Ipv6 almost working?
-
You've showed the LAN IPv4 settings, but not the IPv6 settings.
It's important and just below :
-
@Gertjan The only difference I see with mine, which is working , is in the DHCP6 Client Configuration in the LAN settings.
After changing it you may have to disable and then reenable the WAN interface to get a IPv6 address.
My prefix may be different to yours as well as it for BT uk.
-
@Fandangos said in Ipv6 almost working?:
What am I missing here?
You were using "ipconfig".
But you want to see all the answers.
Useipconfig /all -
On the LAN.
-
When I set it like this, it stops receiving a ipv6 address on LAN.
Also this setting, use ipv4 connectivity as parent, doesn't work either.
Also having SLAAC on WAN results in ipv6 address but nothing on LAN.
So now I'm trying like this:
-
@gsr23000 said in Ipv6 almost working?:
The DHCP6 service configured with the proper IP range (you also need to tick the enable checkbox)
This is the tricky part, how do I figure out the ip range I can use?
I'm using ::1000 to ::2000
-
GOT IT WORKING!
settings for future reference
-
..... and netflix doesn't work with ipv6... :(
-
My post was in response to @gsr23000 who was talking about configuring DHCPv6.
-
@Fandangos The IPV6 range is the same as I use. pfSense has a limit of /64 on this size of the subnet (which is still plenty enough)
I think the only thing that was missing for you was RA.
One thing though, I don't remember the details, but I've seen recommendation to skip the 0 as the IPv6 prefix ID.
That said, your screenshot shows (hexadecimal from 0 to 0), so you might need to have 0.
In my setup I have (hexadecimal from 0 to ff). This might be an ISP thing.
Anyway, glad to hear that it is working now -
@JKnott DHCP6 for IPv6 is what worked for me. Like with everything in life, that is one way to solve a problem.
-
@Fandangos said in Ipv6 almost working?:
..... and netflix doesn't work with ipv6... :(
You sure?
host netflix.com
netflix.com has address 3.225.92.8
netflix.com has address 54.160.93.182
netflix.com has address 3.211.157.115
netflix.com has IPv6 address 2600:1f18:631e:2f84:4f7a:4092:e2e9:c617
netflix.com has IPv6 address 2600:1f18:631e:2f85:93a9:f7b0:d18:89a7
netflix.com has IPv6 address 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
netflix.com mail is handled by 5 alt1.aspmx.l.google.com.
netflix.com mail is handled by 5 alt2.aspmx.l.google.com.
netflix.com mail is handled by 1 aspmx.l.google.com.
netflix.com mail is handled by 10 aspmx2.googlemail.com.
netflix.com mail is handled by 10 aspmx3.googlemail.com.Seems to me they have some IPv6 addresses. I have heard there's an issue if you get IPv6 from he.net, as they think you're coming in on a VPN.
-
@Fandangos said in Ipv6 almost working?:
..... and netflix doesn't work with ipv6... :(
The device that connects to Netflix has to use an IPv6.
Do a DHCP release all, and then renew, or, restart it.
I see :
which means : no IPv4 what so ever.
-
@Gertjan That is a neat trick. Could you please share how did you get that info ?
-
-
@Gertjan Very useful tool. Thank you for sharing.
-
Sorry for the late reply.
It's not that ipv6 doesn't work at all with netflix, it's that movies won't play at all.
With the error 'This title is not available to watch instantly.'I've seen on reddit that this is because netflix thinks you are tunneling your connection.
Does anything from my screen captures show anything that might indicate this?https://www.reddit.com/r/ipv6/comments/evv7r8/ipv6_and_netflix/
Is this beyond what the end user is able to solve?
What I did was change router advertisement from assisted to managed so only my PC can see it.
-
@Fandangos said in Ipv6 almost working?:
I've seen on reddit that this is because netflix thinks you are tunneling your connection.
If your having problems with netflix and Ipv6 for whatever reason, they think your tunneling or just bad peering or whatever the simple solution is to just not allow your device your watching netflix on to use IPv6..
This could be done with preventing AAAA for netflix records, bit more complicated setup out of other options. There are some scripts/info for doing this in unbound about.
You could just prevent your device from using IPv6 for the netfix IPv6 space - the new ethernet rules could come in handy here I would think. Or just L3 rules to their IPv6 space. This should work but there could be delays in the device figuring out IPv6 isn't going to work and fallback to IPv4. Or it could just not work depending on the application - maybe if it thinks it has IPv6 it doesn't fallback, etc.
You could prevent your netflix playing device from using IPv6 completely by not even giving it an IPv6 address, simple way to do that would be to just put it on its own vlan and don't enable IPv6 for this network/vlan.
For my IPv6 needs, which are really none since I have yet to find a resource that is only available via IPv6 I use a HE tunnel - it works, its easy, I have a /48 to do with what I will, I can set PTRs for any of the IPv6 address space out of my /48, it doesn't change because the ISP wants to give me another prefix, its static set so I can use any /64 out of the /48 I want on any of my networks. There many advantages to using it - but yeah netflix has been known to block HE IPv6 space because sure you could be tunneling your traffic through any of their worldwide pops and circumventing geo restrictions for different library access in netflix, etc. There maybe other services that do the same sort of blocking.
I do use IPv6 now and then, and it for sure is the future.. And I would recommend if your interested or have some actual need for it - say your IPv4 is cgnat only and you do want to provide some sort of external access to different services IPv6 can be used - keeping in mind that vast chunk of the planet has no IPv6 even deployed yet. My isp doesn't provide it, and there is nothing on their road map for doing so any time soon.
Turning on IPv6 is going to bring its own pain, its way more than just a longer IP address. So if you want to use/play with it - more than likely there is going to be a learning curve. Sure it should just work, but to be honest that is far from the case - from what I have seen many ISP deployments are far from optimal, which sure doesn't help.
Filtering access via IPv6 brings its own challenges, especially for someone that is new to firewalls in general, etc. IPv6 loves to use multiple addresses, client could have more than one IPv6 address - and you can not really be sure which one it will use for any outbound connection, and they can change all the time. So filtering stuff via IPv6 needs to be really done at the network/vlan level for anything on that network via just say a specific IPv4 address that you know the client has. Unless you can turn off these temp IPv6 at the client/application and make sure your device only uses 1 IPv6 address that you can filter.
If it was me and I really wanted IPv6 for my network use, and I was having a problem playing netflix from my stick or tv, etc. I would just not enable IPv6 for the network I put that device on. If some mobile device via wifi, I would just setup another ssid where one has IPv6 and another does not, and when I wanted to use netflix on that wireless device I would just connect to the non IPv6 ssid.
-
@Fandangos
I had some ipv6 weirdness when I moved to pfSense but switching from SLAAC to Assisted / DHCP resolved them all.
Everything works, including Netflix.
️ -
@Fandangos said in Ipv6 almost working?:
https://www.reddit.com/r/ipv6/comments/evv7r8/ipv6_and_netflix/
Is this beyond what the end user is able to solve?
That was years ago (the reddit post : more the 4 years). When Netflix, like everybody else started to use IPv6. Netflix, for very understandable reasons don't want me to look at season 10 of Walking Dead, while it's already old and out in other countries. They use my IPv6 to 'know' where I connect from.
The thing is : they had not mapped the entire Ipv6 into a a GEO IPv6 database to determine where I connect from. [
and now they know that they will never be able to do so, as there isn't enough materiel on planet earth to build all the hard disks to store this database ]
Some IPv6 ranges, tough, are already listed : the ones from huricane.net for example, some sort of VPN IPV6 supplier. I was using them as they offered a good IPv6 implementation (way better as many ISP today).The solution was an easy one : pfBlockerng !
Like this :
There is a list on this forum with all (there are several) netflix domain names that you have to enter.
Netflix, from then on, will be accessed over IPv4, and you'll be fine.
