So close on IPv6 yet so far away - Can't get to internet over IPv6 despite everything seeming to be in place.
-
Yes indeed. The setting changes recommended by @JKnott did work, I'm just pouting about having the IPv6 range dictated inside my network, but I can get over that.
DHCPv6
Router Advertisement
DNS
Yes on LAN IPv6
Also IPv6 is not turned off on the firewall
-
Change the DHCPv6 delegation size to 56 or whatever your ISP provides. With 64 you'll only get a single /64. I just realized 64 was from back in the days when Rogers only offered a single /64. Now they provide a /56. I have corrected that link.
Eventually I do get a LAN IPv6 address to show, but as expected it is a address of external origin.
Since I think the ISP is providing me the range?Is the take away from this? You can't run a different internal range for IPv6 than the external range or you can't route on PfSense? That seems wrong.... :(
Yes, you will get public IP addresses, which is what the Internet gods intended, before NAT messed things up.
-
@JKnott
I guess I will have to adapt to the new way of things.:Thanks for all your help!
-
Delete these two hardcoded DNS entries :
you don't need them.
And the day your ISP decides to give you another prefix, you've broken DNS ... -
So you are aware I am running windows Domain controllers at this site. I modified them as required for the Prefix provided by the earlier steps.
DNS is working just fine
Back here I left myself some IP's for use on static devices
And I'm using this IPv6 address as the gateway address on the statically assigned systems
-
This post is deleted! -
This post is deleted! -
All screen look, fine to me.
IPv6 uses 'prefixes' for the LANs, your ISP has 00->ff = 256 available.
Can't see if that worked out fine, as you've hidden them ^^Where I've difference :
where the third gateway is my OpenVPN server, so that's valid.
But my WAN has an Ipv4 and IPv6 mode DHCP.I don't understand your LAN gateway ... neither the 3 ? WAN gateways.
You have DHCP for IPv4 and DHCP6 for IPv6 - so the first two are the correct ones.
Btw : just for the fun : don't ping 2001:4860:4860::8888 (and 8.8.8.8 and 8.8.4.4) as that's a DNS server IP. Not a ping answering machine.
The day 'they' decide not to answer to a ping because this costs them a lot of bandwidth and bandwith == expensive they will shut down the ping answer. Result : your networks go down.
Solution : ping a nearby ISP-based IPv4 and IPv6 upstream device that answers to ping.
You pay your ISP (right ?) : they are payed to answer to your traffic, your pings so your pfSense can "test" the connection.Image the situation : Google 8.8.8.8 goes down. As a result, half the planet will lose it's Internet connection (as dpinger will detect the ping loss, and continuously restart the WAN interface).
That will be the day I will be ROFL all day long.
It happened : remember Facebook being down all day ? -
@Gertjan
Thank you for the reply.In the end it was pfBlocker that was causing the problem. I didn't have to change any configuration, since they were not blocking anything. But I turned it off and on... now it all works.
I will try and find the correct pings to monitor. Not really sure, but I will as the ISP. Thanks.
-
@br8bruno said in So close on IPv6 yet so far away - Can't get to internet over IPv6 despite everything seeming to be in place.:
Not really sure, but I will as the ISP
They will ask you to execute a traceroute to, for example, 8.8.8.8
The second, third, maybe fourth IP listed is theirs - on of their equipment. Pick any of these, as long as they answer to ping.
Further on, you'll will find the main 'highway Internet core routers'.
