IPv6 doubts
-
The bridge should not matter for this test. There should be a 2001:818:d9d9:ba01::fffe/64 address on a localhost interface that should respond. The bridge should not matter here but should be cleaned up for sure.
-
@Derelict Thank you very much, I will ask these questions to the ISP and see about configuring things properly. I'll keep you posted about progress on this issue.
-
@derelict said in IPv6 doubts:
I would also packet capture for incoming ICMPv6 packets to that address and ping it from the outside and see if they show up.
If not I would packet capture for neighbor solicitations on WAN for that address and ping it again. If they are soliciting for a neighbor on two different /64s on WAN they are, as @johnpoz might say, borked.I would diagnose whatever you can so you can be well-prepared to deal with ISP, umm, indifference.
-
UPDATE: I've talked to my ISP again, they said they'd get back to me about it. I asked them how to st up the IPv6 so it works with pfSense, I think I may have stumped them, hehe. In the meantime I need to prepare my weapons of clobbering <rolls all the IPv6 RFCs and readies them to clobber my ISP with them> Just saying, is they are being unorthodox... to quote rock man from the fantastic four: "It's clobberin' time!"
-
@cmpsalvestrini said in IPv6 doubts:
I think I may have stumped them, hehe
Easy enough with first level "support". ;)
-
gets off the phone with ISP <groan> WAN IPv6 address is distributed by SLAAC ... </groan>
I suppose I will have to set up some kind of bridge... I don't see how am I going to get my IPv6 working on the LAN side of my pfSense now. mutters darkly
-
What do you get on the WAN if you set it to SLAAC? (I would set it to SLAAC, apply, then shut down pfSense, reboot your modem until it comes back green, then start pfSense).
After that is the /56 routed to you? They might be doing something there. I have never seen it but they might.
What WAN address you get really doesn't matter. It is the /56 that matters.
-
you can not hand out /56 via slaac.. So how is they said they gave you a /56?
You can assign the router an IPv6 with slaac, and then delegate the /56 with dhcp prefix delegation.
Simple solution to make all your pain go away would be just get a tunnel from HE.. You can get a /48 from them.. Take you all of a few minutes to get it up and running.
-
I know you can't. But if that is what they are saying that is what should be attempted. Who knows what they are doing.
When it doesn't work, he can go back to them and say "What about the /56?" "How is that routed to me?" Because he's certainly not going to get a /56 prefix using SLAAC, as broken as that would be.
-
@cmpsalvestrini said in IPv6 doubts:
gets off the phone with ISP <groan> WAN IPv6 address is distributed by SLAAC ... </groan>
I suppose I will have to set up some kind of bridge... I don't see how am I going to get my IPv6 working on the LAN side of my pfSense now. mutters darkly
Regardless of how you get your WAN address, they have to route your /56 prefix to you. This is normally done via the link local address, but can be done with whatever they assign to your WAN interface.
On my network, I have a /56 prefix, but the WAN address is in a different one. However, my default gateway is a link local address.
default fe80::217:10ff:fe9 UGS re0
-
blinks... Epiphany... So I use the ISP's modem link local address as gateway on my WAN interface and everything will work? And here I was setting up GUA as my gateway... forehead meets hand
-
Just let your wan get its IP via slaac... Then try and setup a IP on one of your lan side interfaces with the /56 they gave you.
If its routed to you that will work.
-
I will certainly do that. Thanks for the enlightenment Insert appropriate illuminated face here
-
Just ping6 an address on the /56 from the outside and pcap on WAN for it. No need to set anything up. If you don't see anything pcap on the interface for everything IPv6 and see if you see Neighbor Discoveries for it.
-
So let's see if this is correct:
a) Added the link-local address for the ISP-provided router as gateway for the LAN network (the ISP's router page gave me that information, as per screenshot:
WAN is as is (static 2001:818:d9d9:ba00::1/64, gateway 2001:818:d9d9:ba00::1)
LAN side is configured as follows:
This should in theory give me IPv6 Internet accessibility in my LAN side.
I hope I understood correctly what was suggested here. Feel free to yell at me if I haven't done something well.
-
No.
Set the WAN to get an address using SLAAC and see what it does.
Derelict Netgate about 3 hours ago
What do you get on the WAN if you set it to SLAAC? (I would set it to SLAAC, apply, then shut down pfSense, reboot your modem until it comes back green, then start pfSense).
See what WAN shows in Status > Interfaces after that.
Forget about the /56 for the moment. Just do what the ISP told you to do. When you do that and it doesn't work (which is the highly-likely outcome) you can go back and say, "I did what you told me to do and it didn't work."
That is the only way to deal with ISP tech support.
-
Right. I'm connected to the WAN via SLAAC on the pfSense WAN port. Let's see now... I have IPv6 address, i have a gateway. Screenshot:
All fine and dandy. I get good ping6 too:
PING6(56=40+8+8 bytes) 2001:818:d9d9:ba00:6eb3:11ff:fe1b:5402 --> 2a00:1450:4003:806::2004
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=0 hlim=57 time=11.665 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=1 hlim=57 time=11.528 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=2 hlim=57 time=11.364 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=3 hlim=57 time=11.576 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=4 hlim=57 time=11.548 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=5 hlim=57 time=11.471 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=6 hlim=57 time=11.333 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=7 hlim=57 time=11.477 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=8 hlim=57 time=11.443 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=9 hlim=57 time=11.334 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=10 hlim=57 time=11.288 ms
^C
--- www.google.com ping6 statistics ---
11 packets transmitted, 11 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 11.288/11.457/11.665/0.113 msNow as to the LAN side... Plotz. A Windows client reports no IPv6 gateway at all, so I get a juicy No network access.
EDIT: Doh. I had not enabled RA... -.- Still, the Windows client reports "No Internet access".
-
So go back to your idiot ISP and say ok Im slaac and got xyz for IP... How do i use the /56 you told me I have behind my router..
-
OK, now you have to determine if traffic for 2001:818:d9d9:ba00::/56 is arriving on your interface. Set up a packet capture like this and start it.
The try to do stuff with it like ping6 2001:818:d9d9:ba01::1/56 from the outside, telnet to it from the outside, etc.
Then stop the capture and see what is there.
If you need someone to ping6 it from the outside holler.
Hmm. This is interesting:
