Trying to set up ipv6 with only a /64 range

danielspa

So, i am trying to set up ipv6, but i have only been asigned a single /64 range from the ISP
I tried setting up LAN and WAN as static IPV6 configs, where i assigned the ISP range to the WAN interface and an ULA to the LAN interface, with DHCPv6 enabled on LAN and RA set as managed

Then, created a NPt rule to translate the lan range to the wan range

But this is not working

Has anyone gotten ipv6 working only with an /64 range

Bob.Dig

@danielspa said in Trying to set up ipv6 with only a /64 range:

So, i am trying to set up ipv6, but i have only been asigned a single /64 range from the ISP

Who and where is your ISP exactly?

Gertjan

@danielspa said in Trying to set up ipv6 with only a /64 range:

Has anyone gotten ipv6 working only with an /64 range

The ISP gives you a /64 so the ISQP router can 'map' that (prefix) onto the LAN, so every ISP LAN device can have its own IPv6.
pfSense is just like any other ISP LAN device, it needs an IPv6 for its WAN port, and the ISP router will give an IPv6 out of the ISP /64.

The WAN side of pfSense is set up like any other ISP LAN device :
DHCP rules as always :

and if all goes well :

This is the moment things don't look like IPv4 anymore.
On the LAN(s) of pfSense, you would be using some /24 out the the available RFC1918, and pfSEnse will happlily route between your LAN(s) and WAN.
But not so for IPv6.
You'll be needing another /64 from your ISP - known as the 'prefix', so pfSense can use it for a (one) LAN :

Whne set the LAN IPv6 setting to tracking, pfSEnse will try to obtain a prefix, often an entire /56 or 256 prefixes, and you assign one prefix out of the [0..255] to your LAN :

Here I assigned prefix number '0' to my pfSense LAN.

And here you can see how 'broken' my ISP is. My ISP routers tells me : I have & /56 for you.
But then the ISP router only gives ONE (1) prefix on any device connected to it's LAN, in my case, I've only pfSense connected to my ISP router LAN.
Long story short : I receive just 1 prefix, so my LAN can use IPv6, but other pfSense LAN interface can't, as no other prefix are available.

My ISP router says this :

That is a /56.

In your case, its even worse.
That is, if you were using only your ISP router, and its LAN, you would be fine. IPv6 will (probably) work for all connected devices. Even for pfSense, as a ISP LAN device. But not on the pfSEnse LAN(s).
You did something, not per se forbidden but also not supported by your ISP : you've added a router (pfSense) behind your ISP router. That's fine and ok and all that, but you're on your own to 'support' it.

What you can do :
Check up with your ISP - their support pages.
Check up with other ISP users.
Worst case : wait it out - your ISP will fully support IPv6, or they will bust ....
Another solution : when shopping for an ISP, add to the list : does it support IPv6 like I want to sue it ?

johnpoz

@Gertjan said in Trying to set up ipv6 with only a /64 range:

Worst case : wait it out

Or just go with a tunnel from Hurricane Electric, its FREE and they give you a /48, now you can use whatever /64s you want on your lan side networks.. You have 65K of them to work with.

This prefix doesn't change, and they allow you to set PTR on any of the IPs in that whole /48

They have lots of pops all over
https://tunnelbroker.net/status.php

So you can pick one closest to you.

Been using a tunnel from them for over 13 years.. Back when first started playing with IPv6 my isp rollout of it was very lacking.. Sucked would prob be the correct technical term ;)

Moved to HE and everything just worked, and didn't have to play with tracking and delegation, etc. My current ISP doesn't even have IPv6, and nothing I see from them points to it even being on their radar to deploy.. But I would bet a large some of money if/when they do roll it out - it will prob suck too ;)

Gertjan

@johnpoz

Somewhat thought that I already made some publicity for he.net here .. but it was somewhere else.