IPv6 Comcast not working - overlapping v6 prefix delegation subnets?
-
Sorry guys just saw this post. I had posted about this weeks ago in another thread. This is only for Comcast as far as I know, but if you live in the north east right now the CMTS's are not setup to deal with a prefix any larger/smaller than /64. See http://forum.pfsense.org/index.php/topic,65724.15.html
Below is a link if you private message the OP of the forum he can tell you if this feature is supported yet in your area. He will need the CMAC of your cable modem. DON'T POST YOUR CMAC IN THE PUBLIC.
-
I've tried sending the /56 as the hint, and it's still not working. Haven't had a chance to look at a packet capture yet, but I may end up having to call Comcast, which isn't really my first choice, but I don't know what else to try.
Did you try changing the MAC address on the WAN interface?
-
I've tried sending the /56 as the hint, and it's still not working.
Also, this will definitely not work on Comcast; as far as I know, the shortest prefix they'll hand out is a /60.
-
Finally found success, thanks to Kolinger's statements. I've been requesting a /60 trying to get this to work to no end.
Requested a /56 on WAN with DHCP6, and then setup the other interfaces for Track Interface. When selecting Track Interface, I then hit Save, and once the page refreshes, I then enter the Prefix ID, hit Save again and then Apply Changes. Then did the same for my other interfaces, then rebooted.
Once rebooted I got a proper /128 for WAN and a /64 for each of my other interfaces using the proper Prefix ID on each interface. In the screen below you can see I used 1d for LAN, 2e for WLAN, and 3f for DMZ as Prefix ID's. Any computer connected to these interfaces gets a proper IPv6 address within the correct /64 prefix ID that was setup.
Ran a test at http://test-ipv6.com and got a 10/10 using a PC behind each interface so all is working now. ;D
 -
Below is a link if you private message the OP of the forum he can tell you if this feature is supported yet in your area. He will need the CMAC of your cable modem. DON'T POST YOUR CMAC IN THE PUBLIC.
I went ahead and posted a question in the Comcast forum.
Did you try changing the MAC address on the WAN interface?
No, I'd rather not do that unless I absolutely have to–it should just work.
-
Back to IPv4 unfortunately. Every 48 hours I was losing my WAN connection, I assume during the DHCP renew and the cable modem would show loss of sync in its log files. Back to IPv4 and my connection is back to rock solid.
-
Back to IPv4 unfortunately. Every 48 hours I was losing my WAN connection, …..
Everything or did you just loose the IPv6 addressing?
If you are loosing the IPv6 addressing, uncheck "Block bogon networks" under the WAN interface configuration. It's a known IPv6 DHCP-PD killer.
-
I'm losing everything, IPv4 and IPv6 addresses which requires a reboot to get back online.
-
Been playing with this all day until I found this thread.
Comcast Business and pfsense 2.2.5
I found a previous guide that suggested a /64 prefix int he Wan config for comcast. I got an address for the WAN /64 and a similar prefixed address for the LAN but at a /60
All my workstations only registered the link local address. Couldn't get them to route correctly save for the various link-local addresses
Once I set my prefix to /60 and rebooted everything seems to be working fine. I am getting expected "real" IPv6 addresses to all the workstations that request the.
Just a reboot, didn't have to wait a week or reset the mac addresses on my WAN
Hope that helps someone.
-
I can verify that in the Kansas City area that /56 prefix would not work. I changed it to /60 and Comcast immediately served up IPv6 networks for LAN and DMZ without a reboot.
-
neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
Monty -
neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
MontyResidential customers can request a prefix as small as /60… business customers can go down to /56. I have Comcast residential service and request a /60 with no problem.
A note though... if you have already requested a /64, you'll need to let that lease expire (or find someone at Comcast that can delete it for you) before you'll be able to request a /60. So turn off IPv6 for 7+ days, then change the prefix request to /60 and turn it back on.
-
I have some bad news on this.
Same problems, didn't get a /60 or /56, pfsense would drop the wan connection every few minutes, everything went unstable, reboots sometimes fixed.
At a different office in town I manage, the comcast business router there is a Netgear, and it got a /60 and works just fine and was easy to setup with pfSense 2.2.5. Everyone is happy. 10/10 on the ipv6 tests. yay.
Eventually I broke down and called Comcast to see if they could release my Router's mac address and hopefully re-issue a range, they didn't and said they would not, and anything I read on the internet about Comcast techs doing so was wrong and those people were very naughty.
Helpfully, they suggested I google the problem and that the SMCDG3 router I have was probably setup wrong. Then I was wished a nice day.
So I goggled and found this:
http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/SMCD3G-CCR-and-IPv6/td-p/11117
TL:DR you have the SMCDG3 Comcast Business router, you are not going to get a /60, you will only ever get a /64.
The ipv6 configuration pages of the SMCDG3 (not working /60) and the Netgear (Working with a /60) look very different.
For the other office I am at (SMCDG3), I gave up and installed a Hurricane Electric Tunnel.
Anyway, if you have a SMCDG3 and can get a /60 let me know how you did it.
If you have a different device let us know and disregard.
Good luck.
-
TL:DR you have the SMCDG3 Comcast Business router, you are not going to get a /60, you will only ever get a /64.
The ipv6 configuration pages of the SMCDG3 (not working /60) and the Netgear (Working with a /60) look very different.
For the other office I am at (SMCDG3), I gave up and installed a Hurricane Electric Tunnel.
Anyway, if you have a SMCDG3 and can get a /60 let me know how you did it.
If you're using a Comcast-supplied gateway device (it's both a modem and router) because you have a static IPv4 address, then there's not much you'll be able to do, unless there's an advanced setting somewhere that allows DHCPv6 on the SMC to allocate a smaller prefix size.
But if you don't have a static IPv4 address, then you should be able to put the gateway (this should be possible with any of Comcast's gateway devices) into Bridge mode, so that it functions as a modem only, not a router. Then you can connect your pfSense box to one of the ports, and should be able to get up to a /56 with business-class service, as the DHCP response would be coming from Comcast's servers, not the gateway.
-
@virgiliomi:
But if you don't have a static IPv4 address, then you should be able to put the gateway (this should be possible with any of Comcast's gateway devices) into Bridge mode, so that it functions as a modem only, not a router. Then you can connect your pfSense box to one of the ports, and should be able to get up to a /56 with business-class service, as the DHCP response would be coming from Comcast's servers, not the gateway.
Good to know, but each location has a static block of ipv4.
I dug into the Netgear at the far office that is working wonderfully with ipv6, maybe the models will help with some others
IPV6 works with a /60 and supports a /56 Vendor Name Netgear Hardware Version 1.04 Serial Number 2B-----blah-------- Firmware Version V3.01.05 Operating Mode Residential Gateway System Uptime 7 days 01h:40m:46s Date 11 - 16 - 2015 Time 13:26:58 Where IPV6 doeesn't work with a /60 Vendor Name SMC Networks Hardware Version 1.01 Serial Number H----blah---- Firmware Version 3.1.6.56 Operating Mode RG System Uptime 001 days 14h:57m:08s Date Nov-16-2015 Time 13:29:03 -
Just thought I would add my experience here as reference for anyone -
I just swapped out older modem for newer model. I was lucky enough to get an Arris TG1682G. By default I tried a /64 setting and it worked. I asked Comcast to disable the built-in WiFi so as not to interfere with my separate AP. They "say" they put it in bridged mode but the external IPv4/v6 addresses are not the same as what shows on my WAN interface on pf. Not sure if it should be that way or not?
I could not get IPv6 to work on the previous junky Technicolor modem they had given me. The new Arris worked BUT only after I rebooted my pf box. Again, not sure if that is coincidence or something that must be done. The IPv6 waters are very murky ones still. lol
Anyway, I also put in more private DNS servers from DNSWATCH and OPENINCPROJECT. Personally, ever since Cisco bought OpenDNS, I don't trust it any more.
;DNow…just for laughs I'll share this -
When I initially had no IPv6 address being assigned to the old router I called into Comcast Cust. Svc. and got past the robo Tier 0 automated help and got the typical Tier 1 brain dead human, I explained I just wanted confirmation that I could actually get an IPv6, etc. before I went through all the trouble of config, swapping modems, etc. The guy actually started READING about IPv6 to me while we were on the phone!!!! :o He had no clue what I was talking about.After I got the new modem and called in to have the WiFi shut off, a different brain dead Tier 1 'hooman' started telling me that the WiFi was built into the modem and there was no way to shut it off...and then I had to teach HER how she would have to transfer me to a higher tier so they could do their thing! I mean honestly Comcast! I shouldn't have to teach your people how to do their job. It was actually quite funny...but UGHH!! I cannot imagine the nightmare and hair-pulling the average tech illiterate customer must go through just to get help.
-
neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
MontyResidential and it is hit and miss. Checked it today an no IPv6. Uptime 47 days. Rebooted and IPv6 is back.
