Ipv6 not working on comcast
-
The only way to get a IPv6 address from Comcast is to have a D.O.C.S.I.S 3 cable modem. I know that our gateways are dual stack however I have seen issues where if you are using IPv6 then the IPv4 will not work. I will have to check on it when I get to work today but I'm not sure if we are providing IPv6 service to the residential markets yet. You are correct our CMTSs are capable of IPv6. Seems to me you may want to put your interface to DHCP and see if you pull a address. PfSense treats interfaces that are DHCP enabled as WAN interfaces. I'm not a IPv6 engineer so the information that I provide is from my own research.
Just as a disclaimer I am in no way speaking on behalf of Comcast. I am just a PfSense fan that happens to work at Comcast.
-
zoom 5341 is docsis 3.0 and supports ipv6, but Comcast doesn't seem to officially support it.
I am just confused how I am getting an ipv6 address on my WAN interface in pfsense.
-
I am comcast in the Chicago area… And not sure if pfsense completely, or partly comcast.. But yeah the ipv6 native stuff is not very stable.. Sometimes you get an address, sometimes it goes away on renewal.. There is has been a long running thread about ipv6 issues here
http://forum.pfsense.org/index.php/topic,59996.0.htmlIf you want to help pfsense with ipv6 the report your issues for sure, maybe the above thread would be a good place?
But yeah all you should need to do is
- DHCPv6 on the WAN
- prefix delegation size - 64
- on LAN interface, for IPv6 select "Track Interface", set to interface "WAN"
This use to work no issues, then it went all blooie.. Now what is odd, is if you fire up m0n0wall I got an ivp6 working bing bang zoom.. But I like pfsense better.. So for the time being until I have time to play more with it, if you want stable IPv6 -- I suggest get a tunnel from hurricane electric.. Not quite as fast as native (depends how close you are to pop) But very stable, and your ipv6 address is not always changing.
Even when ipv6 was working with pfsense - you reboot and you would have different lan segment. Doesn't play nice when your wanting to use static ipv6 on the couple of boxes your playing with it on, etc.
-
that doesn't just happen to comcast I think, because I am seeing the same thing over here, I am in New Zealand and on a vDSL2 connection.
and I did manage to get ipv6 on LAN interface working but ipv4 would be broken like Mike said in above post.I did this by tick "Request a IPv6 prefix/information through the IPv4 connectivity link" in WAN setting page -> Save -> untick "Request a IPv6 prefix/information through the IPv4 connectivity link" -> Save
after that my LAN gets ipv6 address but pppoe or ipv4 will not work anymore no matter what I do and I will need to rollback everything to the old setting (working config backup file) to get it back up again, which means no more IPv6 and back to square one. -
Okay I did some research and found some good information from www.comcast6.net I was correct in the fact that if you want to use IPv6 right now you will have to have a gateway; our telephony gateway which we in house call a "Dorey".
Quoting from www.comcast6.net:
IPv6 support launched for the Arris Touchstone Telephony Wireless Gateways
Details
Published on Sunday, August 04, 2013
Comcast is pleased to announce that on on July 26th, 2013 we launched IPv6 support for two device models that are widely used by our customers, specifically the Arris Touchstone Telephony Wireless Gateway Modem TG852G (NCS) and the Arris Touchstone Telephony Wireless Gateway Modem TG862G (NCS). Comcast's customers who live in areas where we have deployed support for IPv6 across our broadband network and that are using one of the devices above will seamlessly be enabled with dual stack support. We have worked closely with the ARRIS Group, Inc. to develop the support for IPv6 that will be used by millions of Comcast customers nationwide.The only problem is who wants their PfSense router behind a NAT? I guess with IPv6 it wouldn't matter since there is no such thing as a private IP but a majority of the web is still IPv4 and you might have some issues with VPN and VoIP. If you turn IPv6 on PfSense today and you don't have one of these gateways you will likely get a link local address which will start with fe80: think about this like the same thing as a AAPIPA (Automatically Assigned Private IP Address) or in other words 169.254.X.X which will not allow you to surf the internet.
Again I'm no IPv6 engineer so I'm talking from the point of view with no actual experience so take this part for what it's worth (Everything that I'm going to state is just book knowledge). To use IPv6 you will need:
1. Operating system that can do IPv6 (Windows 7/8 +; FreeBSD not sure which versions; Linux not sure which version)
2. Dual Stack (Meaning a IPv6 and IPv4 address on your machine)
or
3. Some type of IPv4 to IPv6 Tunnel Service or vise versa like Hurricane ElectricI know that in Windows it will use IPv6 address before it will use IPv4 and if the site you are going to visit has a quad-A record for it, it will take you there no issues. If not then you will probably get a page can not be displayed. Or atleast I'm think this is what's happening. I have a Dorey here in my office so I will do some testing and report back to you all.
-
That info is clearly not fully transparent from comcast.. I can tell you for a fact! Since I am on comcast in chicago area that have had native ipv6 working on pfsense where I got a /64 on the lan via the instructions given above.
It use to work with pfsense without any issues, then like I said it went a bit strange hit or miss, issues, etc. Now a month? or so ago fired up m0n0wall, click bang zoom – got a /64 to use on my lan side.. And I do not have their gateway nonsense. I have a simple Motorola SB6120 docsis 3 modem.
I don't know who puts up the info on that site - but think it is lacking at best to be honest.
-
I think that's simply a misunderstanding of what that blurb is intended to say. From how i read it, all it says is that IPv6 support is now also available on these gateways. It's been working on my DOCSIS3 modem for a while now.
-
casoah, what does IPv6 address on your WAN look like?
-
Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.
What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices. Is it only in certain markets, major? Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.
-
Yes to be clear I'm not saying that if you don't have a gateway you will not get IPv6 support but if you have a Gateway you will get dual stack IPv4 and IPv6 in areas where available.
Okay here are my findings:
I hooked up a gateway and I did indeed pull a IPv4 and IPv6 address. I then tried to surf IPv6 only websites like ipv6.google.com and whatismyipv6.com (I think it will do IPv4 too) and both sites worked. I then tried to go to ipv6.google.com through my PfSense setup (which is not connected to the gateway currently) and the page timed out.
When I when into the gateway my IPv6 prefix was 2001: on my computer my prefix was 2601:
I then tried to go to some IPv4 sites and I had no issues. It seemed a little slow for the first page to load up but then going from page to page was no issue. The Gateway has 50 Mbps down/ 20 Mbps Up service.
So I have confirmed that I am getting IPv4 and IPv6 Service out of the gateway. The next logical step is to connect it to the PfSense that I have here at my office to see if I can get it to pull an IP. I have a WAN2 that I use to use but currently have it disabled (Perfect).
So I connected the "Dorey" to WAN2 enabled the interface and disabled IPv4 and Enabled DHCP6 on the WAN2 interface but I only got a link Local (fe80:) address. I was using an old snapshot of the 2.1 RC from May I think so I updated it and now I'm stuck at the packages are currently being installed screen. However I'm not pulling an IP. I don't know what kind of NIC I'm using but I think it has Ralink chipset. The NIC shouldn't matter right? I will report back with more info as I get it.
-
casoah, what does IPv6 address on your WAN look like?
2001:558:6047:101:3d4d:16a:52c:510
i changed a few numbers here and there
-
OK, that looks good (i.e., not 6to4 or something like that). Should have a prefix length of 128. As was pointed out earlier, the following configuration should give you a 2601::/64 prefix on the LAN side:
- On the WAN interface page, set "IPv6 Configuration Type" to "DHCP6" and "DHCPv6 Prefix Delegation size" to 64.
- On the LAN interface page, set "IPv6 Configuration Type" to "Track Interface," set "IPv6 Interface" to "WAN," and set "IPv6 Prefix ID" to "0"
- I would also uncheck the "Block bogon networks" box on both the WAN and the LAN, as there have been issues with these being overly broad for IPv6 and blocking legitimate (and required) traffic.
- After everything is set up, I'd go ahead and just restart the router to make sure everything comes up right.
That configuration works for me, anyway.
-
Oh, hehe. It is actually working with the track interface. My desktop just was not getting an ipv6 address. I checked my laptop and ipv6 is working perfectly.
I saw this http://www.techunboxed.com/2012/08/how-to-disable-ipv6-in-windows-8.html and for some reason my registry already had ipv6 disabled… weird
-
Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.
What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices. Is it only in certain markets, major? Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.
Heres a list of Comcast Officially supported cable modems. The next to last column has "IPv6" support check mark next to it.
http://mydeviceinfo.comcast.net/For the record. I have comcast in virginia, usa using a Motorola SB6141.
Comcast -> SB6141 -> Pfsense -> Smart Switch -> Glorious Home Gigabit Network
-
Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.
What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices. Is it only in certain markets, major? Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.
Heres a list of Comcast Officially supported cable modems. The next to last column has "IPv6" support check mark next to it.
http://mydeviceinfo.comcast.net/For the record. I have comcast in virginia, usa using a Motorola SB6141.
Comcast -> SB6141 -> Pfsense -> Smart Switch -> Glorious Home Gigabit Network
That list shouldn't be taken too seriously. My zoom5341 isn't supported under the ipv6 checkbox and it works perfectly.
-
What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices. Is it only in certain markets, major? Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.
Want to know if Comcast has deployed IPv6 in your area?
http://comcast6.net/index.php/8-ipv6-trial-news-and-information/108-want-to-know-if-comcast-ipv6-is-availableDisregard the references to "IPv6 trial".
-
After a kernel panic, ipv6 stopped working for me.
in my logs it says
Aug 26 18:51:52 radvd[35678]: version 1.9.1 started Aug 26 18:51:52 radvd[35678]: IPv6 forwarding setting is: 0, should be 1 Aug 26 18:51:52 radvd[35678]: IPv6 forwarding seems to be disabled, but continuing anyway. Aug 26 18:51:57 radvd[35936]: attempting to reread config file Aug 26 18:51:57 radvd[35936]: resuming normal operationif I ssh into pfsense and do ping6 google.com it works fine
however on my computers if I try to connect to an ivp6 address it just times out, even though I am assigned ipv6 ips.
Nothing has changed in the firewall rules.
For a release candidate this feels a bit buggy ;x
Also if I disable ipv6 on the LAN interface and under advanced ->allow ipv6 is unchecked
computers still get an ivp6 address and under status ->interfaces LAN still has an ipv6 addresss
Only way to get rid of it is with a reboot
-
I was able to get IPv6 to work on a Arris EMTA TM822G following the instructions by razzfazz. I just wanted to share some things that I have learned trying to wrap my head around this IPv6. If you connect your computer to a a Docsis 3 modem that supports IPv6 and it's available in your area you will get an IP with a /128 netmask however if you connect it to a router that supports prefix Designation then your WAN IP will be /128 and your LAN IP will be /64. If you have multiple subnets then your router will need to support IA_PD which is Identity Association for Prefix Designation which Comcast will allow you to have up to a /60 which would give you 32 subnets by my count (5 bits) according to this site http://forums.comcast.com/t5/Home-Networking-Router-WiFi/ipv6-64/td-p/1780034. which should make the IA_PD (which PfSense calls IPv6 Prefix ID) go from 0 - 1f but PfSense has it from 0-f which would indicate only 16 subnets. (If you only see 0-0 its because your prefix is 64 if you lower it your values will change) Have I counted wrong? I am currently testing IPv6 on multiple subnets and I will report back on my findings tomorrow, as of yet it is not working.
I hope I have cleared somethings up for anyone that was confused like me. Not really sure how I feel about having all my devices having public IPs but I'm glad I have PfSense protecting me. Also something that I have noticed is that I'm missing /61 in my prefix drop down on WAN Interface. I am currently using 2.1-RC1 (amd64) built on Mon Aug 26 01:13:05 EDT 2013.
On a side note I had installed tinc but never used it so I uninstalled it but it stilled remained on the menu. IPv6 didn't start working until I installed that package back. I do not have it enabled and not really sure why it would have affected IPv6. Could have been coincidental but just wanted to put that information out there.
-
/60 is only 16 /64 subnets:
/64 = 1 /64 subnet
/63 = 2 /64 subnets
/62 = 4 /64 subnets
/61 = 8 /64 subnets
/60 = 16 /64 subnets -
Correct I'm borrowing 4 bits from the /64 which would only be 16 subnets (It was late last night when I was working on this). I am still missing the /61 subnet under WAN is anyone else seeing this? Is this by design? Also I have not been able to an IPv6 address working on more than one interface. Right now I am only trying to get a IPv6 working on my LAN and WiFi subnets but when I change the WAN PD to /63 and set the LAN prefix to 1 and the WiFi prefix to 0 I can not pull a IP on those interfaces. Has anyone else tried to get IPv6 working on more than one interface. Not sure if the problem is on the PfSense side or my ISP's side. I'm running 2.1-RC1 (amd64) built on Mon Aug 26 16:50:31 EDT 2013 FreeBSD 8.3-RELEASE-p10
