First time using pfsense, went through 3 ISPs. out of all three, only got ipv6 to work with one of them. troubleshooting ideas?
-
@peuga Welcome to IPv6 …. It’s not really panning out as the inventors thought it would.
IPv6 was created to open up the world and make connectivity so much easier, but most ISPs that have embraced IPv6 has used it exactly oppositly of the originial intention. Because the IPv6 RFC allows for so many “features”, ISPs have used them to create complex and very “non standard” configurations that prevents customers from using any other equipment that the ISPs own.It will likely not change anytime soon, and since IPv4 NAT seems to be able to keep up with the address scarcity, I would not expect IPv6 to become a defacto standard or a requirement globally for at least another 10 years.
-
@w0w made the changes, still stuck on pending regardless of prefix size (that was my initial setup as well, so)
-
@Gertjan had that unchecked originally, tried it out in response to a post.
i have fiber straight to the ISP's device, so it's a ONT, router, AP, Switch, alll the things combo unit. when setting it to bridge mode, it displays to you PPPoe credentials. trying to use DHCP will have the device lease you a private IP with no internet access, but with access to its interface.
No official forum or support site for my ISP, but there is a pretty involved and somewhat active forum that has a dedicated section for it. could not find any posts related to ipv6 on pfsense, but i feel like there's a decent shot that someone has a similalr setup there, yes. Tho, not entirelly sure, as there seems to be a weird preference for using a dedicated ONT + off the shelf modem or small board projects + openwrt
is a dedicated ONT worth it? (assuming they and my ISP shake hands)
-
@Gertjan making this reply as it seems i accidently repllied to the same person twice
-
@peuga said in First time using pfsense, went through 3 ISPs. out of all three, only got ipv6 to work with one of them. troubleshooting ideas?:
i have fiber straight to the ISP's device, so it's a ONT, router, AP, Switch, alll the things combo unit. when setting it to bridge mode
My ISP 'combo' (fibre to router, AP, some video/TV facilities and a phone line) shows me this :
This image tells you (should tell you) everything :
That it will propose IPv6 addresses to devices like PC's phones TV's and other stuff like routers etc in the range 2a01:cb19:907:xx00::/64 - the ISP router using itself 2a01:cb19:907:xx00:46d4:54ff:fe2a:3600 - so this networks work on the ISP router LAN.
pfSense is a device on that LAN : so :The upstream DNS (not used) = the IPv6 of the ISP box.
The IPv6 WAN of pfSense, ...92ec:77ff:fe29:392a is also on the ISP box LAN.So, up until there, somewhat comparable with IPv4 scheme.
Now for the other one : 2a01:cb19:907:xx00::/56 - actually NOT 2a01:cb19:907:xx00:: as it is already used, but all the 2a01:cb19:907:xx01:: to 2a01:cb19:907:xxff:: = 256-1 is 255 different networks or prefixes.
Because I have a pfSense LAN interface that wants (tracks) for such a prefix, it will get this one
2a01:cb19:907:xxeb:92ec:77ff:fe29:392c
Why not "01", but '"eb", I don't know.
Why not ::1 but "92ec:77ff:fe29:392c", neither.If your ISP was using DHCP6 to attribute your IPv6, you could do this :
System > Advanced > Networking :and from now one you have DHCP6 client ( pfSense DHCP6 WAN interface activity ).
That is, if your ISP is using "DHCP" to set up your DHCP6 needs.
Keep in mind : like DHCPv4, the WAN interface needs a IPv6
and
your ISP needs to have allocated prefixes for your, so you can assign them to your pfSense LANs (== router after router model)edit :
I could, technically, decide to not use the ISP router.
I could slide into my Netgate 4100 a FTP module (Fibre to RJ45).
In that case I need to know how my 4100, with the help of the DHCP6 Client, has to ask the DHCP, both for IPv4 and IPv6, server IP information.
My ISP needs specilaly crafted DHCP options for that, with the user ID, password etc encoded into the option. Both for IPv4 and IPv6.
There are sites in France, where I live, who explain how this is done, and these sites will generated the text strings needed to do so. This method is close to rocket sience.
This will work fine, but I will loose video/TV and phone capabilities. -
@peuga said in First time using pfsense, went through 3 ISPs. out of all three, only got ipv6 to work with one of them. troubleshooting ideas?:
when setting it to bridge mode, it displays to you PPPoe credentials
Can you explain this part? Do you mean that you see credentials on the modem web UI, or what?
Initially, my provider pushed their IPv6 stack over the Ethernet layer, not PPPoE. So, I had a 172.x.x.x address on the interface along with a 2001:... address. However, IPv6 didn't work—only the address was assigned. Then I started a PPPoE session, which brought an external IPv4 address.
A year or more ago, they moved IPv6 to the PPPoE side. You can also check the PPPoE logs in pf and compare them to modem logs, if you have any, to see the difference.
-
@w0w to tell you the truth, I have no idea what PPPoe is yet. When you enter the ISP device's web interface, it will straight up ask if you wanna use it as a router, or in bridge mode. When you click bridge mode, so long as you keep your device as a DHCP assignable client, their device will still lease you a private IP, but with no internet access, and after a while the web interface refreshes with a PPPoe user and password being shown. Well, once you set your client to PPPoe, using the provided credentials, it works fine.
-
Everything sounds logical and looks like a regular PPPoE. What's in the pfSense logs? Status - System Logs - PPP?
It might sound silly, but is IPv6 definitely enabled in pfSense?
System/Advanced/Networking
-
@w0w yes it is
there, logs, it requests 10 times for ipv6 config, and fails
-
This post is deleted! -
@peuga i took your word, and set the ISP device in router mode. apparently it isn't getting ipv6 either, and connecting to it via WI-FI and trying a ipv6 test, it fails.
imma try calling them, apparently it's a problem on their side (tho, even then, i might have some config problems later)