Gbps speed. Before I used a different tunnel broker, but the speed was bad on IPv6. Cloudflare impressed me today.
Try it and let me know if you need more info.
-
@digitalberg just wondering by any chance you have any documentation that I can follow?
-
@samleemc Sure, please click on the below instructions. I hope this helps.
Setup Cloudflare Teams in pfSense
Another benefit of using Cloudflare in pfSense is that our DNS queries are on DoT, DoH, and WARP :)
If you need further support, PM me, and we can do a remote session :)
Regards,
-
@samleemc Hi Sam, I connected Hyperoptic IPv6 to my pfSense box without HO support.
Please elaborate on your HO settings and configuration so we can pinpoint the issue.
p.s My HO IPv6 worked without spoofing the MAC address in the pfSense.
Have a nice weekend!
Screenshot 2022-11-18 at 21.22.50 -
@digitalberg Amazing! How did you get it to work?
Those are my setting related to IPv6
I have 3 physical LAN ports in the machine, and I have setup a bridge "LAN" to join them together as below
Then each LAN is set to track the WAN interface for IPv6
All LAN are pretty much the same.
As for the DHCPv6 and RA, I have turned off the DHCPv6 and enable RA as below
I think that's pretty much all the setting related to IPv6.
Any difference from yours?
Sam
-
pfsense version is
-
@samleemc
Your LANs are on the bridge, and the IPv6 configuration type is "track interface." This is the best setting, so DCHPv6 automatically assigns the client's network, but I can see some tweaking is required on your end.As you can see, I did not configure MAC spoofing!
If the below settings don't work, I would tell you to start from scratch and use one LAN without bridging the LANs to see if works.
My pfSense version: 2.6.0-RELEASE (amd64)
WAN:
LAN:
DCHPv6:
Rules tab:
This rule is for the LAN and includes an HO IPv6 gateway, so traffic will be routed through the HO gateway.
DNS:
The DNS is also important for the HO connection. you can setup Hyperoptic DNS however, i have setup Cloudflare:
HyperOptic Gateway up and running:
I would recommend having sleeping pills once everything is set up. LOL, i meant to first restart the pfsense and disconnect all the clients devices and leave the pfSense for 1-2 untouched so pfSense can talk to HO to get IPv6 etc.
-
I followed your setting above, but still no luck.
Btw, are you using the community version or the pfsense+ version?
Sam
-
Iv moved to pfsense+ 22.05 and wanted to setup Hyperoptic ivp6 and have been banging me head against the wall trying to get it working. I finaly managed to get it working and maybe what i did works for you.
I followed all the guides online about how others have got Hyperoptic ipv6 working and no matter what the gateway would always show as pending. I noticed that when i setup dhcp6 on the WAN interface the ipv6 link local address was removed from the WAN interface. I added the ipv6 link local address manually to the WAN interface and magicly the gateway came online and im getting ipv6 connectivity.
- Find out what the ipv6 link local is for the WAN address Status->Interfaces (i had to disabled dhcp6 on WAN and reboot for it to show up again on mine)
- Setup WAN dhcp6 like the other guides online for hyperoptic
- Add the link local back to WAN Firewall->Virtual IPs->Add pick "IP alias" as the type and WAN as the interface, use the link local you got earlier for the address.
Im using static ips on my LAN interface for IPV6 and havent tested if track interface works this way as well. You also wont get an IPV6 address on WAN with Hyperoptic but its easy enough to assign WAN an IPV6 address staticly using a virtual ip once you know what your IPV6 /56 is
-
Hi, tried following your steps, but still no luck for me :( IPv6 doesn't seem to like me at all.
Can you help to have a look if I am setting it up correctly?
-
it actually work magically after a reboot! Thanks!!!!!
-
You might try changing the subnet mask to /64. A /56 is what you'd get from your ISP.
Here's one I set up here:
-
Thanks for all the input; I think I'm nearly there but it is still not routing any traffic over IPv6.
I set up as above, including the virtual IP as a3sx, and finally the WAN_DHCP6 has come up and is green (it wouldn't without the virtual IP). Amazing, never worked before. I took the address from configuring 'none' on WAN ip6 and seeing the loopback address after reboot (where does this come from??) it starts fe80::My devices on the LAN are getting IP6 addresses and I can see leases on 'DHCPv6 Leases' status screen.
My devices are getting IPv6 addresses starting with 2002:89dc... etc, could this be based on my delegated prefix? (Where do I see the prefix I got?)Yet when I open browser and do an IPv6 test all IPv6 tests fail. If I ping 'google.com' over ipv6 on diagnostics on the webUI it fails as well.
Feels like it's close but there is still something wrong.
Pfsense+ 23.01If somebody would be able to look at my screenshare I'd send them money for a beer in the pub!
thanks B