Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 on WAN but not on LAN

    Scheduled Pinned Locked Moved IPv6
    6 Posts 5 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BeNe
      last edited by

      Hi,

      my pfSense 2.3 runs on a APU1C with IPv6 enabled. My Provider here in Germany is Telekom. In front of the WAN Interface is a FritzBox Router (IPv4 + IPv6 enabled)
      I have already an external IPv6 Adress on my WAN Interface - but no IPv6 on my LAN Interface (Track Interface -> WAN)

      LAN_Bridge0 is a bridge between my WiFi Card and my LAN_Port.
      My current Settings:

      • IPv6 is enabled (System -> Advaned -> Networking -> Allow IPv6 is ON)

      • WAN Port IPv6 Config Type: DHCP6

      • DHCPv6 Prefix Delegation Size: 60 (my Provider is given me /56 on WAN)

      • Send IPv6 prefix hint is checked

      • LAN_Bridge0 IPv6 Config Type: Track Interface -> WAN

      • Floating Rules created for IPv6 ICMP and Port 546,547,1900,535

      • Block private networks on WAN is disabled

      • No DHCPv6 Server or Router Advertisments is running

      • No DHCPv6 relay is running

      My Network:

      
      WAN / Internet
            :
            : Telekom
            :
      .-----+-----.	  external Telekom IPv6 Adresse:
      |  FritzBox |       2003:XXXX:ae20:XXXX::/56
      '-----+-----'
	      |
	FB  | 192.168.217.1
        WAN | 192.168.217.2 / 2003:xxx:ae20:XXXX:20d:XXXX:fe33:XXXX 
			|
      .-----+-----. 
      |  pfSense  +
      '-----+-----' 
            |
        LAN | 172.16.17.254 / No more IPv6
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers)
	        172.16.17.0 /24

      Interface Status

      
WAN_PORT Interface (wan, re2)

Status
    up
MAC Address
    00:0d:b9:33:9c:42
IPv4 Address
    192.168.217.2
Subnet mask IPv4
    255.255.255.0
Gateway IPv4
    192.168.217.1
IPv6 Link Local
    fe80::20d:b9ff:fe33:9c42%re2
IPv6 Address
    2003:85:ae1d:XXX:20d:XXXX:fe33:XXXX
Subnet mask IPv6
    64
Gateway IPv6
    fe80::5e49:79ff:fe98:4e23
ISP DNS servers
    192.168.217.1
MTU
    1500
Media
    100baseTX <full-duplex>In/out packets
    480763/427787
In/out packets (pass)
    480763/427787
In/out packets (block)
    391/4
In/out errors
    0/0
Collisions
    0	

LAN_BRIDGE0 Interface (lan, bridge0)

Status
    up
MAC Address
    02:f4:68:8c:0c:00
IPv4 Address
    172.16.17.254
Subnet mask IPv4
    255.255.255.0
IPv6 Link Local
    fe80::1:1%bridge0
MTU
    1500
In/out packets
    520206/491235
In/out packets (pass)
    520206/491235
In/out packets (block)
    100/0
In/out errors
    0/4
Collisions
    0	

LAN_PORT Interface (opt1, re1)

Status
    up
MAC Address
    00:0d:b9:33:9c:41
IPv6 Link Local
    fe80::20d:b9ff:fe33:9c41%re1
MTU
    1500
Media
    1000baseT <full-duplex>In/out packets
    4669/0
In/out packets (pass)
    4669/0
In/out packets (block)
    128/0
In/out errors
    0/0
Collisions
    0
Bridge (bridge0)
    learning	

WLAN_BRIDGE0 Interface (opt2, ath0)

Status
    up
MAC Address
    04:f0:21:0a:71:1f
IPv6 Link Local
    fe80::6f0:21ff:fe0a:711f%ath0_wlan0
MTU
    1500
Media
    autoselect mode 11ng <hostap>Channel
    5
SSID
    SKULL-Net
In/out packets
    0/2277
In/out packets (pass)
    0/2277
In/out packets (block)
    0/0
In/out errors
    0/8
Collisions
    0
Bridge (bridge0)
    learning	

WLAN_GUEST Interface (opt3, ath0_wlan1)

Status
    up
MAC Address
    06:f0:21:0a:71:1f
IPv4 Address
    172.16.19.254
Subnet mask IPv4
    255.255.255.0
IPv6 Link Local
    fe80::1:1%ath0_wlan1
MTU
    1500
Media
    autoselect mode 11ng <hostap>Channel
    5
SSID
    SKULL-Guest
In/out packets
    0/503
In/out packets (pass)
    0/503
In/out packets (block)
    0/0
In/out errors
    0/1
Collisions
    0	

PIA_VPN Interface (opt4, ovpnc1)

Status
    up
MAC Address
    00:00:00:00:00:00
IPv4 Address
    10.199.1.6
Subnet mask IPv4
    255.255.255.255
Gateway IPv4
    10.199.1.5
IPv6 Link Local
    fe80::20d:b9ff:fe33:9c40%ovpnc1
MTU
    1500
In/out packets
    6342/6354
In/out packets (pass)
    6342/6354
In/out packets (block)
    82/0
In/out errors
    0/0
Collisions
    0	

WLAN_VPN Interface (opt5, ath0_wlan2)

Status
    up
MAC Address
    0e:f0:21:0a:71:1f
IPv4 Address
    172.16.20.254
Subnet mask IPv4
    255.255.255.0
IPv6 Link Local
    fe80::cf0:21ff:fe0a:711f%ath0_wlan2
MTU
    1500
Media
    autoselect mode 11ng <hostap>Channel
    5
SSID
    SKULL-VPN
In/out packets
    0/0
In/out packets (pass)
    0/0
In/out packets (block)
    0/0
In/out errors
    0/3
Collisions
    0	

VLAN10_DMZ Interface (opt6, re1_vlan10)

Status
    up
MAC Address
    00:0d:b9:33:9c:41
IPv4 Address
    172.16.50.254
Subnet mask IPv4
    255.255.255.0
IPv6 Link Local
    fe80::20d:b9ff:fe33:9c41%re1_vlan10
MTU
    1500
Media
    1000baseT <full-duplex>In/out packets
    8/4
In/out packets (pass)
    8/4
In/out packets (block)
    0/0
In/out errors
    0/0
Collisions
    0	

VLAN20_VPN Interface (opt7, re1_vlan20)

Status
    up
MAC Address
    00:0d:b9:33:9c:41
IPv4 Address
    172.16.21.254
Subnet mask IPv4
    255.255.255.0
IPv6 Link Local
    fe80::20d:b9ff:fe33:9c41%re1_vlan20
MTU
    1500
Media
    1000baseT <full-duplex>In/out packets
    10/2
In/out packets (pass)
    10/2
In/out packets (block)
    0/0
In/out errors
    0/0
Collisions
    0</full-duplex></full-duplex></hostap></hostap></hostap></full-duplex></full-duplex>

      On pfSense 2.2 the IPv6 was just fine on WAN+LAN. Since i updated to version 2.3 the IPv6 Adress on the LAN side is gone.
      I want to use IPv6 also on the LAN as before. Is there a way to debug the problem ?
      Anyone a hint ?

      Big Thanks!

      Kind regards,
      BeNe

      LAN.JPG
      LAN.JPG_thumb
      rules.JPG
      rules.JPG_thumb
      WAN.jpg
      WAN.jpg_thumb
      WAN2.jpg
      WAN2.jpg_thumb

      Use *BSD and feel free

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The handful of similar circumstances that have come up after upgrading to 2.3 ended up being unrelated to the upgrade, they lost DHCP6 or PD after renewal. Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.

        You sure your modem is really still handing out PD?

        What dhcp6c logs you have in the DHCP log?

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          @cmb:

          Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.

          Just wanted to point out that only one modem (the Arris SB6183) had an issue with IPv6 that I'm aware of, and the issue was actually resolved late last year. Some US cable ISPs are late to the game in testing/rolling it out because of their less than complete IPv6 systems, but one of them did have it tested and released to customers late last year or very early this year because of the fact that their network is 100% IPv6 capable, including their provisioning systems.

          Add in the new "vulnerability" (not really) regarding the reboot/reset buttons in the Arris modem web interface and now those ISP's are having to start their firmware testing process all over to get a new firmware update processed that resolves both issues.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • R
            rahvin
            last edited by

            I've got the same problem, IPv6 was tracking before the 2.3 update and now it doesn't. I haven't been able to get anything but the WAN to take a address. I've tried restarting the interface and various other things. Not sure what's wrong, but I suspect there is a bug here.

            1 Reply Last reply Reply Quote 0
            • B
              BeNe
              last edited by

              I played around with the IPv6 options on the pfSense WAN Interface.
              After i enabled "Request only an IPv6 prefix" i got an IPv6 address on the LAN.  :)
              So the main problem is fixed for me with this option.

              This was a failed DHCPv6 Log:

              
May 8 19:56:16 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
May 8 19:56:16 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
May 8 19:56:16 	dhcp6c 	51008 	status code: no addresses
May 8 19:56:16 	dhcp6c 	51008 	get DHCP option status code, len 33
May 8 19:56:16 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
May 8 19:56:16 	dhcp6c 	51008 	get DHCP option server ID, len 10
May 8 19:56:16 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
May 8 19:56:16 	dhcp6c 	51008 	get DHCP option client ID, len 14
May 8 19:56:16 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
May 8 19:56:16 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=4, retrans=17217
May 8 19:56:16 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
May 8 19:56:16 	dhcp6c 	51008 	set IA_PD
May 8 19:56:16 	dhcp6c 	51008 	set IA_PD prefix
May 8 19:56:16 	dhcp6c 	51008 	set option request (len 4)
May 8 19:56:16 	dhcp6c 	51008 	set elapsed time (len 2)
May 8 19:56:16 	dhcp6c 	51008 	set identity association
May 8 19:56:16 	dhcp6c 	51008 	set client ID (len 14)
May 8 19:56:07 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
May 8 19:56:07 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
May 8 19:56:07 	dhcp6c 	51008 	status code: no addresses
May 8 19:56:07 	dhcp6c 	51008 	get DHCP option status code, len 33
May 8 19:56:07 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
May 8 19:56:07 	dhcp6c 	51008 	get DHCP option server ID, len 10
May 8 19:56:07 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
May 8 19:56:07 	dhcp6c 	51008 	get DHCP option client ID, len 14
May 8 19:56:07 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
May 8 19:56:07 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=3, retrans=8905
May 8 19:56:07 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
May 8 19:56:07 	dhcp6c 	51008 	set IA_PD
May 8 19:56:07 	dhcp6c 	51008 	set IA_PD prefix
May 8 19:56:07 	dhcp6c 	51008 	set option request (len 4)
May 8 19:56:07 	dhcp6c 	51008 	set elapsed time (len 2)
May 8 19:56:07 	dhcp6c 	51008 	set identity association
May 8 19:56:07 	dhcp6c 	51008 	set client ID (len 14)
May 8 19:56:03 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
May 8 19:56:03 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
May 8 19:56:03 	dhcp6c 	51008 	status code: no addresses
May 8 19:56:03 	dhcp6c 	51008 	get DHCP option status code, len 33
May 8 19:56:03 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
May 8 19:56:03 	dhcp6c 	51008 	get DHCP option server ID, len 10
May 8 19:56:03 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
May 8 19:56:03 	dhcp6c 	51008 	get DHCP option client ID, len 14
May 8 19:56:03 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
May 8 19:56:03 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=2, retrans=4283
May 8 19:56:03 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
May 8 19:56:03 	dhcp6c 	51008 	set IA_PD
May 8 19:56:03 	dhcp6c 	51008 	set IA_PD prefix
May 8 19:56:03 	dhcp6c 	51008 	set option request (len 4)
May 8 19:56:03 	dhcp6c 	51008 	set elapsed time (len 2)
May 8 19:56:03 	dhcp6c 	51008 	set identity association
May 8 19:56:03 	dhcp6c 	51008 	set client ID (len 14)
May 8 19:56:02 	dhcpd 		Server starting service.
May 8 19:56:02 	dhcpd 		Sending on Socket/fallback/fallback-net
May 8 19:56:02 	dhcpd 		Sending on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24
May 8 19:56:02 	dhcpd 		Listening on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24
May 8 19:56:02 	dhcpd 		Sending on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24
May 8 19:56:02 	dhcpd 		Listening on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24
May 8 19:56:02 	dhcpd 		Sending on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24
May 8 19:56:02 	dhcpd 		Listening on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24
May 8 19:56:02 	dhcpd 		Sending on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24
May 8 19:56:02 	dhcpd 		Listening on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24
May 8 19:56:02 	dhcpd 		Sending on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24
May 8 19:56:02 	dhcpd 		Listening on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24
May 8 19:56:02 	dhcpd 		Wrote 173 leases to leases file.
May 8 19:56:02 	dhcpd 		Wrote 0 new dynamic host decls to leases file.
May 8 19:56:02 	dhcpd 		Wrote 0 deleted host decls to leases file.
May 8 19:56:02 	dhcpd 		For info, please visit https://www.isc.org/software/dhcp/
May 8 19:56:02 	dhcpd 		All rights reserved.
May 8 19:56:02 	dhcpd 		Copyright 2004-2016 Internet Systems Consortium.
May 8 19:56:02 	dhcpd 		Internet Systems Consortium DHCP Server 4.3.3-P1
May 8 19:56:02 	dhcpd 		PID file: /var/run/dhcpd.pid
May 8 19:56:02 	dhcpd 		Database file: /var/db/dhcpd.leases
May 8 19:56:02 	dhcpd 		Config file: /etc/dhcpd.conf
May 8 19:56:02 	dhcpd 		For info, please visit https://www.isc.org/software/dhcp/
May 8 19:56:02 	dhcpd 		All rights reserved.
May 8 19:56:02 	dhcpd 		Copyright 2004-2016 Internet Systems Consortium.
May 8 19:56:02 	dhcpd 		Internet Systems Consortium DHCP Server 4.3.3-P1
May 8 19:56:01 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
May 8 19:56:01 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
May 8 19:56:01 	dhcp6c 	51008 	status code: no addresses
May 8 19:56:01 	dhcp6c 	51008 	get DHCP option status code, len 33
May 8 19:56:01 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
May 8 19:56:01 	dhcp6c 	51008 	get DHCP option server ID, len 10
May 8 19:56:01 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
May 8 19:56:01 	dhcp6c 	51008 	get DHCP option client ID, len 14
May 8 19:56:01 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
May 8 19:56:01 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=1, retrans=2151
May 8 19:56:01 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
May 8 19:56:01 	dhcp6c 	51008 	set IA_PD
May 8 19:56:01 	dhcp6c 	51008 	set IA_PD prefix
May 8 19:56:01 	dhcp6c 	51008 	set option request (len 4)
May 8 19:56:01 	dhcp6c 	51008 	set elapsed time (len 2)
May 8 19:56:01 	dhcp6c 	51008 	set identity association
May 8 19:56:01 	dhcp6c 	51008 	set client ID (len 14)
May 8 19:55:59 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
May 8 19:55:59 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
May 8 19:55:59 	dhcp6c 	51008 	status code: no addresses
May 8 19:55:59 	dhcp6c 	51008 	get DHCP option status code, len 33
May 8 19:55:59 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
May 8 19:55:59 	dhcp6c 	51008 	get DHCP option server ID, len 10
May 8 19:55:59 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
May 8 19:55:59 	dhcp6c 	51008 	get DHCP option client ID, len 14
May 8 19:55:59 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
May 8 19:55:59 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=0, retrans=1088
May 8 19:55:59 	dhcp6c 	51008 	send solicit to ff02::1:2%re2

              Thanks for all your help!

              Use *BSD and feel free

              1 Reply Last reply Reply Quote 0
              • D
                daniprog
                last edited by

                Im having now the same Problem.
                Im from Germany and i don’t get an IPv6 at the Lan Interface. The Wan gets an IPv6 and the router (of my ISP) tells me it is registered with the ipv4 (Home Network) and ipv6. All on the Wan.
                At lan interface i can access the webpage.
                I made the wan dhcp6 at the ipv6 configuration type,
                Checked only the 2 ticks send ip prefix hint and debug. For the prefix Delegation size I used 64 (cause the router gets an 64 Delegation size).

                At the lan Interface I made it track interface for the ipv6 configuration type. And choosed at the bottom Wan for the track ipv6 interface and entered 0 for the prefix id.

                At dhcpv6 server & ra I disabled the dhcpv6 server and tried all router modes at router advertisements.

                I hope someone could help me. It’s really important.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.