Routed subnet
-
Hello,
I found tutorials about ipv6 but they use a tunneling provider.
i have a server at transip and they gave a /64 range in a /48 subnet.i have added a wan ip and a lan ip (ipv6) to the pfsense firewall
after this i added a dhcp scope.now the clients got a ipv6 address and are able to communicate with the firewall.
but there is no internet connection possible.i am new to ipv6
but i was thinking how does the provider gateway know what the gateway is to my internal lan?
is there someone who have experience with the situation above? and can point me in the right direction?Many thanks
Mark -
…
but i was thinking how does the provider gateway know what the gateway is to my internal lan?
...IPv6 is public exposure, not private.
The pfSense DHCPv6-Server functioning is mysterious or buggy, no success stories encountered yet.
You take the /48 on the WAN, make a new subnet /64 for the LAN, preferably Static, and depend on radvd(routing only).
-
what i did
interface>WAN
ipv4 disabled (When everything is working we will replace the current ipv4 firewall)
ipv6 static
IPv6 2A01:XXXX:XXXX:XXXX::cafe /48
IPv6 GW 2A01:XXXX:XXXX::1
interface>LAN
ipv4 static (so i can access the web interface)
IPv6 static
IPv6 2A01:XXXX:XXXX:XXXX:1::1 /64
Ipv6 gw:NoneServices > DHCP6 server / RA > LAN >dhcpv6 server
Enable
Range: 2A01:XXXX:XXXX:XXXX:1:0:0:100 TO 2A01:XXXX:XXXX:XXXX:1:0:0:1ff (in a tutorial they say don't use the :: here)
DNS: 2A01:XXXX:XXXX:XXXX:1::1
Domain name: Mycompany.local
domain search: Mycompany.local
Default lease time 86400
max lease time 86460
Services > DHCP6 server / RA > LAN > Router advertisements
Router advertisements: Assisted
Priority LOW
RA subnet 2A01:XXXX:XXXX:XXXX:1:0:0:1On my windows 7 client i first checked with dhcp enabled
after this i manual added:
IP 2A01:XXXX:XXXX:XXXX:1:0:0:2
subnet 64
GW IP 2A01:XXXX:XXXX:XXXX:1:0:0:1i can now ping the pfsense firewall
i can't ping a host behind the firewall
i can't ping the pfsense firewall on the wan interfaceon the firewall at diagnostics > ping
ping a remote ip works fine -
Not clear:
Did you test a fully STATIC LAN-setup, not DHCPv6-Server, and use it with RA on Unmanaged or Router-Only ?
And disabled WAN & LAN block bogon networks ?
And set allowance rule: IPv6 ICMP, Any to Any, in firewall rules Floating tab.page ? -
first i tried with dhcpv6
now i have a static ip in my windows 7 machine
Router advertisements was "assisted" now router only
i disabled the block private and bogon networksis it correct that the router advertisement is on the LAN tab?
i also changed the subnet from 2A01:XXXX:XXXX:XXXX:1:0:0:1 to 2A01:XXXX:XXXX:XXXX::
on the firewall tab there was no rule on the WAN tab
i added ipv6 Any Any Any Any (i know not recommend but there is nothing behind the firewall)on lan there was already a any any any any rule
still no traffic to the internet posible
-
You stated a /48.
WAN IPv6 could look like: 2A01:–--:----:1::1 (or a fe80::...)
LAN IPv6 could look like: 2A01:----:----:2::1/64Your static PC W-7 on LAN could be like 2A01:----:----:2::1234
So look carefully here, subnet LAN (:2:) must be different from subnet WAN (:1:).
Do you have such distinction ? -
…
is it correct that the router advertisement is on the LAN tab?
...Ofcourse. The LAN has its own unique public IPv6 and can have a switch with, for instance 8, computing devices on it.
Then this LAN could have its own RA settings like allow Static and (SLAAC or not). Then another LAN could only have RA for DHCP6-server.