IPv6 on 2VLANs
-
Hello,
I'm trying to get IPv6 from my ISP on both VLANs I have.
Here's the setup:- custom made PFSense 2.4.1 box with 2NIC
- NIC 1 –> Connects to the ISP via PPPoe on IPv4 and DHCP6 on IPv6, IPv6 prefix delegation /64. It requests an IPv6 prefix though the IPv4 connectivity link
- NIC 2 has 2 VLANS:
VLAN1: IPv4: Static IPv4; IPv6: Track Interface WAN with IPV6 prefix ID: 0
VLAN2: IPv4: Static IPv4; IPv6 --> here I need you guys help, since I cannot use the same prefix ID, and the PFSense GUI does not allow me to change the prefix ID to anything else than 0 which is already being used.
For the moment I have IPv6 on VLAN1, but not on VLAN2.
Thanks for all your help.
Andy.
-
What prefix are you getting from your ISP? If only a /64, you're out of luck. I have a /56 and I can configure pfSense to request any prefix up to that with "DHCPv6 Prefix Delegation size on the WAN" page. Once you have more than 1 /64, you can choose which one when configuring VLANs.
-
Hello,
The ISP is assigning a ::/64. So I'm out of luck :)
They might be assigning a ::/56 sometimes during January 2018.
Just out of curiosity, can you put some screenshots on how to do it using a ::/56 ?Thanks a lot,
Andy -
There's really no need for screen shots. As I mentioned, you set the desired prefix size on the WAN page. In my case I selected a /56 and when you configure the interface, you just choose which /64 to use on that interface. Also make sure that RAs are set up properly. That's pretty much all there is to it. It works the same way whether you have 1 /64 or 65,536. If you can do one, you can do them all.
-
Thanks a lot.
-
If you don't want to wait til your ISP starts handing out prefixes you can work with multiple segments behind pfsense. You could always setup tunnel with Hurricane Electric (free) you can get a /48 from them. Then you could setup as many vlans you want on ipv6.
-
Does it also work if my ISP is assigning dynamic IPv4 addresses ?
As far as I know, HE requires an IPv4 static endpoint..Thanks
-
https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker#Keep_the_Tunnel_Endpoint_Up-To-Date
-
"As far as I know, HE requires an IPv4 static endpoint.."
Where would you have gotten that FUD from?
-
"As far as I know, HE requires an IPv4 static endpoint.."
Where would you have gotten that FUD from?
At one point, HE. I was looking at them several hears ago and then you had to supply an IPv4 address and they had no way of handling a different address. While my IPv4 address was virtually static and I could have used it, I went with another provider that could even handle mobile users & NAT. I believe HE now has a way to handle changing addresses, though I haven't investigated it.
-
HE.NET has the ability to use a dynamic DNS address for the tunnel endpoint. In fact there is a specific dyndns provider setting in pfSense for HE.NET Tunnelbroker.
Just do it. It works great.
-
HE.NET has the ability to use a dynamic DNS address for the tunnel endpoint. In fact there is a specific dyndns provider setting in pfSense for HE.NET Tunnelbroker.
Just do it. It works great.
Can they handle NAT yet? The tunnel broker I used could either use 6in4 IP protocol 41 or UDP. UDP was necessary behind NAT.
-
No idea. NATs are bad.
-
No idea. NATs are bad.
Yeah, I know. But when you're using someone else's network, you have no choice.