IPV6 setup with Hyperoptic (UK ISP)
-
This post is deleted! -
Hi,
I have had discussions with the ISP (Hyperoptic) about this. The suggestion is now that I assign a fixed IPV6 IP to the WAN interface from the /67 block if I want outbound traffic to work from the firewall itself. Is this even possible, what is the best way to do this without causing issues for the LAN clients where IPV6 is working well? I take it I will need to give a /64 subnet to the WAN, and override the default gateway?
Thanks.
Andrew. -
I assume you mean /64, not /67. Regardless, you can't. You cannot have more than 1 interface with the same prefix. However, what traffic will you be sending from the firewall? Other than ping and traceroute, I don't see you doing much. Does the pfSense update work without a WAN address? As far as services such as VPN, SSH and so on, you should be able to use the LAN address.
-
The solution is this.
Have the fixed address on WAN which gets assigned using DHCPv6 mode on WAN interface.
On WAN interface have "Use IPv4 connectivity as parent interface" ticked.
The next bit depends on isp, I will post both methods.
This one I think is likely to be more common across isp's.
On LAN interface set the prefix given to you by the isp manually.
Leave ipv6 upstream gateway set to none, I would initially leave use ipv4 connectivity as parent unticked, but tick it if you have no internet routing.Once its assigned on LAN, things like DHCP6 etc. LAN side should work.
The second method is if isp supplies dynamic prefix.
Configure LAN interface to "track interface" for ipv6 configuration type. This should make pfSense automatically assign an ip to LAN based on the PD-Prefix sent to you by isp, and should also automatically populate prefix on LAN DHCP6.
On both methods you may or may not also need to specify the prefix delegation size in WAN settings, on my first isp (sky) I set it, my current isp (aaisp) is set to none based on their instructions.
If your isp uses DHCP auth for ipv4, you will probably also need to tick the "do not wait for a RA" box.
Given that you have already stated you getting assigned a PD Prefix from the isp, then the likely only missing piece of jigsaw is probably the LAN interface configuration.
-
Hi @chrcoluk ,
You have described a couple of different ways to get the delegated prefixes onto the LAN segment. If you will read above, that is not the problem. Both @adhodgson and I have been able to get LAN interface and LAN clients to work without problems using Track Interface.
-
I also described how to get WAN interface assigned an ipv6 as well.
So what is the problem I missed?
-
This all worked for a couple of years but we have had some Hyperoptic upgrade done in the area and it has broken IPV6 connectivity using DHCPV6 (default configuration). Trying to work out what is best to do at the moment but wondering if anyone else has seen this? Only way of getting IPV6 right now is using the ISP provided kit which isn't giving much away about configuration.
I'm not hopeful of a solution right now as I've seen several other forum posts where people have either been able to get IPV6 working on their connection or not and if it works it seems to just work in the way described above but if it isn't working nothing seems to get it on, but will be trying a couple of options with PFSense over the next few days as we have a lot more info from the logs than on most of the other routers out there.