Ipv6 comcast
-
I'm using an Arris TG862G.
Per a suggestion on Reddit, I tried changing the prefix to 56 along with sending the prefix hint and I actually got an IPv6 address for my WAN interface.
The TG862G is a gateway (router), not just a modem. You had Comcast put it in bridge mode? If not, that would explain a WAN address on pfSense and nothing else. In order to get a DHCP-PD addressing for the LAN, pfSense needs to talk directly to Comcast and that requires the TG862G to be put into bridge mode by Comcast.
You mentioned the Airport Extreme, is that truly in router mode or is it operating in bridge mode?
-
I'm using an Arris TG862G.
Per a suggestion on Reddit, I tried changing the prefix to 56 along with sending the prefix hint and I actually got an IPv6 address for my WAN interface. However, my clients weren't getting any addresses. I rebooted pfSense to see if that would fix it, but when I did, I lost my IPv6 address. My settings haven't changed, and I've tried putting it back to /64, but still no IPv6 address.
Did you set your LAN port IPv6 to track interface? Then under "track IPv6 interface" lower on the LAN page- track WAN and 0 should work.
On WAN I also have block bogons unchecked. Check your LAN firewall rules for an IPv6 outgoing rule.
Thanks for the screenshot. I finally got mine working perfectly now. Although have to try it running Windows 7 as I use Kubuntu 13.10 all the time now. I did enable the privacy using "prefer public address" in Kubuntu.
EDIT: Also, I do have Block bogon networks checked on the WAN so it's working fine with it.
-
Doesn't "prefer public address" _dis_able the privacy extensions?
-
Well, either that or it's disabled? See screenshot. I will have to research this.
EDIT: I tried to use 'prefer temporary address' setting and it disables the privacy….Hmmm
-
Seems I have to figure out how to keep Kubuntu from using my PC's MAC address in the IPv6 address space. It's not PfSense issue, it's Linux so I have to fix it.
EDIT: After some Googling found the answer. Have to add net.ipv6.conf.eth0.use_tempaddr=2 in the /etc/sysctl.conf which will force the privacy settings. The Kubuntu Network Manager GUI apparently can't change that setting. Bummer. No big deal. Long as I can change it in the config file then it's good. Have to keep eye on this since any network security updates may overwrite this. It's a known issue.
Ran a couple of IPv6 Test sites and it no longer showed my real MAC address. Yay!
-
It can change this setting; in fact, the corresponding option is right there in your screenshot: By selecting "prefer public address," you explicitly told it to use the SLAAC address (which contains your MAC) for outgoing connections; the setting you actually want is "prefer temporary address," which will use a randomly generated address (that even changes periodically) for outgoing connections. That is precisely what the IPv6 privacy extensions are.
-
Yes that would be true and I did select it. However, when I go back into it says it's disabled so had to modify the file manually.
-
Anyone who is still having problems with Comcast's native IPv6, please try a 2.1.1 snapshot, and post your experiences to the 2.1.1 board.
https://forum.pfsense.org/index.php/board,56.0.htmlAs with any snapshot builds, take care when using them. They're just automatically built with no testing. Using the "full backup" feature is always a good idea with snapshots, then you can easily revert back without reinstalling.
-
@cmb:
Anyone who is still having problems with Comcast's native IPv6, please try a 2.1.1 snapshot, and post your experiences to the 2.1.1 board.
https://forum.pfsense.org/index.php/board,56.0.htmlAs with any snapshot builds, take care when using them. They're just automatically built with no testing. Using the "full backup" feature is always a good idea with snapshots, then you can easily revert back without reinstalling.
Upgrading now to the January 25 build. Will let you know how it works. I was able to finally get my pfSense to hand out IPv6 address on the LAN but the WAN side was always trying to route across the link local address to the Comcast Netgear. From the insise I could ping6 my router LAN address and WAN address but could never get any further.
-
Give a try with a snapshot from late tomorrow since behaviour should be improved.