Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?
-
I have an issue where my IPv6 routing for the LAN stops working. Link-Local stops working, Public IPV6 stops working. PFsense continues to work, but the LAN doesn't work. I've been trying to get IPv6 working on my Comcast business line, but I have not had much luck. The thing that concerns me is that my Comcast modem Prefix is different from PFSense's prefix. Is that a problem? Can that result in me losing connectivity after...let's say, a day? Here is my setup. Is my setup correct?
2.7.2-RELEASE (amd64)
-
Humm.
Seeing this :
I would expect a a first prefix like this 2603:3ooa:13o5:f6oo::/64
A second 2603:3ooa:13o5:f6o1::/64
and so on, up until 2603:3ooa:13o5:f6ff::/64 being number 254.Not sure why pfSense 26o3:3ooa:13o6:o3oo::/64 came from.
But, hey, if it routes, go for it ^^
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan Exactly. That's what I thought logically would happen.
-
I'm trying to make sense of what you're talking about. You're talking about the modem address. Where do you show it? I just checked and my modem's address shares only the first 32 bits with my WAN address and neither has anything to do with my prefix.
BTW, it would probably work better if you used the number 0, instead of the letter o in the addresses.
-
@JKnott The Comcast Modem is saying the Delegated prefix (IPv6): 2603:300a:1305:f600::/56 , however PFsense is assigning 2603:300a:1306:300::/64.
-
With mine, the modem also shows a different prefix than pfSense. I suspect the modem prefix is what would be used if it was in gateway mode and not bridge mode. Regardless, if you want to see what you should get, you can do a DHCPv6 capture and examine the capture.
What modem do you have? I'm on Rogers and have a Technicolor CGM4140COM. They use the same equipment as Comcast.
-
Did you manually set the IPv6 address on your pfSense WAN interface (c) to be the same /64 of the WAN shown in the modem (a)? This is not correct. If you didn't manually set the pfSense WAN IPv6, how did you manage to make it like that?
(c) It should be within the first /64 of the "delegated prefix" (b) of the modem. WAN is usually set to DHCP6 and automatically gets the address. Then have your LAN set to track interface or manual (normally, the LAN should be able to get a /59 delegation).
--
This part, assuming it's your WAN interface setup, is also incorrect. It should not be /56. I put it as /64 and uncheck "Send IPv6 prefix hint".
-
@PlyrStar93 said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:
This part, assuming it's your WAN interface setup, is also incorrect. It should not be /56. I put it as /64 and uncheck "Send IPv6 prefix hint".
It is correct, assuming Comcast hands out /56 prefixes. That tells the ISP how big of a block to allocate. If he uses 64, he will receive only a single /64, instead of 256 of them.
-
@JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:
It is correct, assuming Comcast hands out /56 prefixes. That tells the ISP how big of a block to allocate. If he uses 64, he will receive only a single /64, instead of 256 of them.
@JKnott That should be true if he is requesting prefix from Comcast directly and not from within the modem's 2603:300a:1305:f600::/56. I still wonder how he manages to do this on a Comcast business line, it just looks like he brought in his own non-gateway modem and put the Comcast provided one aside.
When requesting prefix from the modem's /56, it will only hand out /59s and the modem doesn't seem to respect what I put there but if I put /56 it would not get a prefix if I remember correctly.
-
If he's requesting a prefix from the modem, then all he'll get is a /64 on the pfSense WAN interface, leaving nothing for the LAN. The modem has to be in bridge mode and then pfSense can request anything up to whatever Comcast offers. Gateway mode, which is what you're in if you get a prefix from the modem, is for just a simple, single prefix network, without a customer owned router in between the modem and LAN.
-
Did you solved the problem in the meantime?
If not try the following, since your Modem seem not to be in Modem-Mode but in Router-Mode:
- Switch Modem into Modem-Mode
- Switch pfsense WAN-Interface into PPPoE-Mode.
- Configure PPPoE on the pfsense (how to do so you will find Netgate help).
The pfsense will then get an ipv6-Prefix and LAN and all other subnets will also get Prefix depending from the WAN-Prefix too.
The modem will not get any ipv4- or ipv6-Adress anymore
That's how i did it with my Modem (Vigor 167), because ipv6-Prefix delegation was not working with Vigor 167 in Router-Mode very well
And in case you wanna still keep the modem in Router-Mode,
The pfsense must ask for a 57 prefix (DHCPv6 Prefix Delegation size at WAN DHCP6 Client Configuration), not a 56 prefix. If if you have the pfsense behind another Router, the prefix of the sense should ask for is 1 bigger then the prefix of the router (eg. 56 + 1 = 57).
Also the Modem in Router-Mode must be aware it will be asked for Prefix-Delegatin. I do not know about your Modem, bit i did so for testting purposes with an in Germany very popular FritzBox. By default the FritzBox does not offer prefixed to devices in its LAN. The Setup of the FritzBox neetds to be changed so the FritzBox will deliver Prefixes instead of an IP-Adress to a pfsense in the LAN of the FritzBox. -
@JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:
If he's requesting a prefix from the modem, then all he'll get is a /64 on the pfSense WAN interface, leaving nothing for the LAN.
That I know is not the case for Comcast Business gateways. The CBR-T should have a /56 prefix given if looking at the Comcast Network tab. The pfSense LAN can get a /59 from it. In my case below, 2603:X:X:6040::/59
The pfSense WAN would only need a /64 to link to Comcast's gateway, in this case 2603:X:X:6000::/64
Check the interface status, you see the PD is indeed a /59
This is despite what I put in the DHCP6 Client Configuration at the WAN. All WAN and LAN settings are just the out-of-the-box ones as if pfSense just installed or reset.
@JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:
The modem has to be in bridge mode and then pfSense can request anything up to whatever Comcast offers.
You are likely correct here, I have suspicion OP set it to bridge mode. It may be causing problems with the IPv6 routing (due to some proprietary Comcast stuff) but I don't have an environment where I can test bridge mode.
-
@eagle61 Most of these may be specific for your internet service provider but don't apply to Comcast. Comcast don't use PPPoE anywhere in their network.
-
The shown configuration for IPv6 can't work.
You did not ask specifically for a IPv6-Prefix.
But you need to do so.Go to Interfaces / WAN
Try to check the following in "DHCP6 Client Configuration"-section- "Use IPv4 connectivity as parent interface" (this might not be necessary in the US). You can check and uncheck for testing. In Europe historical reason in the Network will need to check that.
- "Request only an IPv6 prefix" This must be done if you don't ask a Prefix you will not get one
- "Send IPv6 prefix hint" Also this must be done
- also it could help to also check "Do not wait for a RA"
- last but not least: Your Modem gets an /56 Prefix. So put "DHCPv6 Prefix Delegation size" to 57 now it is set on 64
That's how it usually works behind a Router that get its own IPv6-Adress and a /56 Prefix as your NT gets it from your ISP
Give it a chance. I have had the same done just a month ago. And i did also not have done all like above before, with the same result as you experience, wrong or none IPv6, no IPv-Connection
you need not to reboot the pfsense after any change
- /etc/rc.linkup interface=[Interface action=stop
- /etc/rc.linkup interface=[Interface] action=start
in command line of your pfsense will stop and start the WAN interface.
You need to replace [Interface] with Interface of your device. In your case ixl0
If you get an correct IPv6 on WAN you have also to go to LAN and all other local interfaces.
at Interfaces / LAN- set in "General Configuration" "IPv6 Configuration Type" to "Track Interface"
- The "IPv6 Prefix ID" in "Track IPv6 Interface" can be at LAN "0" for each other local Interface, like WLAN, etc. it needs to be different, Eg 1 for WLAN, 2 for DMZ etc. The "IPv6 Interface" in this section is always "WAN"
In my case, me helped this very much:
https://docs.opnsense.org/manual/how-tos/ipv6_fb.html
Its for OPNsense, but its regarding WAN-PIv6 configuration the same as pfsense
And this was also helpful:
https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html -
I am not sure why everything is working, but it's working. Perhaps my configuration will be of assistance in the future.
