Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Comcast native ipv6 for network devices.

    Scheduled Pinned Locked Moved IPv6
    45 Posts 7 Posters 34.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator
      last edited by

      Not going to do that remote for sure ;)  Don't want to lock myself out - but give it a try when I get home for sure and let you know.

      Thanks!

      edit:  Well that seemed to work..  But couldn't not get to any ipv6 address once I removed the tunnel.  Going to bring up a clean vm to play with the native stuff.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      1 Reply Last reply Reply Quote 0
      • D Offline
        databeestje
        last edited by

        Should just work, could well be some left over config from the tunnel or one of the clients not releasing the old tunnel prefix.
        Reboot pfSense, reboot the clients and see if that fixes it.

        There have been a few cases where some clients will not release the old prefix eventhough we Advertise the old prefix as being discontinued. It would still be valid for about 3 minutes after that.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          I did reboot after removed the tunnel.

          Just going to play with it on a clean vm..  If that all works out, then just stay with that vm, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Ok finally got around to playing with this with a clean vm, no he.net tunnel setup before, etc.  I grabbed the latest ova and booted right up.  I get ipv6 on wan, and the tracking gives me ipv6 on lan.

            But does not seem to find a ipv6 default route?

            Here are some screen shots of route table, console showing IPv6 addresses and mask and gateway widget showing doesn't have one, etc.

            I just run an gitsync this morning as well, just a few minutes ago and reboot..  How do I get it to get default ipv6 route?

            noipv6defaultroute.jpg
            noipv6defaultroute.jpg_thumb
            routesipv6.jpg
            routesipv6.jpg_thumb
            configscreen.jpg
            configscreen.jpg_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              Ok still not working???  WTF?  I believe that comcast has enabled ipv6 everywhere.  Atleast in chicago this shows it is enabled
              https://maps.google.com/maps/ms?msid=213069112737090935874.0004c1d17d71a22c5d721&msa=0&iwloc=0004c1d17d788f5a044ed

              Updated my comcast ipv6 vm to the latest, its gets an ipv6 on its wan.  But even pfsense can not get anywhere via ipv6 when using ipv6 from comcast.  HE works great.  Comcast native not so much ;)

              Any help - more than happy to let someone in that could take a look remotely to why not getting any default route for ipv6?

              Ok maybe its not really enabled. Shouldn't I be seeing RA on my wan interface with a simple tcpdump command

              example
              tcpdump -n -i em1 -vv ip6

              not getting nothing..  Seems odd?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              1 Reply Last reply Reply Quote 0
              • D Offline
                databeestje
                last edited by

                Look like that is a crowdsourced map of deployment, which might be faulty.

                I see other threads in a forum I frequent where people claim to have IPv6 but it turned out to be a link-local.

                If you do not see a RA on the WAN you don't have to try. They support both SLAAC and DHCP6 on the WAN so yes, you should see atleast RA messags.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  yeah not seeing those..  Guess not available here for routers yet.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • W Offline
                    whfsdude
                    last edited by

                    @johnpoz:

                    tcpdump -n -i em1 -vv ip6

                    Unless I'm missing something, those screenshots above show you with a DHCPv6 address. Also you're running tcpdump on the wrong interface according to those screenshots. It should be em0.

                    Comcast's gateway should be the LL address on the interfaces page.

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      databeestje
                      last edited by

                      No, that looks more like a stateless autoconf address, you get that one for free, but that would atleast imply that something is advertising.

                      I just setup a test box here and it worked, I did need to enter atleast 0 in the prefix id field on the LAN interface for the "Track interface WAN" section before it configured a prefix on the LAN. After a reboot nonetheless.

                      Still need to polish those edges.

                      1 Reply Last reply Reply Quote 0
                      • B Offline
                        bardelot
                        last edited by

                        @databeestje:

                        No, that looks more like a stateless autoconf address, you get that one for free, but that would atleast imply that something is advertising.

                        Maybe one could add the radvdump binary to pfsense (or have it as a package) as I assume it could help a few to ease debugging their IPv6 setup?

                        1 Reply Last reply Reply Quote 0
                        • W Offline
                          whfsdude
                          last edited by

                          @databeestje:

                          No, that looks more like a stateless autoconf address, you get that one for free, but that would atleast imply that something is advertising.

                          It's actually not. Comcast RAs have the managed flag set on them. Mine looks the same and it's not SLAAC.

                          Also 2601::/28 is Comcast's prefix they're assigning via PD.

                          My guess is somehow the LL gateway isn't being added. It would really help if the OP could post a screenshot of his interface page.

                          For example, mine is: Gateway IPv6 fe80::201:5cff:fe32:1481

                          1 Reply Last reply Reply Quote 0
                          • D Offline
                            databeestje
                            last edited by

                            Maybe johnpoz is willing to give me access to his install for debugging?

                            1 Reply Last reply Reply Quote 0
                            • W Offline
                              whfsdude
                              last edited by

                              Just to update with more info as to what a Comcast deployment is.

                              13:54:58.045607 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 80) fe80::201:5cff:fe32:1481 > ff02::1: ICMP6, router advertisement, length 80
                              hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 30000s, retrans time 1000s[ndp opt]

                              Screenshot of interfaces: http://willscorner.net/tmp/comcastic.png

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                databeestje
                                last edited by

                                Yeah, that screenshot looks healthy.

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ Offline
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  Yeah more than willing to give access to take a look..  Just PM me when would be good time for you to access, and I can send you the info to remote in.

                                  I have got a comcast guy on another forum checking for sure if should be available in my area.

                                  As to screen shots and what em – they might of swapped because I was using 2 different vms in testing this.  I had a clean vm that wasn't working and then was playing with it again on my normal vm.  So those 2 vms might be swapped for which em is wan and which is lan, etc.  Would have to double check that.

                                  edit:
                                  So if you see in the screenshots I posted I was getting Ips -- but just couldn't get anywhere, I didn't see a default route for ipv6.  But looking forward to your PM on your schedule - I should be available tonight, few hours from now to switch it over to my clean install with no tunnel setup -- can let you in for sure to take a look.  Would really really appreciate that!

                                  If you have time now I could remotely turn on remote access and let you in to current setup with HE tunnel setup, etc.  And you could play with that.  Don't care too much if you break the tunnel setup.  Doesn't matter if loose the tunnel that is currently setup, would like to go native anyway ;)

                                  edit2:  Got your PM, thanks once I hear back from the comcast guy that its suppose to be there I will let you know.  But what I am thinking is it's not there yet?

                                  So this is my normal vm, I turned off the HE tunnel.  Updated to the latest and greatest snap

                                  2.1-BETA0 (i386)
                                  built on Tue Jun 19 20:53:56 EDT 2012
                                  FreeBSD 8.3-RELEASE-p3

                                  I then run gitsysnc this morning to be sure.  Deleted my HE tunnel stuff, set wan to dhcp6, prefix delegation 64.  Then set Lan to track and 0 for prefix ID.  Rebooted.

                                  As you can see from screenshot I get a /128 and shows a /64 on my lan.. But just don't get a route out on ipv6 -- so I have highlighted that yes my wan is em1, and let a tcpdump -i em1 -vv ip6 run for like 5 minutes or so and just don't see anything!  I should be seeing RA should I not?  There should be some in a 5 minute period I would think ;)

                                  So my guess is something is not turned on at my isp for native to work yet for me.  Once I hear back from the comcast guy on another forum that is checking with my modem mac and still nothing working I will let you know and more than happy to let you in.  Happy to let you in now if you want.

                                  tcpdumpnoRA.png
                                  tcpdumpnoRA.png_thumb

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ Offline
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    I edited my last post, but does not seem to have bumped the time on the thread.  So bumpity bump ;)

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                    1 Reply Last reply Reply Quote 0
                                    • W Offline
                                      whfsdude
                                      last edited by

                                      johnpoz,

                                      Reach out in the Comcast forums on dslreports.com. It looks like they've set up DHCPv6 without RA. Just checking though, you've got a DOCSIS3 modem, right?

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Offline
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        Yup SB6120, and have PM out to netdog on that site, he responded already once - but seems I only game him the CMTS-MAC, when he needed the CM-MAC?  So now I have sent him everything I could see from the modem with any sort of mac in it ;)

                                        I thought he would need the CMTS-MAC to see if ipv6 was enabled on my connection, this is what my modem connects too right?

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                        1 Reply Last reply Reply Quote 0
                                        • W Offline
                                          whfsdude
                                          last edited by

                                          @johnpoz:

                                          Yup SB6120, and have PM out to netdog on that site, he responded already once - but seems I only game him the CMTS-MAC, when he needed the CM-MAC?  So now I have sent him everything I could see from the modem with any sort of mac in it ;)

                                          I thought he would need the CMTS-MAC to see if ipv6 was enabled on my connection, this is what my modem connects too right?

                                          Ha! He actually plucked my IPv6 from a forum posting and looked me up. Told me to kick my modem so I could grab 3 x upstream.

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ Offline
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            I also posted all my info in the comcast direct forum on that site.

                                            Well post back what I hear, but yeah it seems like just no RAs.  If comcast comes back and says it should be working, I have remote access setup for databeestje already and have PM'd him the info.

                                            I did notice your nick on that forum as well.

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.