IPv6 not working on LAN - Comcast tele-worker
-
Seems like I heard something about blocking bogons causing an issue with ipv6 on on some ISPs.
-
Thanks for your reply. That was one of the first things I ran across (on Reddit of all places) and it DID help me get pfSense to acquire IPv6 addresses. However none of my machines on the LAN are getting any IPv6 info.
-
First question… are you using a Comcast gateway (modem + router in one unit), or do you have a modem-only device connected to pfSense? This can have a significant impact on what the next step might be.
-
I have a self purchased Motorola SB6121 cable modem and an old Dell PC with two ethernet NICs. I'm just trying to get ethernet connected Macs on my LAN to acquire IPv6 addresses.
-
Sounds good… in your WAN settings, check the box Send IPV6 prefix hint. That way Comcast's DHCP server will not only send an IP address for the WAN interface, it will also send a prefix to use for your LAN.
You might need to release/renew your WAN interface after making that change. If all goes well, you should see both IPv4 and IPv6 addresses for both WAN and LAN on the pfSense dashboard (assuming you have the Interfaces widget on your dashboard).
-
I've got IPv4 and IPv6 addresses on both LAN & WAN on my pfSense box.
Seems like when I had Send IPv6 prefix hint checked I wasn't getting them. -
Here's the output of ifconfig from my pfSense machine
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:23:ae:9c:e1:2d inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255 inet6 2601:4:700:4400:223:aeff:fe9c:e12d prefixlen 56 inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:02:b3:1d:9c:16 inet6 fe80::202:b3ff:fe1d:9c16%fxp0 prefixlen 64 scopeid 0x2 inet 68.43.182.xxx netmask 0xfffffc00 broadcast 255.255.255.255 inet6 2001:558:6007:14:d07:2769:ac33:ec31 prefixlen 128 nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>) status: active</full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast> -
For teleworker and I think any business class Internet from comcast, you have to set the DHCPv6 Prefix Delegation size to 56 and check the Send IPv6 prefix hint box. You may need to power cycle things to get it all working again.
-
Follow exactly. Don't get creative and don't try the /56 option first.
Get it working this way then save your config.
After it works and you have saved your setup, play with the subnet ranges all you like.
http://theosquest.com/2014/08/28/ipv6-with-comcast-and-pfsense/
I erroneously typed this in the incorrect thread earlier.
-
Here's the output of ifconfig from my pfSense machine
That ifconfig output looks good to me. Make sure you have a firewall rule on LAN to allow IPv6 traffic. Also make sure on your Macs that IPv6 is set to automatic (not manual or link-local only)… not sure what else to recommend if it's still not working after that.
-
That ifconfig output does not look good. Having a prefixlen of 56 on a LAN will break every SLAAC device out there because RADVD will advertise a /56. RADVD can become confused, as in your case, because there is a mismatch between what comcast is offering and what DHCPv6 Prefix Delegation size has been set to. You must set DHCPv6 Prefix Delegation size to 56 to match what comcast provides. This in turn will cause RADVD to offer a /64 to LAN.
If you check /etc/var/radvd.conf and the prefix line is anything other than /64 at the end, LAN connectivity will not work for IPv6. I already went through this a while back: https://forum.pfsense.org/index.php?topic=83524.0
The link provided by kejianshi even mentions the possible need for setting it to 56.
