So close on IPv6 yet so far away - Can't get to internet over IPv6 despite everything seeming to be in place.
-
Here's Rogers pfSense configuration. How does it compare with what you have?
-
Have you enabled dhcp IPv6 and router advertising? Do your DNS server list contain some IPv6 servers to resolve with? Does your LAN have IPv6 also assigned to it?
-
@JKnott
Changes made to WAN as per your recommendation
I am still getting the same IPv6 address as before.
Changes made to LAN as per your recommendation
Eventually I do get a LAN IPv6 address to show, but as expected it is a address of external origin.
Since I think the ISP is providing me the range?Is the take away from this? You can't run a different internal range for IPv6 than the external range or you can't route on PfSense? That seems wrong.... :(
Worse yet is the results when I test the implementation.
https://www.whatismyip.com/ give me my devices IPv6 not the external IPv6 of my firewall.Feels like I'm hanging my bum out on the internet for all to see rather than directing them to the firewall, but maybe I'm just been sensitive.
-
Yes indeed. The setting changes recommended by @JKnott did work, I'm just pouting about having the IPv6 range dictated inside my network, but I can get over that.
DHCPv6
Router Advertisement
DNS
Yes on LAN IPv6
Also IPv6 is not turned off on the firewall
-
Change the DHCPv6 delegation size to 56 or whatever your ISP provides. With 64 you'll only get a single /64. I just realized 64 was from back in the days when Rogers only offered a single /64. Now they provide a /56. I have corrected that link.
Eventually I do get a LAN IPv6 address to show, but as expected it is a address of external origin.
Since I think the ISP is providing me the range?Is the take away from this? You can't run a different internal range for IPv6 than the external range or you can't route on PfSense? That seems wrong.... :(
Yes, you will get public IP addresses, which is what the Internet gods intended, before NAT messed things up.
-
@JKnott
I guess I will have to adapt to the new way of things.:Thanks for all your help!
-
Delete these two hardcoded DNS entries :
you don't need them.
And the day your ISP decides to give you another prefix, you've broken DNS ... -
So you are aware I am running windows Domain controllers at this site. I modified them as required for the Prefix provided by the earlier steps.
DNS is working just fine
Back here I left myself some IP's for use on static devices
And I'm using this IPv6 address as the gateway address on the statically assigned systems
-
This post is deleted! -
This post is deleted! -
All screen look, fine to me.
IPv6 uses 'prefixes' for the LANs, your ISP has 00->ff = 256 available.
Can't see if that worked out fine, as you've hidden them ^^Where I've difference :
where the third gateway is my OpenVPN server, so that's valid.
But my WAN has an Ipv4 and IPv6 mode DHCP.I don't understand your LAN gateway ... neither the 3 ? WAN gateways.
You have DHCP for IPv4 and DHCP6 for IPv6 - so the first two are the correct ones.
Btw : just for the fun : don't ping 2001:4860:4860::8888 (and 8.8.8.8 and 8.8.4.4) as that's a DNS server IP. Not a ping answering machine.
The day 'they' decide not to answer to a ping because this costs them a lot of bandwidth and bandwith == expensive they will shut down the ping answer. Result : your networks go down.
Solution : ping a nearby ISP-based IPv4 and IPv6 upstream device that answers to ping.
You pay your ISP (right ?) : they are payed to answer to your traffic, your pings so your pfSense can "test" the connection.Image the situation : Google 8.8.8.8 goes down. As a result, half the planet will lose it's Internet connection (as dpinger will detect the ping loss, and continuously restart the WAN interface).
That will be the day I will be ROFL all day long.
It happened : remember Facebook being down all day ? -
@Gertjan
Thank you for the reply.In the end it was pfBlocker that was causing the problem. I didn't have to change any configuration, since they were not blocking anything. But I turned it off and on... now it all works.
I will try and find the correct pings to monitor. Not really sure, but I will as the ISP. Thanks.
-
@br8bruno said in So close on IPv6 yet so far away - Can't get to internet over IPv6 despite everything seeming to be in place.:
Not really sure, but I will as the ISP
They will ask you to execute a traceroute to, for example, 8.8.8.8
The second, third, maybe fourth IP listed is theirs - on of their equipment. Pick any of these, as long as they answer to ping.
Further on, you'll will find the main 'highway Internet core routers'.
