Setting up Comcast Business Class IPv6 & IPv4 with Static Allocations to PFsense
-
I am sure someone here has done this, but I have a friend with Comcast Business connection, and they have a static IPv4 and IPv6 connections. They have a /29 of v4 space, and a /56 of v6 space. We have a PFsense appliance (running 2.4.0) attached to the cable modem to handle the firewall and VPN connections, and the cable modem is a Comcast/Cisco DPC3941B.
I have IPv4 working like a champ, but IPv6 has me pulling my hair out. I have done IPv6 in datacenters, and over the MetroE product, but never a cable modem. I see no obvious gateway, looking at the configs it looks like the cable modem has the /56 attached to it's LAN ports, and though I can static route a V4 range, there is no option to route some of the V6 range to the firewalls interface.
Do I need to put this in bridge mode? As it doesn't appear to be, and if so what am I to use for my gateway between Comcast and the firewall WAN side, if the /56 (or at least part of it) is used on the LAN side?
I have searched and read the various threads about using Comcast IPv6 with PFsense, but as the allocations are static, there is no SLAAC or DHCPv6 in use. I even tried using DHCPv6 to see what happened, and it never got an IP, so guessing as it's a static block, something has to be setup different.
Any pointers on getting this going would be super..
-
Have they told you what the range allocations is?
Bridge mode is the best way of doing things.
If you use bridge mode how does authentication work, i.e. is it PPPoE?
-
Packet capture on the WAN interface and ping6 something in the /56 from the outside.
Does it show up on WAN?
If so just put /64s out of the /56 on your inside interfaces using static assignment. Set up SLAAC or whatever you want on the inside interfaces.
And everyone will be jealous of you.
If the traffic does not show up on WAN, call Comcast and ask them what they expect from your WAN interface for IPv6. DHCP6? or ?
-
@marjohn56:
Bridge mode is the best way of doing things.
If you use bridge mode how does authentication work, i.e. is it PPPoE?
Unfortunately, Bridge mode isn't an option with Comcast Business if you have static IP addresses. They run RIP to advertise the static addresses back upstream, which requires that it run as a gateway, not in bridge mode.
Bridge mode on Comcast Business can only be used with dynamic addresses, and there's no authentication, just DHCP/DHCPv6 to get an IPv4 address and up to a /56 of IPv6 addresses.
I agree with Derelict though as a way to test what might be going on.
-
I have the same problem. If you get it working I would love to see how :)
I too am running out of hair. -
Call Comcast and see what they need from the router to get the addresses.
Not asking for anything pfSense specific - just general instructions for any router.
-
Did you get this working? I'm stuck in the exact same place you were 9 m,onths ago. Some screen shots would be so awesome.
-
Same issue on my end. I had it working somewhat by setting up DHCP6 on pfsense and just allocating my static range given by Comcast. It worked for a while but after a day, traffic doesn't seem to route properly until I reboot pfsense. Ideally, pfsense would pass the ip assigning back to the business gateway, but when I try that, nothing happens.
Bridge mode, yes, it worked perfectly, but lost my static IPv4s that way and was assigned a dynamic IP. :(
Calling Comcast for help is painful. Last time I called, I had to explain networking to them and they argued with me that I "had IPv6 address and that it is my modem's hardware address" and "everything looks fine on our end". I ended up having to hang up, but it depends on who answers the phone.
-
With the exception of the DHCP setup, the following works for me for a little while, but I suspect the issue on my end is something else.
https://techielibrarians.com/index.php/2017/06/08/native-ipv6-with-comcast-business-and-pfsense-2-3/
Those instructions are for the old gateway modem type, but I'm on the Cisco and it seems to work.