Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 Native with Telstra, Australia

    IPv6
    8
    165
    42.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Larrikin @dugeem
      last edited by Larrikin

      @dugeem said in IPv6 Native with Telstra, Australia:

      @Larrikin Well done.

      For reference can you please post a capture of successful pfSense IPv6 initialisation on Telstra?

      I'm torn on that. The problem with that is that will publicly give away all my MAC addressing and IP addressing - not something I really want to do. I am all for sharing as much as I can but on this one, however I am a bit nervous of giving away my personal IP and mac details.

      1 Reply Last reply Reply Quote 0
      • L
        Larrikin @randomaustralian
        last edited by

        @randomaustralian said in IPv6 Native with Telstra, Australia:

        next step now is to see if i can get it working myself.

        You should be fine - just follow the wiki. If you run into any issues, just WHIM me on whirlpool and I'll help.

        1 Reply Last reply Reply Quote 0
        • randomaustralianR
          randomaustralian
          last edited by randomaustralian

          so i followed your guide and the only thing that was different to my existing settings was the system tunable lines of steps 19 and 20.

          i do get IPv6 internally rout-able addresses like last time but i still cant seem to pass any traffic which has been my standing problem for a while now.

          Edit:

          i'd like to add i am receiving IPv6 traffic because i never have had snort report an alert with an IPv6 address. i don't know how to or what a WHIM is on whirlpool.

          2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
          1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
          1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
          1x Dell Power Edge R510
          2x Dell Power Edge R610

          L 2 Replies Last reply Reply Quote 0
          • L
            Larrikin @randomaustralian
            last edited by

            @randomaustralian said in IPv6 Native with Telstra, Australia:

            so i followed your guide and the only thing that was different to my existing settings was the system tunable lines of steps 19 and 20.

            i do get IPv6 internally rout-able addresses like last time but i still cant seem to pass any traffic which has been my standing problem for a while now.

            Double check steps 1 to 6.

            Show screen shots of System, Routing, Gateways and your firewall ruleset on the LAN.

            randomaustralianR 1 Reply Last reply Reply Quote 0
            • L
              Larrikin @randomaustralian
              last edited by

              @randomaustralian said in IPv6 Native with Telstra, Australia:

              Edit:

              i'd like to add i am receiving IPv6 traffic because i never have had snort report an alert with an IPv6 address. i don't know how to or what a WHIM is on whirlpool.

              That's fine. Just direct msg me here instead. I frequent both forums. I'm sure we'll get you working. I'm willing to bet its an old setting you've forgotten about when you've played with this that you've assumed aligns with the how to guide, but probably doesn't. We'll find it, and fix it :)

              1 Reply Last reply Reply Quote 0
              • randomaustralianR
                randomaustralian @Larrikin
                last edited by randomaustralian

                @larrikin Actually i'm confident your settings are working fine. I can ping IPv6 addresses from my desktop.

                In fact. I tried to ping Cloudflares IPv6 DNS server 2606:4700:4700::1111 and realized i had not re-added Cloudflares IPv6 DNS addresses back into my pfSense configuration.

                Addresses re-added. Rebooted. http://ipv6-test.com/ reports i have a working IPv6 stack.

                0_1551573288324_336c257b-5881-4611-8f43-413e093d0c6d-image.png

                2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
                1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
                1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
                1x Dell Power Edge R510
                2x Dell Power Edge R610

                L 1 Reply Last reply Reply Quote 0
                • L
                  Larrikin @randomaustralian
                  last edited by Larrikin

                  @randomaustralian said in IPv6 Native with Telstra, Australia:

                  @larrikin Actually i'm confident your settings are working fine. I can ping IPv6 addresses from my desktop.

                  In fact. I tried to ping Cloudflares IPv6 DNS server 2606:4700:4700::1111 and realized i had not re-added Cloudflares IPv6 DNS addresses back into my pfSense configuration.

                  Addresses re-added. Rebooted. http://ipv6-test.com/ reports i have a working IPv6 stack.

                  Yep - you are good. It's working. You may not have rebooted before after making the tunable changes which is key for this to work. There you go. Enjoy IPv6!

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate @randomaustralian
                    last edited by

                    @randomaustralian said in IPv6 Native with Telstra, Australia:

                    I was considering paying for a Netgate support subscription to get the results i was after.

                    With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    randomaustralianR L 3 Replies Last reply Reply Quote 0
                    • randomaustralianR
                      randomaustralian @Derelict
                      last edited by

                      @derelict Well now i can potentially be that private consultant.

                      2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
                      1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
                      1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
                      1x Dell Power Edge R510
                      2x Dell Power Edge R610

                      1 Reply Last reply Reply Quote 0
                      • L
                        Larrikin @Derelict
                        last edited by

                        @derelict said in IPv6 Native with Telstra, Australia:

                        @randomaustralian said in IPv6 Native with Telstra, Australia:

                        I was considering paying for a Netgate support subscription to get the results i was after.

                        With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

                        Or not paying anyone and relying on the community working as a team to get this sorted :)

                        randomaustralianR 1 Reply Last reply Reply Quote 0
                        • randomaustralianR
                          randomaustralian @Larrikin
                          last edited by

                          @larrikin

                          what i have experienced with Telstra is they are very anal about consumers using Telstra's supplied gear.

                          They refuse to support your internet connection if you don't use their gear. I have to keep their supplied gateway handy in case i have an outage and then confirm the outage exists on their router too before calling them or they wont support me. :\

                          2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
                          1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
                          1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
                          1x Dell Power Edge R510
                          2x Dell Power Edge R610

                          1 Reply Last reply Reply Quote 0
                          • L
                            Larrikin @Derelict
                            last edited by Larrikin

                            @derelict said in IPv6 Native with Telstra, Australia:

                            @randomaustralian said in IPv6 Native with Telstra, Australia:

                            I was considering paying for a Netgate support subscription to get the results i was after.

                            With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

                            I think that's a little unfair. Telstra wasn't uncooperative, and the theory I posted above turned out to be accurate. The system tuneables changes address the ICMPv6 flow neighbor solicit. And part of my theory was built on information supplied by Telstra and the other part built on packet captures. Telstra didn't need to give me that information, but the guy did. It's just that I didn't pay enough attention to it at the time and I (amongst others) got hung up on one UDP packet rather than looking at the bigger picture.

                            DerelictD 1 Reply Last reply Reply Quote 0
                            • DerelictD
                              Derelict LAYER 8 Netgate @Larrikin
                              last edited by

                              @larrikin For you perhaps. Sounds like you have a special friend that is not what everyone's experience is.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              L 1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                Telstra chose to be different and refuse to document that difference.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                B L 2 Replies Last reply Reply Quote 0
                                • L
                                  Larrikin @Derelict
                                  last edited by

                                  @derelict said in IPv6 Native with Telstra, Australia:

                                  @larrikin For you perhaps. Sounds like you have a special friend that is not what everyone's experience is.

                                  Well, again, to defend Telstra... I simply posted a problem once I was having in a public forum. A back of house Telstra person personally reached out to me in a private chat message providing his work email address and fixed the issue. He gave me his mobile number and we also spoke on the phone.

                                  He also asked not to be named publicly at the time for that, he was just happy to resolve it. That's how he became my contact. Because of his initiative.

                                  Reading his posts, I'm not the only one he has helped.

                                  randomaustralianR 1 Reply Last reply Reply Quote 0
                                  • DerelictD
                                    Derelict LAYER 8 Netgate
                                    last edited by

                                    If you search this forum for net.inet6.icmp6.nd6_onlink_ns_rfc4861 you will find this thread.

                                    No other ISP in the world is known to require that default be changed.

                                    Chattanooga, Tennessee, USA
                                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                    L 1 Reply Last reply Reply Quote 0
                                    • B
                                      Bigmaccius @Derelict
                                      last edited by

                                      @derelict the problem with Telstra in my experience has always been that there's two sides to their company - there's some great people there who are extremely knowledgeable on the business side as @Larrikin proves through his contact (and I've got similar contacts at Telstra too).

                                      But the Consumer side of Telstra and especially the Level 1 Support are more than often terrible and to @randomaustralian's point as soon as you tell them you're not using the supplied Gateway as that point they are completely off-script and completely useless.

                                      1 Reply Last reply Reply Quote 1
                                      • L
                                        Larrikin @Derelict
                                        last edited by

                                        @derelict said in IPv6 Native with Telstra, Australia:

                                        Telstra chose to be different and refuse to document that difference.

                                        Different to what? My issue with IPv6 is that it's incredibly complex compared to IPv4, and there are many ways to implement it and still be compliant to the standard.

                                        I agree it would be nice for Telstra to document how they run IPv6, but they have made a commercial decision that if you sign up with them, you use their router. Everything that has been done has been unofficial. If we don't like it, then we find another ISP. I'm not arguing that Telstra is right in their approach, it's just the decision they have taken.

                                        They are by far the largest ISP in Australia - they own the market. And that means most people are standard "mums and dads" who just want an end to end service supported - so Telstra can support the router as well given that they control it.

                                        Anyhow, I guess in summary, in part I agree with you in that I'd like them to publish this information, but the moment they do, they are creating a rod for their own back for then getting sucked into supporting third party routers which goes against the grain of the company's position.

                                        I also keep coming back to IPv6 is a very complex beast. Even if they did publish more info on it, each vendor has different ways to configure it, so what then?

                                        1 Reply Last reply Reply Quote 0
                                        • DerelictD
                                          Derelict LAYER 8 Netgate
                                          last edited by

                                          That is true for all ISPs. It is particularly problematic when an ISP chooses to deploy something that requires special treatment and is silent about what that special treatment is.

                                          Chattanooga, Tennessee, USA
                                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • DerelictD
                                            Derelict LAYER 8 Netgate
                                            last edited by

                                            Giving people the information necessary to configure their own routers is not stabbing themselves in the back.

                                            They can still say "use our router or we're going to hang up on you."

                                            Chattanooga, Tennessee, USA
                                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                            L 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.