Not getting IPv6 from ISP (Telus)
-
I guess no IPv6 for me until some latter date. :'(
Why wait for Telus to get their act together?? If you want to experiment with IPv6, or even use it "in production", head over to HE.NET and get yourself a free IPv6 tunnel. You'll even get a free /48 with it. That's more than Telus will give you!
-
Why? Because it's not that important too me right now. It's still an experiment and I don't get much out of it in day-to-day use. I will just move onto my next pet project (home automation), and get back to it when I don't have anything better to do.
-
Exporting configuration and looking at XML, I can't see any lingering setting that would cause the issue. I tried fresh pfSense 2.3.4, with only WAN+LAN. Makes no difference. Called Telus support. Their answer was "IPv6 is still experimental, and as such not supported". I guess no IPv6 for me until some latter date. :'(
Telus support is clueless and even if they knew about ipv6, I really doubt they would help anyone with a third-party router. For what it's worth, Telus has been supporting native ipv6 for well over a year. The only issue with respect to pfsense was that Telus' edge router is configured to require dhcpv6 solicit before it will reply to a router solicit. As far as I know, according to a contact in the engineering organization, Telus has no intention of changing that. They consider it a "security" feature. The "do not wait for RA feature" has been in pfsense for over a year and it works reliably. I and others have been using pfsense on the Telus network. I have two separate pfsense routers, each with its own prefix. If your T3200M is getting dual stack, the only reason you are not able to get pfsense working through the bridge port is because something in the configuration is broken.
My suggestion is to create a new VM from scratch with a new, previously unused MAC address. Then install either 2.3.4 or 2.4 beta with one WAN and one LAN. (I'm using both and they both work.) The only settings you should have to change to get ipv4 and ipv6 working are to request a /56 prefix, prefix only but no address and "do not wait for RA". I also select "do not allow PD/address release". I would be very surprised if you could not get it working with this configuration.
If you are still having problems, I would start looking at how your hyper-v server is configured. Another thing you could try is to create another guest and connect it to the private WAN switch running wireshark. It's a bit messy to get the filtering working, but you should see the sequence of dhcpv6 and icmpv6 messages within a few seconds of each other every time you reboot or apply the WAN settings.
If you want, I will give you a hand off-line. We could use team-viewer or something. I've done this before for another Telus user.
-
My suggestion is to create a new VM from scratch with a new, previously unused MAC address. Then install either 2.3.4 or 2.4 beta with one WAN and one LAN. (I'm using both and they both work.) The only settings you should have to change to get ipv4 and ipv6 working are to request a /56 prefix, prefix only but no address and "do not wait for RA". I also select "do not allow PD/address release". I would be very surprised if you could not get it working with this configuration.
That's what I did. Fresh new VM with 2.3.4 (did not thinker with MAC though). No dice.
If you want, I will give you a hand off-line. We could use team-viewer or something. I've done this before for another Telus user.
I may take you up on that, but not now. Thanks for your help.
-
My suggestion is to create a new VM from scratch with a new, previously unused MAC address. Then install either 2.3.4 or 2.4 beta with one WAN and one LAN. (I'm using both and they both work.) The only settings you should have to change to get ipv4 and ipv6 working are to request a /56 prefix, prefix only but no address and "do not wait for RA". I also select "do not allow PD/address release". I would be very surprised if you could not get it working with this configuration.
That's what I did. Fresh new VM with 2.3.4 (did not thinker with MAC though). No dice.
If you want, I will give you a hand off-line. We could use team-viewer or something. I've done this before for another Telus user.
I may take you up on that, but not now. Thanks for your help.
Okay, it's probably either the MAC or more likely the configuration of the NICs on the hyper-v server. If you want to take another run at this, send me a pm.
-
It was bloody "Block bogon networks" option. The moment I unchecked it, IPv6 started working.
-
It was bloody "Block bogon networks" option. The moment I unchecked it, IPv6 started working.
Glad you got it working. I have it checked on the wan and unchecked on the lan, which are the defaults. It's easy for some seemingly innocuous setting to have a drastic effect. This is why I suggest to anyone having trouble getting pfsense working for the first time to use defaults wherever possible. Obviously you can't do that on the ipv6 wan settings, but hardly any changes are required to get it up and running. Good luck getting the rest of the configuration going.
-
I had exact same setting (I don't remember ever changing it). LAN off, WAN on. But turning it off for a moment on WAN made IPv6 working again. It's back to default value (on now) on WAN and everything still works even after reboot.
I made other changes (LAN tracks WAN) and it's all working now. The only thing I can't get to work is VM interface in pfSense (Hyper-V virtual switch). It's set up to track WAN interface, exactly same as LAN, but that entire segment (one Debian, one Windows 10, one Windows 8.1 and one Windows Server 2016, which is domain controller, DHCP server and DNS server) can't get public IPv6. Can you have more than one interface in pfSense set to track another one for DHCPv6?
-
Does Telus have a user forum? If so, perhaps you can post your settings there. I'm on Rogers and it was a Rogers employee who posted the pfSense settings in the forum. Also, there's a "Do not allow PD/Address release" on the Wan tab you may want to select. It keeps pfSense from releasing your prefix. Without it, my prefix would change if I did something as simple as disconnect/reconnect the Ethernet cable to the modem.
-
Telus has user forum, but quality of posts there makes me want to forget all about it.
I have "do not release" flag checked. As this was an experiment only, I'm quite happy with results. I'll wait for 2.4 to get released and then give it another shot with VM interface.
-
I had exact same setting (I don't remember ever changing it). LAN off, WAN on. But turning it off for a moment on WAN made IPv6 working again. It's back to default value (on now) on WAN and everything still works even after reboot.
I made other changes (LAN tracks WAN) and it's all working now. The only thing I can't get to work is VM interface in pfSense (Hyper-V virtual switch). It's set up to track WAN interface, exactly same as LAN, but that entire segment (one Debian, one Windows 10, one Windows 8.1 and one Windows Server 2016, which is domain controller, DHCP server and DNS server) can't get public IPv6. Can you have more than one interface in pfSense set to track another one for DHCPv6?
That's really strange.
For a typical dual-stack configuration with one WAN and one LAN it's a pretty simple setup.
You should have the following WAN settings:
IPV4: dhcp
IPV6: dhcp6
request prefix only
/56 prefix
do not wait for ra
do not allow pd releaseYou should have the following LAN settings:
ipv4: static
ipv6: track interface
upstream gateway: none
track ipv6 interface: WANExcept for do not allow pd release, it will not work without the settings. I recommend do not allow pd release. It works quite well at preventing the prefix from changing. However, Telus engineering told me that as long as the DUID does not change, the prefix should not change. I have found that if I clear do not allow release, it will release the lease and there will be a new prefix. If I do that a few times, occasionally the same prefix will be allocated again.
If you plan to use pfsense for dhcpv6, I also recommend assisted RA.
Not sure what you're trying to accomplish with the VM interface. Please elaborate. I have my hyper-v configured so the hyper-v management interface is on the LAN. I also have an extra NIC that's only connected to the hyper-v (not to any guests) and is connected to an unbridged LAN port on the modem. I use this only to log into the modem. I bumped up the routing metric so if any address other than the modem lan is accessed, it will go through the LAN interface on pfsense.