IPv6 to PFsense Lan behind Fritz!Box 6360
-
Yes but how to make that without using "track interface" is the big question.
No big question at all. Remove the FB !
Because, as you apparently misunderstand, the (FB-pfSense) setup will not work (reliably) without Track Interface.You might though guess & succeed with trying the subnet value "fc", but as soon as you reboot FB such will be lost.
-
Would be nice if you could comment without the attitude.. no misunderstanding.
I am simply asking the question Can It Be Done Now and if no then is it in the pipeline for pfSense for this type of scenario.
As your opinion is use "Track Interface" or loose then I will simply wait until I can get a firmware update for the FB that would allow me to bridge/switch ISP router or pfSense makes a hail mary.
-
You're basically asking for instructions on how to statically configure a dynamically assigned prefix. This is not a missing feature in pfSense; it just doesn't make sense.
-
Also, what you really want is not getting rid of track interface, but rather allowing DHCP6 settings to be configured on a tracking interface. It's already running a DHCP6 server; this is purely a GUI limitation. I opened an issue on this in Redmine over a year ago, but going by the complete lack of responses, it doesn't seem like this is on anyone's radar at ESF.
-
Well, thank you for the response/info anyway.
My questions have been answered, my current setup can not be solved at this stage for this network setup.
So options are to somehow get FB out of the picture or wait for a feature that might or might not be added. -
You can definitely use a private address on the pfsense WAN. That will work.
And if you must have IPV6 on the pfsense, you can get a GIF interface from Hurricane Electric.
That way you can assign a static /48 ipv6 to pfsense.As long as you can open ICMP for ping on the router connected directly to the internet it should work.
Its not exactly what you asked about but it gets you both IPV4 and 6 on pfsense and your fritzbox.
-
You can definitely use a private address on the pfsense WAN. That will work.
And if you must have IPV6 on the pfsense, you can get a GIF interface from Hurricane Electric.
That way you can assign a static /48 ipv6 to pfsense.As long as you can open ICMP for ping on the router connected directly to the Internet it should work.
Its not exactly what you asked about but it gets you both IPV4 and 6 on pfsense and your fritzbox.
I have tested HE and SixXS on the pfSense using GIF but have not been able to get it to work behind the FB. The connection from FB to pfSense is a "Exposed Host" connection so FB is not blocking anything but I am still not able to get the GIF connection to work.
Will try to set it up again as that would indeed fix my issue and that was the first configuration I tried the first time almost a year ago (and a few times since then with different pfSense versions.
-
It can be done - Trust me.
For example, I have a home network here that is crap.
Its a DSL connection and access to things like allowing ICMP is blocked.
Basic port forwarding is all that can happen in this apartment, so not able to set up HE here or IPV6.
Soooooo - I took a machine, installed a Linux Mint VM and a pfsense VM.
Then I set pfsense as openvpn client to a server I have running in the USA.
Then I set the endpoint of the HE tunnel as the machine in the USA.
But all the rest of the HE IPV6 settings I installed on the pfsense VM running here.
So, I get USA IPV4 and a /48 here, on this pfsense, but the GIF interface is tunneled through my machine in the USA.
All that because my ISP here blocks ICMP by default.
Where there is a will, there is a way.
-
I have tested HE and SixXS on the pfSense using GIF but have not been able to get it to work behind the FB. The connection from FB to pfSense is a "Exposed Host" connection so FB is not blocking anything but I am still not able to get the GIF connection to work.
Note that forwarding TCP and UDP (which is most likely what your "exposed host" setting does) is not sufficient; you'll need to forward protocol 41 (6in4) as well.
-
Ended up opting out and getting a Cisco EPC3825 that can do both pure bridge and "IP Address Pass-through " feature. In other word no double NAT issues and Fritz!Box half locked config from operator.