[SOLVED] IPv6 'routing' issue (WAN <-> LAN)
-
You want to look at Firewall > Virtual IPs to see about multiple IP addresses on your WAN interface. Chances are you can do what you need as long as the IPs are routed to you.
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
You'll probably need to post more specific information if you want more specific help.
I think you're out of luck with IPv6 until you get your modem into bridge mode.
Thank you, i had a quick look at it and it looks very promising. I will look further into it when/if IPv6
is working (in bridge mode) -
Can we see your pfSense-WAN config screenshot ?
-
Link local addresses on interfaces are OK.
Looks like it's getting close to you:
traceroute6 to 2a01:170:110c:1::1 (2a01:170:110c:1::1) from 2001:470:…, 64 hops max, 12 byte packets
1 2001:470:... 0.444 ms 0.365 ms 0.311 ms
2 2001:470:... 20.509 ms 18.493 ms 27.693 ms
3 2001:470:... 26.365 ms 18.327 ms 25.308 ms
4 2001:470:0:10e::2 84.479 ms 89.593 ms 73.084 ms
5 2001:470:0:2cf::1 152.046 ms 138.959 ms 140.712 ms
6 2001:7f8:4::33b5:1 143.464 ms 147.377 ms 141.665 ms
7 2001:7f0:0:28::2 153.165 ms 153.688 ms 154.670 ms
8 2001:7f0:1:2::2 153.532 ms 157.187 ms 157.728 ms
9 2a01:170::1:2:7:0:2 159.198 ms 157.267 ms 155.856 msPut a rule on WAN passing IPv6 ICMP from any to 2a01:170:110c:1::1
You can't ping6 to the gateway address from the pfSense node itself?
The firewall is completely open, i can't ping6 the gateway or any external addresses from pfSense…
@hda:
You have set the LAN Static. That's OK. It needs Services: Router advertisements(Router Only) or including SLAAC RA needs (Unmanaged)
I tried both setting, no change. It is set to Router Only at the moment, see attachment (i've added the DNS entries manually, ISP doesn't provide
any for IPv4/6).@hda:
Can we see your pfSense-WAN config screenshot ?
Sure, a screenshot is in the attachment.
–-----------------
I've also attached a screenshot of the interface assignment page and the first network card (em0, which is connected to the Draytek)
is shown as unassigned. just because i'm curious, is that normal? Looks odd.
-
For sure: Set block bogon network to False = uncheck
Your iface DT to WAN is OK & transparant, because you have your IPv4, right ?
Therefore IPv6 must be possible too. Just find out how(protocol pfSense-WAN) to get it from ISP.I would test to use config: dhcp6 & use IPv4 connectivity & prefix & delegation size =/48, if SLAAC doesn't yield.
Just experiment with the combinations. ;)
DNS servers go in: System: General Setup
-
@hda:
For sure: Set block bogon network to False = uncheck
DNS servers go in: System: General Setup
Ok i've disabled the bogon block, but i still can't ping6 from the pfsense node, ping6 from the LAN
side the gateway or external addresses time out and ping6 from WAN to the gateway doesn't work at all.
(Not even from the link-local address)@hda:
Your iface to WAN is OK & transparant. Because you have your IPv4, right ?
Therefore IPv6 must be possible too. Just find out how(protocol pfSense-WAN) to get it from ISP.Yes, IPv4 is working fine. On the draytek IPv6 must be set to PPP, i don't know in which way the
whole process differs to SLAAC if it does at all. But the link-local addresses look ok, it 'should' work.
Maybe after all the fiddling around with settings over the last 2 days i need a clean default setup
to start from the beginning (also the draytek box) and then it will all magically work out… -
If you changed the configs/interfaces/"fiddling", then a reboot of the pfSense will do.
You do not have to worry about the DT anymore, it is not relevant w.r.t. pfSense IPv6 config.
The pass-through/bridging works, just as with IPv4, it works for IPv6 too.You have to experiment with IPv6 pfSense-WAN config's, (including rebooting pfSense), to find out how the ISP wants to communicate for IPv6.
Even the MTU value matters for IPv6. (I work with 1492 on WAN & LAN).
-
I had very little time over the last 2 days but today i finally got it right, IPv6 is working.
The trick was to set the WAN interface config to 'None' for IPv6, i saw that after a reset to
default and no IPv6 configuration at all the WAN side got it's SLAAC address and
the correct ISP gateway address. After setting a static IPv6 on the LAN interface ping6
finally could reach external IPv6 addresses.Thank you for all your help and time on this!
-
Good for you :)
…
The trick was to set the WAN interface config to 'None' for IPv6, i saw that after a reset to
default and no IPv6 configuration at all the WAN side got it's SLAAC address
...Did you set pfSense-WAN to None for IPv6 and got a SLAAC working ???
-
@hda:
Good for you :)
…
The trick was to set the WAN interface config to 'None' for IPv6, i saw that after a reset to
default and no IPv6 configuration at all the WAN side got it's SLAAC address
...Did you set pfSense-WAN to None for IPv6 and got a SLAAC working ???
EDIT: I didn't mean SLAAC address but link local address. SLAAC was disabled.
Yes, when i set up the Draytek box last year my ISP explained their process
to me and it worked with the setting 'PPP' which is basically the same as
pfsense's 'None'.
So the ISP is only giving out the IPv6 gateway address,
no prefix and this happens through the PPPoE connection.
Took me a week of back and forth with Draytek support and a few calls
to ISP when eventually i got an email from my ISP's admin that he downloaded
the manual of my Draytek box and he told me to set it to 'PPP' which tells it to
get the gateway address via PPPoE and to set a static IPv6 on the LAN side.
That worked. But i didn't expect this to work exactly the same way with pfsense
as well… -
OK, sounds plausible. Would you be willing to show us the final settings of the DTv130 for this case ?
-
@hda:
OK, sounds plausible. Would you be willing to show us the final settings of the DTv130 for this case ?
I've added a few screenshots, they're a bit messy, i didn't clean up the config yet.
