Setting up IPv6 on my Netgate
-
Re: How to setup IPv6 for Comcast or similar ISP?
I have a Netgate firewall and followed the steps in the above post with a re-annotation below. One of the options is on a different page than the post mentions. I can see that my wan port now has an IPv6 address. However, my WAN_DHCP6 address that is showing up in my gateway is still my link local address. I reset my router and tried to delete and create a new gateway and it wont let me. How do i clear this error?
Is there any issue with my below configuration? D
I checked all the following options…
System → Advanced → Networking
- list itemAllow IPv6
- IPv6 DNS entry
- Do not allow PD/Address (the post mentions this is in WAN.)
- Hardware Large Receive Offloading
Interfaces → WAN
- IPv6 Config Type DHCP6
- DHCPv6 Prefix Delegation size 64
- Do not wait for RA
- Block private networks and loopback addresses
- Block bogon networks
Services → DHCPv6 SERVER
- Enable DHCPv6 server on LAN interface
- Prefix was already set
- Address range ::1000 to ::2000
- Enable DNS Provide DNS servers to DHCPv6 clients
- Cloudflare DNS:
- 2606:4700:4700::64 AND 2606:4700:4700::6400
Services → Router Advertisements
- Router Mode: Managed - RA Flags [Managed, other stateful], prefix flags [online, router]
- priority: normal
- DNS Server 1: 2606:4700:4700::64
Firewall → Rules → Lan
- IPv6 rule automatically created and mirrors the IPv4 rule
System → Routing → Gateways
- WAN_DHCP6 gateway automatically created
Intefaces → Lan
- IPv6 Configuration type = track interface
- Under the Track IPv6 interface section select WAN as the IPv6 Interface
-
What you've show above looks good.
For myself, I never had to visit "System → Advanced → Networking" and check or uncheck things.On the Interfaces-> WAN interface, I don't have
Block private networks and loopback addresses Block bogon networksas my ISP does what it should do : it can't and won't route RFC1918, and I never saw 'bogons' IPs neither.
Services → DHCPv6 SERVER
Cloudflare DNS: 2606:4700:4700::64 AND 2606:4700:4700::6400Not needed.
You've invested your time, efforts, blood and tears to put in place a pfSense that can handle just fine.
And the you tell your LAN clients to do their DNS 'elsewhere'.
Why ?Firewall → Rules → Lan
Like this :You could also group these two rules together.
To do :
Check 'basic' IPv6 of your ISP and ISP router first.
On pfSense, what does Status > Interfaces show ? Did the WAN get an 'IPv6 Address' ?Like this :
Access the ISP router GUI.
Any info about IPv6 is shown over there ? -
@CatSpecial202 said in Setting up IPv6 on my Netgate:
Interfaces → WAN
DHCPv6 Prefix Delegation size 64WIth Prefix Delegation size 64 you can't get any valid smaller prefix for lan or other local networks.
What is the prefix size your ISP offers you: usually they offer /56 (at least here in Germany), sometime /48 or /60 and seldom just /64
If your ISP offers you a /56 you shall also ask for a /56 if you are directly connected to the ISP. If you have a Router inbetween (eg. ISP -> router -> pfsense) you shall then ask for a /57 prefix, since the router will use the /56 prefix.Here you will find more helpfull informations:
https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html
https://docs.opnsense.org/manual/how-tos/ipv6_fb.htmlAnd this seems to be comcast specific:
https://forum.netgate.com/topic/165929/comcast-residential-64-delegation -
@CatSpecial202 said in Setting up IPv6 on my Netgate:
However, my WAN_DHCP6 address that is showing up in my gateway is still my link local address
Are you sure it's your link local address? Or the gateway? Go to a command prompt and run ifconfig to see what yours is. I suspect that it's different from the gateway address shown in your example. Also, it's entirely normal to have a public IPv6 address on the WAN interface, but use a link local address for the gateway.
