Trials, Tribulations and Confirmations
-
I have been doing a LOT of reading on pfSense and IPv6…...
I have been doing a LITTLE playing and even some minor breaking..... this is how I learn best.
Thanks to all the geniuses here that make it possible for me to learn.
I have a multi LAN environment at home, with a single WAN.
ISP (Spectrum) <-> SURFboard SB6190 <-> pfSense whitebox <->
LAN_1 and WAN are on a dual nic Intel card.
LAN_2 is on onboard broadcomm NICLAN_1 <-> Apple airport time machine (Bridge mode) <-> Home streaming and adult devices
LAN_2 <-> Belkin N600 (AP mode) <-> IoT and kids devicesPreviously, all interfaces were IPv4 ONLY.
WAN - Enabled IPv6, DHCPv6 - DHCPv6 prefix delegation size /56 - Send hint enabled. IPv6 address obtained successfully.
LAN_1 - Enabled IPv6, Track Interface, Track Interface = WAN, IPv6 prefix ID = 0. IPv6 address obtained successfully.Added Cloudfare IPv6 DNS servers to system DNS servers.
LAN_1 Client - Macbook Pro - Run IPv6 tests using online test site, all checks are passed.
Other LAN_1 clients include Apple TVs and iPhones. All show IPv6 addresses.All things considered, I am thrilled at this point and am feeling somewhat accomplished.
Pause for effect.......
LAN_2 - Enabled IPv6, Track Interface, Track Interface = WAN, IPv6 prefix ID = 1. This is what I thought was the right thing to do for a second IPv6 LAN to operate correctly.
ALL HELL BROKE LOOSE..........
I rebooted the FW, as was done before, before the IPv6 addresses would show up.
Firewall would not go pass "Starting DNS resolver"........ no matter how long I waited, no matter how many times I rebooted.
Absolutely NO worries. I did a fresh install, I restored a 12 hour old config backup, tweaked a few minor items and the world is good again.
These steps were done again......
WAN - Enabled IPv6, DHCPv6 - DHCPv6 prefix delegation size /56 - Send hint enabled. IPv6 address obtained successfully.
LAN_1 - Enabled IPv6, Track Interface, Track Interface = WAN, IPv6 prefix ID = 0. IPv6 address obtained successfully.Added Cloudfare IPv6 DNS servers to system DNS servers.
LAN_1 Client - Macbook Pro - Run IPv6 tests using online test site, all checks are passed.
Other LAN_1 clients include Apple TVs and iPhones. All show IPv6 addresses.And now my question...... or questions.......
How can I confirm I do in fact receive a /56 from my ISP so I can attempt again to add a second IPv6 LAN?
If confirmed present, how to I add the second IPv6 LAN?
Or does the fact the all hell broke loose indicate I am NOT receiving a /56 from the ISP?
Thanks in advance!!!!
Ragen -
LAN_2 - Enabled IPv6, Track Interface, Track Interface = WAN, IPv6 prefix ID = 1. This is what I thought was the right thing to do for a second IPv6 LAN to operate correctly.
Yes this is how you would do it.
ALL HELL BROKE LOOSE….......
Meaning what exactly.
I rebooted the FW, as was done before, before the IPv6 addresses would show up.
Firewall would not go pass "Starting DNS resolver"…..... no matter how long I waited, no matter how many times I rebooted.
Possibly unrelated to IPv6, tough to say without any detailed log. Personally I would check the HDD/SSD in the device and run a memory check to make sure the hardware is still fine.
How can I confirm I do in fact receive a /56 from my ISP so I can attempt again to add a second IPv6 LAN?
Best way to make sure, talk to your ISP and ask them what prefix size they provide.
-
UPDATE:
The same exact steps were taking again this afternoon.
This time I observed the CPU level and waited until it leveled from near a 100% spike, post save/applying the interface changes, then rebooted the box.
All is good!!