Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BT Full Fibre only partially functioning via pfSense Router

    Scheduled Pinned Locked Moved General pfSense Questions
    27 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MattDownes89
      last edited by

      Hi All,

      No expert in the setup but I previously had my Virgin Router in Bridge Mode and pfSense, with Unifi APs for Wifi working great. Switched to BT Full Fibre and followed other forum post etc for the configuration but my connection appears to only be partially working.

      By that I mean, I can access websites like Google, BBC etc on my laptop connected in to the switch, but can't access Speed Test . Net to check speed and when I go to IP check sites I only see an IPv6 address but it can't show and IPv4 address (I think that may help diagnose but I could be wrong...)

      I am connected direct to the ONT with no BT Router in the mix currently.

      My phone connecting to the Wifi initially said it had internet but fairly quickly decided it was connected to the network but with no internet.

      Here's what I have set for my WAN:

      pfsense settings 1.png

      pfsense settings 2.png

      And on the front page everything looks like it should be up and running quite happily:

      pfsense settings 3.png

      Anyone got any ideas of what I am missing here? I had to revert to the BT Smart Hub 2 last night to keep the family happy but would love to keep running pfSense if I can get this sorted, sadly not having much luck at the moment!

      Thanks,

      Matt

      brookheatherB 1 Reply Last reply Reply Quote 0
      • brookheatherB
        brookheather @MattDownes89
        last edited by brookheather

        I have the same settings for my BT FF500 connection and it works fine for me - also using Unifi access points. What do you get if you try https://ipv6test.google.com/ - does it show you're using IPv6? I am assuming you are using ISC DHCP?

        Do you have a firewall rule to allow IPv4+6 ICMP for ping - this may be needed for IPv6 to work correctly.

        Why do you have a WAN2 interface - what is that for? Have you tried removing it?

        M 1 Reply Last reply Reply Quote 0
        • M
          MattDownes89 @brookheather
          last edited by

          @brookheather thanks for confirming your settings are the same, I will have to try that test link later as I am back on the BT Hub currently so my toddler can watch Disney+!

          I believe the firewall rules for the LAN are the default currently - there's two separate ones for IPv4 and IPv6 and then there's a third which I changed to be IPv4+IPv6 - apologies, I can be more specific when I can get pfSense back in play.

          The WAN2 connection is a 4G Modem which is currently set up so it takes over if the main connection drops - I have tried with WAN2 disabled too but no difference!

          Connected to the BT Hub at the moment if I navigate to a "what's my IP" site I get an IPv6 starting 2a00:etc and an IPv4 starting 86.182.etc but when I was on pfSsense I got a similar IPv6 but the IPv4 would just come up "unavailable" - so, as someone who admittedly knows very little about this, I was thinking that suggested IPv6 was ok but something was wrong with my IPv4 settings somewhere and perhaps that was stopping certain sites and devices working?

          brookheatherB 1 Reply Last reply Reply Quote 0
          • brookheatherB
            brookheather @MattDownes89
            last edited by

            Did you set an IP for the WAN_PPPOE Gateway Monitoring - the default doesn't work as the BT gateway doesn't respond to pings. I have my monitor IP set to 1.1.1.1 - perhaps pfSense is thinking your BT connection is down and routing traffic to WAN2 instead which is why you don't have IPv6 working? I would keep WAN2 disabled - you shouldn't need it with FTTP?

            M 1 Reply Last reply Reply Quote 0
            • M
              MattDownes89 @brookheather
              last edited by

              @brookheather I have changed mine to 1.1.1.1 as well and disabled WAN2 but you make an interesting point, I wonder if that failover is still trying to kick in and reroute to WAN2, potentially even if WAN2 is disabled?

              Think that'll be my next thing to try, removing all traces of that failover and disabling WAN2 and see if that does it!

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                If you're only seeing IPv6 for clients you might have a NAT issue, IPv6 is not NAT'd. Check the outbound NAT rules. If you eve changed the mode to manual you'd need to update them or switch back to auto/hybrid.

                But, yes, that setup absolutely should work.

                Steve

                1 Reply Last reply Reply Quote 1
                • F
                  ficti0n851
                  last edited by ficti0n851

                  Hi,

                  I had been scratching my head for some time with BT Business FTTC and IPv6, my symptoms were similar. I could not access this forum when IPv6 was enabled, but I could ping all IPv6 addresses on the internet.

                  Through trial and error and a lot more head scratching I found my issue, turned out to be Baby Jumbo Frames on the WAN interface instead of normal MTU of 1492.

                  My setup is a bit different as I use Proxmox as a hypervisor and Pfsense as a VM, I use vmbr0 interface in Proxmox for vtnet0 LAN in Pfsense and another seperate NIC vmbr1 to use for WAN.

                  Pfsense is setup for PPPOE and IPv6 set to DHCPV6.

                  In Proxmox vmbr1 is set to MTU of 1508
                  In Pfsense the WAN interface MTU is set to 1508
                  In Pfsense WAN advance options tick Force MTU and enter MTU of 1500 in Link Parameters

                  With your setup you should just need the last two lines and ignore Proxmox settings.

                  I dont know why this works or if its the right way to do it but it works.

                  Everything is now working for me perfectly except my dashboard firewall log does not show source ports anymore.

                  Strange!

                  Hope this helps,

                  fic.

                  M 1 Reply Last reply Reply Quote 2
                  • M
                    MattDownes89 @ficti0n851
                    last edited by

                    Thanks for all the suggestions, finally getting an opportunity to look at this properly again today - wish me luck! 😄

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      MattDownes89 @MattDownes89
                      last edited by

                      OK, so now I have IPv4 working (not 100% sure what setting made that work...) but IPv6 not. If I go to the ipv6test.google site it says I don't have ipv6 and if I go to an IP Checker I get an IPv4 Address showing (the BT 82.X.X.X one) but no IPv6.

                      In pfSense I do see an IPv6 address from the WAN:

                      e7dbcc1b-a3a5-42df-9f40-a753ae6eb8f6-image.png

                      Any ideas what I might be missing?

                      brookheatherB 1 Reply Last reply Reply Quote 0
                      • brookheatherB
                        brookheather @MattDownes89
                        last edited by

                        @MattDownes89 So what are your DHCPv6 Server settings? Have you set the IPv6 Prefix ID on the LAN settings under Track IPv6 Interface?

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          MattDownes89 @brookheather
                          last edited by

                          @brookheather thanks for continuing to help, I have LAN set to track interface and then this:

                          87861cac-0d37-450f-b429-0d5d320ab800-image.png

                          But when I go to the DHCPv6 Server it's not enabled...

                          2a3864bc-5e8c-406f-96da-6f68b107e559-image.png

                          Guessing this is the issue? Only trouble is... I don't remember ever configuring these before so I don't actually know what should be set in here?

                          Any help appreciated, apologies for only having a basic level of understanding!

                          brookheatherB 1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            That's fine. How do you have the WAN and LAN configured for IPv6 though?

                            It's probably at least mostly corret since it has pulled a prefix and is using it on the LAN.

                            Go to Diag Ping in pfSense and try to ping out using IPv6 there. Does that work? If not what error is shown?

                            1 Reply Last reply Reply Quote 1
                            • brookheatherB
                              brookheather @MattDownes89
                              last edited by

                              @MattDownes89 I have my IPv6 Prefix ID set to 1 and you need to set the Prefix Delegation Size to 64 (and select Enable DHCPv6 server on LAN interface). You shouldn't need to change any other options though personally I set the IPv6 DHCP address pool range from ::d:1 to ::d:ffff so it's obvious that the IPv6 address comes from the DHCPv6 server.

                              M 1 Reply Last reply Reply Quote 1
                              • M
                                MattDownes89 @brookheather
                                last edited by

                                OK, so here's the WAN Settings:

                                41d838c0-68d1-4097-a841-8fe6a405d81c-image.png
                                7907cef4-fd93-4bba-8e20-710cff1912cc-image.png

                                And the LAN Settings:

                                dd01bdae-c1b6-419b-bb46-8442e97541c2-image.png
                                14ac47f2-39a1-4d26-b073-0db2ef44dfbd-image.png

                                And then the DHCPv6 Settings:

                                f19d9d99-4c24-409e-be2f-b1f4b3db64a5-image.png
                                027ed63d-1b6c-4e2d-a8de-dcefaa3839a2-image.png

                                I have no doubt I am missing something simple somewhere, I think I have probably caused myself more issues by trying to update what I had rather than starting fresh with the new ISP.

                                @stephenw10 Not sure what address to Ping to test? But if I ping the ISPs IPv6 address that's successful so it's getting that far!

                                stephenw10S 1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator @MattDownes89
                                  last edited by

                                  You should be able to set the WAN to pull a /56 prefix so you can have addresses on more than one internal interface.

                                  But if you can ping a v6 address from pfSense itself this is almost certainly an issue with assigning v6 addresses to the clients.

                                  Can we assume that your LAN side clients are not getting an IPv6 address at all currently?

                                  M 1 Reply Last reply Reply Quote 1
                                  • F
                                    ficti0n851
                                    last edited by ficti0n851

                                    Hi, not sure if you managed to get much further but heres what I got for LAN:

                                    lan-1.png
                                    lan-2.png

                                    This is for WAN:

                                    wan-1.png
                                    wan-2.png
                                    wan-3.png

                                    This is Router Advertisement as I dont use DHCPv6:

                                    ra-1.png
                                    ra-2.png

                                    PS, I noticed your DHCPv6 is allocating a /56, I only allocate /64, maybe that doesnt help.

                                    PPS, make sure you refresh your clients NIC to get new addresses.

                                    fic.

                                    1 Reply Last reply Reply Quote 1
                                    • M
                                      MattDownes89 @stephenw10
                                      last edited by MattDownes89

                                      @stephenw10 I have set to /56 as suggested.

                                      I think it is an issue on the LAN side - if I do an 'ipconfig /all' I can see my Laptop has picked up an IPv6 Address and if I look at DHCPv6 Leases I can see it in there as the only IPv6 Device on the list, but it just shows as idle/offline whereas in the normal DHCP list for IPv4 I can see all the devices on my network and the vast majority have a green tick and say they're online.

                                      0029a919-47a1-4e5a-912e-452301ce1fe9-image.png

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Hmm, what pfSense version is that?

                                        That client still has the IPV6 address.

                                        M 1 Reply Last reply Reply Quote 0
                                        • M
                                          MattDownes89 @stephenw10
                                          last edited by

                                          @stephenw10 looks like I'm up to date:

                                          e5882611-bd4b-476e-bd44-237436354907-image.png

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            You are not. Probably wouldn't make any difference for this but you should upgrade anyway. Try running at the command line : certctl rehash

                                            Then recheck. You should see 2.7.2 available.

                                            M 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.