Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    State of DS-Lite (Dual Stack Lite) support in pfSense

    Scheduled Pinned Locked Moved IPv6
    12 Posts 4 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Does this mean pfSense is (currently) unable to tunnel ipv4 traffic over my ISP's DS-Lite?

      Please read this here (german) DS-Light (Dual Stack & VPN)

      There is also a in Germany based solution that can be helping out to solve this issue for you.
      But it is not free of charge but also in German language Feste-IP.net

      You could place this device in the DMZ of your pfSense and all is running well for you.

      1 Reply Last reply Reply Quote 0
      • M
        malt3
        last edited by

        I read the article on elektronik-kompendium (also the one specifically on DS-Lite). So what I read from it is this:
        When the TC7200 is operating in router mode, it will act as the B4 node that routes ipv4 packets over ipv6 to their AFTR endpoint where they do CGN.

        I do understand that a router that does this 4in6 tunneling to unitymedia needs some kind of configuration (like an AFTR adress or maybe a password or more), but I am still unsure if a pfSense box is even capable of tunneling in that way.

        Looking at this, it seems like the Feste-ip soultion would be the easiest. I do have some questions left, though.

        1. do you mean the FIP-Box easy2connect? (http://www.feste-ip.net/fip-box/easy2connect)
        2. which of their services is the correct one? Their offerings all seem to be meant to make devices in my home network accessible over ipv4.
        This is also nice. However, my main focus is to get an ipv4 adress that devices in my home network can use to talk to other servers that only have ipv4. This opens the following question: When using such a device, would the pfSense router still be the ipv4 DHCP Server?
        3. Is Feste-IP only mapping some of my ports? Or do they also have real tunneling?
        4. After looking up DMZ (demilitarized zone) I am still unsure how this is exactly meant to work.

        Is it meant like this:

        Internet –---- TC7200 (bridge mode) -------- FIP-Box ----------- pfSense Router --------- Clients

        Or like this:
                                                                |---------- FIP-Box
        Internet ------ TC7200  (bridge mode)  |
                                                                |----------- pfSense Router --------- Clients

        Or even like this (as Feste-IP.Net seems to suggest):
                                                                                                        |---------- FIP-Box
        Internet ------ TC7200  (bridge mode) ------pfSense Router--------|
                                                                                                        |----------- other Clients

        Thanks for the help. I really appreciate it!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          DS-Light with dual-stack will not be able to let you create any kind of VPN from the outside.
          Thats it in short, but with that small VPN Server that could be positioned inside of the VPN
          it could running.

          1 Reply Last reply Reply Quote 0
          • C
            cyd777
            last edited by

            Dr All,

            I'm really newbie in IPv6 and pfsense too.
            But now in Germany I can use my own router with Unitymedia. I would like to ask if I will have Docsis 3.0 compatible 24X8 capable modem and I will connect my the pfsense directly to it can it work?
            I mean these are the requirements of the provider:
            • DOCSIS 3.0 compatible
            • 24 download and 8 upload channels
            • Understanding IPv4 and IPv6 as well as Dual Stack Lite
            • and support the SIP standard for telephony
            So If I find a modem which handle the first 2 and I don't care about telephony the 3rd requirement can be done completly by the pfsense (2.3)?

            Thanks
            cyd

            1 Reply Last reply Reply Quote 0
            • M
              Maps
              last edited by

              If your plan access over ipv4 external, right.
              It´s smarter and mostly cheaper to use a vserver hoster like hetzner. ( 4,64 Euro per Month )

              Internet - VServer ( debian ) -> VPN openvpn -> Your DS lite ( pfsense )-> Homenet.
              Tunnel must be open by pfsense (homeside) to the vserver .

              So you don´t user "black boxes" in your home net, and all configs in your Hand.

              On  the vserver you are able to setup VPN like raacon ( ipsec ) openvpn…

              1 Reply Last reply Reply Quote 0
              • C
                cyd777
                last edited by

                Hi Maps,

                I know it is just under-usage of the pfsense but the only thing what I want from it at the beginning to work as "home-router" but because my provider forces the ds-lite I want to know if this can connect to my provider's infrastructure.
                First I don't want vpn or any fancy stuff just good, safe router firewall.
                I have the hardware for the pfsense and it is running already, just right now behind the router of the provider, so I'm double nated.
                That's why I want to know how to configure the pfsense if I replace the provider's router to a simple cable modem.
                In my theory how should it work:
                Internet –> my own simple cable modem --> my pfsense (with ipv6 and ds-lite) --> my home network

                That's all I would like to achieve.
                Is it difficult with pfsense for a newbie?

                Thanks,
                cyd

                1 Reply Last reply Reply Quote 0
                • M
                  Maps
                  last edited by

                  My Provider "Deutsche glasfaser" use also Dualstack Lite ( Real IP V6 56 Net ) and a private IP non offiicial IPV4.
                  It´s quite easy setup, only for ipv6 I need to use the develompent Release. "Wait for RA" problem.

                  But I never try to setup TV or phoneservice with pfsense. In this case, for a beginner it could be easyer to use a AVM Produkt.

                  You are running pfsense, in best case you have to change only your WAN parameters

                  1 Reply Last reply Reply Quote 0
                  • C
                    cyd777
                    last edited by

                    I'm not using phone neither TV on this line, just internet.
                    Is it difficult to set up this?
                    I'm on the latest stable community edition pfsense version (2.3.2).

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest
                      last edited by

                      @malt3:

                      I read the article on elektronik-kompendium (also the one specifically on DS-Lite). So what I read from it is this:
                      When the TC7200 is operating in router mode, it will act as the B4 node that routes ipv4 packets over ipv6 to their AFTR endpoint where they do CGN.

                      I do understand that a router that does this 4in6 tunneling to unitymedia needs some kind of configuration (like an AFTR adress or maybe a password or more), but I am still unsure if a pfSense box is even capable of tunneling in that way.

                      Looking at this, it seems like the Feste-ip soultion would be the easiest. I do have some questions left, though.

                      1. do you mean the FIP-Box easy2connect? (http://www.feste-ip.net/fip-box/easy2connect)
                      2. which of their services is the correct one? Their offerings all seem to be meant to make devices in my home network accessible over ipv4.
                      This is also nice. However, my main focus is to get an ipv4 adress that devices in my home network can use to talk to other servers that only have ipv4. This opens the following question: When using such a device, would the pfSense router still be the ipv4 DHCP Server?
                      3. Is Feste-IP only mapping some of my ports? Or do they also have real tunneling?
                      4. After looking up DMZ (demilitarized zone) I am still unsure how this is exactly meant to work.

                      Is it meant like this:

                      Internet –---- TC7200 (bridge mode) -------- FIP-Box ----------- pfSense Router --------- Clients

                      Or like this:
                                                                              |---------- FIP-Box
                      Internet ------ TC7200  (bridge mode)  |
                                                                              |----------- pfSense Router --------- Clients

                      Or even like this (as Feste-IP.Net seems to suggest):
                                                                                                                      |---------- FIP-Box
                      Internet ------ TC7200  (bridge mode) ------pfSense Router--------|
                                                                                                                      |----------- other Clients

                      Thanks for the help. I really appreciate it!

                      FIB Box Position und Portmapper

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        I know it is just under-usage of the pfsense but the only thing what I want from it
                        at the beginning to work as "home-router" but because my provider forces the ds-lite I want
                        to know if this can connect to my provider's infrastructure.

                        Anleitung zu pfSense & DSL-Light

                        1 Reply Last reply Reply Quote 0
                        • M
                          Maps
                          last edited by

                          From my point of view, telekom don´t use DS-List ?!? ( see IP 79.XX in the dokument ).

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.