Implemented IPV6...Still Feel Left in the Dark!

JKnott

@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:

I get a IPv6/64 but it's one single IP.

With Rogers, I get 1 address on the phone, but a /64 prefix for tethered devices. I can tether via WiFi or USB.

NollipfSense

@JKnott What if I add the prefix...but it seems that the ISP changes the IPv6 frequently...where would I add the static address manually or use a IPv6 bridge to the ULA? I can add static IPv6 for IPv6 configuration type...

JKnott

@NollipfSense

I assume your ISP uses DHCPv6-PD, unless they tell you otherwise. Is that what you do? You do not normally add the prefix manually. Have you called your ISP's support? They can tell you better than we can.

NollipfSense

@JKnott said in Implemented IPV6...Still Feel Left in the Dark!:

Have you called your ISP's support?

Yes, that's how I got the supposed news. Then, they offered a Cradlepoint 300...first, they said it's the same $55/mth but a onetime $75 charge for the modem. So, I said okay and went to checkout...the modem is free but $85/mth. I said stop, bye.

Apparently, the modem needs to have two lines, one for data and the other to pass the IPv6 prefix, hence, two sims and why the Fast5688w would not work having one line...

JKnott

@NollipfSense

That doesn't seem right. With IP either v4 or v6, it's all just one stream of data. I have set up some Cradlepoints a few years ago, and there wasn't much to set up. Of course they were only used for IPv4 and were a fallback for the ADSL connection.

NollipfSense

@JKnott said in Implemented IPV6...Still Feel Left in the Dark!:

I have set up some Cradlepoints a few years ago

The Cradlepoint they offered is a 5g...

Gertjan

@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:

does not support passing the prefix...I get a IPv6/64 but it's one single IP

Which means : you can use a -not router type- device like a PC, or a phone.

@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:

What if I add the prefix...but it seems that the ISP changes the IPv6 frequently...where would I add the static address manually or use a IPv6 bridge to the ULA? I can add static IPv6 for IPv6 configuration type...

That exactly where 'prefixes' come in.
They can change upon renegotiation (dhcpc6 activity on WAN, as it talks to the upstream DHCP-PD ISP server). If the prefix(es) change : the DHCPv6 LAN server are informed.
pfSense routing tables are modified accordingly.
At that moment, your LAN devices still have an now old and unusable IPv6 (the GUA one). From what I understand, IPv6 traffic is still possible as the device will chose to use its 'local' 0xf...... IPv6.
When your LAN devices renew their IPv6 lease, they'll get a new, IPV6 - the GUA - that will 'work'.

If you need (2023: its still "want") to access your IPv6 capable device from the internet (just a firewall rule needed, no more NAT) that the constantly changing IPv6 make this quiet impossible.

Easy conclusion : ISPs that change their prefixes often should be ... left alone without clients. That will make them think they will adapt fast.

@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:

The Cradlepoint they offered is a 5g...

5G is nice.
If the emitter is really close by.
See the pattern : with 2G, speed wasn't a thing, at most a couple of Mbits/sec but large zones were covered. Large zone means : a lot of user so speed was even worse.
3G : faster, but the signal can't travel as far: smaller zones, and speed was better as there where less user per zone. Way more expensive for the ISP of course.
4G : you know where this is heading.
5G : the best ... or worst - in everything.

My iPhone even elects to use 4G as 5G, if available, is nice for the need of speed, but its a battery drain.
Here in France : 5G : only the big (50000+ habitats) cities.

If you have a 5G nearby, that you aren't exactly living in the middle of now where, and there must be alternatives available.
If not .... don't waste your time. Do the thing that work well : you can 'live' without IPv6 for now - your 5G ISP will learn there lessons while you wait.
Or go he.net.

JKnott

@Gertjan said in Implemented IPV6...Still Feel Left in the Dark!:

5G is nice.
If the emitter is really close by.

That depends on the band(s) used. Some people seem to think 5G only uses the mmWave bands, which are short range. Some people also think it causes COVID!

My cell carrier uses a few bands between 600 MHz and 3.5 GHz (C band). I've seen over 400 Mb with 5G+.

NollipfSense

@Gertjan In this post, your range is ::2 - ::86 however, when I tried similarly, I get:
The following input errors were detected:
The specified range lies outside of the current subnet.

It seems I got it somewhat working choosing static IPv6 both on WAN and LAN. However, to get it to work, I changed the LAN IP by ending the IP 2685, while WAN 2675 When I first looked at the firewall, there was traffic going through as a ping Google.com returned resolved. Then a few minutes later:
Screen Shot 2023-10-18 at 4.11.39 PM.png
Screen Shot 2023-10-18 at 4.13.51 PM.png

So, the ISP/DHCPv6 might have shut that down...I did get the prefix delegation on WAN and DHCPv6 despite not been enabled. Then I checked WAN, IPv6 switched back to DHCPv6...so DHCPv6 must have been enabled...the only way to disable DHCPv6 on LAN is to input a correct range and if I select static now after the WAN switching to DHCPv6, I get this below...so I see how DHCPv6 can be problematic:
Screen Shot 2023-10-18 at 4.43.35 PM.png

I managed to get DHCPv6 to disabled by using the range example: https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6.html
Screen Shot 2023-10-18 at 7.25.53 PM.png
but I am still getting the input error mentioned above about WAN/LAN IPv6 IP in red.

NollipfSense

I tried and I tried...it's my ISP that's keeping me in the dark,,,their static IPv6 on the Fast5688w doesn't appear to allow pfSense LAN to communicate with WAN so RA cannot give out ULA's...