Rogers pfSense configuration
-
What about RA?
-
What about RA? It's provided by pfSense.
-
What about RA? It's provided by pfSense.
You don't set it up, and Rogers IPv6 works with pfSense? What I was asking is your RA Configuration
-
Probably assisted. That's not really dependent on the WAN provider though.
-
You don't set it up, and Rogers IPv6 works with pfSense? What I was asking is your RA Configuration
I don't recall any special config fo RA. The info Rogers provided was for connecting to their network. How you connect to your LAN is not their concern. Normally, the router (pfSense) is configured to provide a prefix via Router Advertisements, but that's not the only way.
-
You don't set it up, and Rogers IPv6 works with pfSense? What I was asking is your RA Configuration
I don't recall any special config fo RA. The info Rogers provided was for connecting to their network. How you connect to your LAN is not their concern. Normally, the router (pfSense) is configured to provide a prefix via Router Advertisements, but that's not the only way.
Thanks.
-
I have my modem in bridge mode, running firmware 4.5.8.22… and the settings above but my WAN interface is not picking up a IPV6 IP address.
Any suggestions?
-
What modem do you have? Not all are suitable.
-
What modem do you have? Not all are suitable.
I have the Gigabit modem (Hitron CGNM-3552-ROG) - I rebooted pfSense and now I pick up an IPV6 address:
However, within pfSense, the WAN_DHCP6 gateway is down?
WAN_DHCP6 fe80::217:10ff:fe91:55b1 0ms 0ms 100% Offline
Is there any other configuration that is required to get WAN_DHCP6 gateway to work properly?
-
Is it actually down? You can try ipv6.google.com to verify. I find that Gateway Monitoring to an address that didn't respond caused that situation. I just turn off monitoring, as you don't really need it, if you have only one route to the Internet. Turning it off also cuts down on traffic. That monitoring sends out a lot of pings.
-
Is it actually down? You can try ipv6.google.com to verify. I find that Gateway Monitoring to an address that didn't respond caused that situation. I just turn off monitoring, as you don't really need it, if you have only one route to the Internet. Turning it off also cuts down on traffic. That monitoring sends out a lot of pings.
Turns out that you can't ping Roger's gateway - I replaced the monitor IP with Google's IPV6 IP and now it is online.
But another question - how do clients obtain an IPV6 address. Does the DHCP6 Relay and/or DHCP6 Relay & RA need to be enabled?
Thanks.
-
But another question - how do clients obtain an IPV6 address. Does the DHCP6 Relay and/or DHCP6 Relay & RA need to be enabled?
If a prefix has been delegated to your router, you should use the dhcpv6 server, not the relay. When you enable the service, you will set the minimum and maximum range, such as ::1000 and ::2000 or whatever. If you will have a stateful and stateless devices on your network, set the router mode to assisted. (Android phones only support SLAAC.)
-
But another question - how do clients obtain an IPV6 address. Does the DHCP6 Relay and/or DHCP6 Relay & RA need to be enabled?
If a prefix has been delegated to your router, you should use the dhcpv6 server, not the relay. When you enable the service, you will set the minimum and maximum range, such as ::1000 and ::2000 or whatever. If you will have a stateful and stateless devices on your network, set the router mode to assisted. (Android phones only support SLAAC.)
Thanks, I got that working as well.
Last question, I have multiple LAN subnets - one regular one and one WiFi LAN … since Rogers is /64 prefix delegation, is it possible to "split" the IPV6 addresses across two LANs or am I SOL until Rogers changes the prefix delegation?
Thanks.
-
It may be possible to split a prefix, but it will break some things, including SLAAC.
-
I replaced the monitor IP with Google's IPV6 IP and now it is online.
Why not just turn off monitoring?
But another question - how do clients obtain an IPV6 address. Does the DHCP6 Relay and/or DHCP6 Relay & RA need to be enabled?
Normally, the router uses Router Advertisements to provide the local prefix. Then the various devices add another 64 bits to the prefix. Those 64 bits can be derived from the MAC address or be a random number.
-
If a prefix has been delegated to your router, you should use the dhcpv6 server, not the relay.
No need for DHCPv6 on the local LAN. Router Advertisements and SLAAC provide the addresses.
-
If a prefix has been delegated to your router, you should use the dhcpv6 server, not the relay.
No need for DHCPv6 on the local LAN. Router Advertisements and SLAAC provide the addresses.
However, if I run a server on a network, DHCP6 would allow me to set a static address correct - this would make it easier to setup firewall rules?
-
Yes. Though it is arguable that a static config on the server is no more work than setting up a static assignment. At least it's centralized in the DHCP server.
And I believe there is no way to turn off DHCP6 on an inside interface set to track.
"Assisted" is generally what you want on the RA settings since some devices (android) are SLAAC-only.
-
Yes. Though it is arguable that a static config on the server is no more work than setting up a static assignment. At least it's centralized in the DHCP server.
And I believe there is no way to turn off DHCP6 on an inside interface set to track.
"Assisted" is generally what you want on the RA settings since some devices (android) are SLAAC-only.
I'm still getting ramped up on IPv6, but it seems that support for DHCP-PD is still weak in pfSense - without the ability for static mappings to track the WAN PD, the entries will become nullified if the ISP updates the modem address assignment.
I guess I got the basics setup - for hosting a server seems like I'll still be on IPv4.
-
In my opinion support for DHCP-PD is weak on the ISP side.
They're the ones changing what should be static IP addresses.
Use tunnelbroker.net. They manage to issue static /48s. And they don't charge $90+/month.
