Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Matureness of IPv6 generally

    Scheduled Pinned Locked Moved IPv6
    19 Posts 5 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK
      keyser Rebel Alliance @Gertjan
      last edited by

      @Gertjan Hi Gertjan. I know it can be done like you do it (Did not know it would delegate a /64 however).
      But I just think its cumbersome and annoying as he** to have all that translation and workarounds active. Besides, one of my sites is a remote site where there is no staff to help me out if something goes south with the VPN, and it’s just nice to have the Public IP directly in that case.

      I’m using this particular SFP: https://www.fs.com/de-en/products/133619.html
      in two SG-2100’s, but I had one mounted in my SG-6100 briefly (same NICs as the SG-4100), and it works there to.

      It works completely flawlessly, and all you have to do is register your Livebox GPON Serialnumber and Vendor code in a SSH session (see lafibre.org). Then it’s permanently good to go. Both of mine have been working for 2 years without issues now. The only issue is not Fiber/link related but rather Oranges required DHCP options and lately pfSense’s “quirky” 802.1q tagging of DHCP frames. But it’s no problem getting it to work on IPv4 (and IPv6 on other firewalls). 100% stable im both my cases.

      IPv6 is a different issue on pfSense as Orange requires DHCP options that pfSense does not support. So for now I’ve given up attempting IPv6 on Orange - I while back I had it running for a while using OPNsense’s DHCP6c client ported to pfSense. But I decided against this approach as it required some “hacks” I didn’t care for in upgrade situations and such.

      Love the no fuss of using the official appliances :-)

      RobbieTTR 1 Reply Last reply Reply Quote 0
      • RobbieTTR
        RobbieTT @keyser
        last edited by

        @keyser
        I'm scratching my head a little and not sure why a simple configuration, similar to mine below, would not work for you?

        My ISP provides a static /48 address block but I set it as DHCPv6, using the prefix only and set a unique prefix ID on each LAN/VLAN interface - giving them their own /64 to work with. (I understand you get a /56 but that still leaves plenty for subnetting.)

        WAN Interface:

         2023-06-05 at 15.48.01.png

        LAN Interface:

         2023-06-05 at 15.48.58.png

         2023-06-05 at 15.49.16.png

        ☕️

        keyserK 1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @RobbieTT
          last edited by

          @RobbieTT The issue is not that it does not work in pfSense. The issue is that each ISP (if you elect to skip using their CPE) uses some absurdly finicky DHCPv6 settings that takes hours and hours of packet capture analysis to decode and replicate in terms of pfSense DHCPv6 configuration. My point is that DHCPv6 is not “standard” like DHCP4 where it is HIGHLY unusual for it not to work if you just enable it.

          If the ISP then changes som settings, DHCPv6 stops working again, and you have to start over.

          Love the no fuss of using the official appliances :-)

          JKnottJ RobbieTTR 2 Replies Last reply Reply Quote 0
          • JKnottJ
            JKnott @keyser
            last edited by

            @keyser said in Matureness of IPv6 generally:

            If the ISP then changes som settings, DHCPv6 stops working again, and you have to start over.

            Then it's not a problem with IPv6. It's a problem with some ISPs. You can't make a direct comparison with IPv4, as IPv6 can do so much more, such as providing a prefix, rather than just a single address. You also don't need NAT with it, to support multiple devices.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            keyserK 2 Replies Last reply Reply Quote 0
            • keyserK
              keyser Rebel Alliance @JKnott
              last edited by keyser

              @JKnott said in Matureness of IPv6 generally:

              Then it's not a problem with IPv6. It's a problem with some ISPs. You can't make a direct comparison with IPv4, as IPv6 can do so much more, such as providing a prefix, rather than just a single address. You also don't need NAT with it, to support multiple devices.

              You are absolutely correct - in principle. But my point is that IPv6 routing - and specifically DHCPv6(-PD) and SLAAC assignments - have been changed and augmented so many times to allow for all manners of quirky needs and demands, that it takes a PHD and complete eyelevel communication with the party setting up the other end - otherwise odds are it will not work when we are talking ISP to end customer without CPE setups (not your average LAN IPv6 service).

              Love the no fuss of using the official appliances :-)

              1 Reply Last reply Reply Quote 0
              • RobbieTTR
                RobbieTT @keyser
                last edited by

                @keyser said in Matureness of IPv6 generally:

                My point is that DHCPv6 is not “standard” like DHCP4 where it is HIGHLY unusual for it not to work if you just enable it.

                Perhaps we are just beaten into submission when it comes to the horridness that comes with IPv4. All that messing with DHCP addresses, working with the constraints of NAT, no globally routable addresses for clients, reduced performance due to NAT overhead, DHCP pool allocations for WAN that can change, additional cost of static IPv4 addresses (if available), use of services such as DDNS, reverse proxies, port forwarding, UPNP etc etc.

                IPv4 is a car crash but we are just used to its many pitfalls.

                ☕️

                1 Reply Last reply Reply Quote 1
                • keyserK
                  keyser Rebel Alliance @JKnott
                  last edited by

                  @JKnott But I’m also reffering to the no-mans land of missing Name service registration, missing options for standardized central control of if clients should DNS register, not use private addresses and prioritize their use of which IPv6 address?

                  Love the no fuss of using the official appliances :-)

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @keyser
                    last edited by

                    @keyser

                    Can you show me those services for IPv4? As for address scope, IPv6 tries to use the best address type to reach the destination. If a destination has both ULA and global addresses, then ULA will be used. Nothing mysterious about that.

                    BTW, every Saturday morning, some friends and I have a video conference (we used to meet in a restaurant before COVID). One of my friends set up a Jitsi server for this. The friend where the server is located is on an ISP that does not provide consistent IPv4 addresses and so we use DDNS to reach it. However, when the address changes, my friend has to go in to make some changes, so Jitsi will work with the new address. Also, since the friend who has the server in his home uses an RFC 1918 address and everyone else is coming in from the Internet, through NAT, the server sometimes causes problems for the guy with the server in his home. Lots of fun.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    keyserK 1 Reply Last reply Reply Quote 0
                    • keyserK
                      keyser Rebel Alliance @JKnott
                      last edited by

                      @JKnott I’m not arguing that IPv4 is nice or better (or even good), because I to hate all the work and issues NAT (sometimes multiple) and limited amount of addresses introduces. I’m a huge fan of IPv6 and would love everything to go greenfield IPv6.
                      Im just questioning if that will ever happen due to IPv6’s less than stellar maturity and ease of use? Considering it’s 15 years old I think it’s appaling the amount of issues there are still present or not handled with ease.

                      Love the no fuss of using the official appliances :-)

                      RobbieTTR 1 Reply Last reply Reply Quote 0
                      • RobbieTTR
                        RobbieTT @keyser
                        last edited by RobbieTT

                        @keyser

                        I seem to remember that the draft for IPv6 was out before IPv4 NAT became a thing. Even the original author of NAT (Paul Francis?) didn't think much would come of it. Then came PIX hardware and the world changed.

                        1 Reply Last reply Reply Quote 0
                        • J jpwoodbu referenced this topic on
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.