Unable to communicate with https://packages.pfsense.org.
-
The best piece of advise I can give you is to start with a basic configuration and build it up testing at each stage. Don't try and do everything in one go.
@ kejianshi: Hexadecimal limbs, why didn't I think of that. ;)
Steve
-
So what IPv6 are you using on the lan side if that is your public?
inetnum: 2800:160::/32
status: allocated
aut-num: N/A
owner: Gtd Internet S.A.
ownerid: CL-GISA-LACNIC
responsible: Manuel Suanez Berrios
address: Moneda, 920, Piso 11
address: 6500712 - Santiago - RM
country: CL -
@johnpoz, I had this previous config which might have changed as I was playing around…
VLANCER, 2800:160:17c5::1:1 /52 VLANSEM, 2800:160:17c5::1:2 /52 and so on...@stephenw10, you are correct, step-by-step, the only thing I want by now is to establish connection from my pfsense server to my default public GW first then to the world using ipv6 address –no DNS at first :-)
Our DNS servers would be
2800:160::2 2800:160::1Thanks for your kind replies!
-
/52 ?? yeah that would not be correct..
-
Sleeping - Look at this when I wake.
-
@johnpoz /52 is not correct? I thought it could be subdivided in 16 networks with this… any suggestion?
-
min size of ipv6 segment is suppose to be /64, you can get a /48 for example from say tunnel broker HE, they route that to you via your tunnel then you can break that up into as many /64 you want.
-
But those VLANs have the same subnet, no?
-
I have had great success with a /48 for WAN and handing out /64s on all interfaces, including openvpn interfaces.
I do want to experiment with something like a /52 on the WAN and handing out a limited number of /64s after. (tried before and failed)
Why? Because some data centers for some odd reason are still hesitant to hand me a /48. Maybe all they have is a /48 themselves?
I know thats a crap configuration, but it would solve problems for me also to get that to work.
I will soon have a chance to try that… "soon" according to the data center.
However, as previously stated, if you want IPV6 now, getting a HE IPV6 tunnel works super well.
-
@stephenw10, yes, those VLANs had the same /52…
@kejianshi, I will better go with /64, so I will post here how it goes...
In any case my "problem" is pinging from pfsense to my default route (even though both ips answer from the Internet)...
pfsense <----> default GW 2800:160:17c5::2/48 <----> 2800:160:17c5::1 /48I don't know why but I'm still thinking the ipv4 way, I resist to waste so many addresses :-)
Thank you guys for following up…
-
/64 on the wan is near useless. You really want to be able to give each LAN/OPT interface a /64
-
@kejianshi I'm sorry I wasn't clear… I want first to get this two addresses to communicate each other (pf <-> gw) using the /48 mask... only then I will change the /52 to /64 configs for my internal networks...
Any suggestion as to how troubleshoot this pf <-> gw issue? It's worth saying that this problem presents only for ipv6. It works fine in ipv4...
I'm folllowing this document, but I have done it twice for the WAN part and I still don't find anything :-
https://doc.pfsense.org/index.php/Connectivity_TroubleshootingThank you again
-
Just to let you know that I finally could establish comm between pf <-> gw . I'm almost sure it was a fw rule, but I touched so many little things… now I'm going to subnet using /64... Thank you all for your kind support.
-
Its really difficult to help figure out IPV6 without seeing your settings. For me anyway. But I'm glad its working for you.
-
Hello,
Just to let you know that my IPv6 is working now, again it seemed to be a faulty firewall rule. Once the connection established between my "pfsense" <-> "default isp gw" everything else went fine.
. public addresses 2800:160:17C5::/48
. internal addresses 2800:160:17C5:1~4::/64Initially I messed up with dhchpv6, then manual ipv6, finally stateless :-) and it works all right!
Again, thank you all for your great comments and support!