IPV6 - pfsense behind BT Hub

JKnott

@Jid said in IPV6 - pfsense behind BT Hub:

@stephenw10

Yes exactly ,but i was expecting the BT hub to give Pfsence an ip in the 2a0X:xxxx:xxxx:xx00:: /64 but it wasnt but gave it a fe80:: ?? will try to keep this as fe80:: and then use the /64 from the BT wan range in the LAN ,BUT that will still pose the issue of the BT box knowing how to get to this /64.

If that modem is in gateway mode, you can't put pfSense behind it and expect it to work properly. The pfSense WAN interface should get an address, but no prefix for the LAN. Every IPv6 capable device will have a link local fe80 address, no matter what it's connected to. That does not come from the ISP. It's often derived from the MAC address.

Jid

@JKnott
"With it in gateway mode, only devices connected directly to it will get an address". That is the case here .
The Probem is HOW do I get Devices on LAN side of Pfsense(connected directly to BT hub) to be able to route out in ipv6.

Jid

@stephenw10

Yes they do in the 2a0X:xxxx:xxxx:xx00:: range, however in the pfsense WAN(directly connected to LAN of BT Hub) its showing in the fe80:: range.

stephenw10

Some sort of route on the BT Hub, static or added via a PD.

Or put the hub in modem mode and just use pfSense directly.

I know the Business hub used to do something funky with static IPv4 subnets though that caused problems with that.

stephenw10

What is the pfSense WAN set to for IPv6? Or what was it set to before you set it statically?

If dhcpv6 doesn't work try SLAAC.

Steve

Jid

@stephenw10
DHCPV6 it gets fe80:: range , Static applied 2a0X:xxxx:xxxx:xx00:: /64 to match the 2a0X:xxxx:xxxx:xx00:: on the BT hub.

Jid

@stephenw10
Just tried SLAAC and getting this fdaa:bbcc:ddee:0:215: is that good.
But i cant access any Node to test now .

stephenw10

If other clients connected to the Hub do get an IPv6 IP as expected, what are they set to?

That address with SLACC is not any better really.

Jid

@stephenw10

Thanks ,Stv unfortunateley no device is currently connected to LANof BT hub ,apart from Pfsense.

Jid

@Jid
Tried DHCPv6 now getting this fdaa:bbcc:ddee: ?
For the LAN side what should it ? Statics? with DHCPv6 active?

stephenw10

I expect dhcpv6 to pull an routable v6 IP from a /64 withing the /56 BT are delegating to you.

I think you probably need to confirm a laptop connected to the Hub is getting that before going further here.

Steve

Jid

@stephenw10

BT Hub IPv6 status:
Enabled

IPv6 network status:
Enabled

IPv6 WAN details
Global unicast address:
2a00:xxxx:xxxx:x801:86a1:d1ff:fea1:f0dd

Global unicast prefix/length:
2a00:xxxx:xxxx:x801::/64

Link local address:
fe80::86a1:d1ff:fea1:f0dd

Remote link local address:
fe80::1e6a:7aff:fe68:f00

DNS:
Not available

IPv6 LAN details
Global unicast address:
2a00:xxxx:xxxx:x800:86a1:d1ff:fea1:f0df

ULA prefix / length:
fdaa:bbcc:ddee::/64

Link local address:
fe80::86a1:d1ff:fea1:f0df

Pfsense Status:
WAN : fdaa:bbcc:ddee:0:215:5dff:feb8:ea10 9 (DhcpV6)
LAN: 2a00:xxxx:xxxx:x802:87a1:d1ff:fea1:1000 /64 (Static)
Dhcpv6 server (enabled)
Range: 2a00:xxxx:xxxx:x802::100 to 2a00:xxxx:xxxx:x802::250 (PC are getting this range)
RA: RouterMOde Assisted.
Priority Normal
DNS Config. : 2001:4860:4860::8888

Is any thing unusual here?

Jid

@stephenw10

Thanks will try this later as its remote site .

Jid

@Jid
Just looked further on the BT Hub(under connected devices) and saw this :

GUA (Permanent)
2a00:xxxx:xxxx:x800:215:5dff:feb8:ea10
DHCP
ULA
fdaa:bbcc:ddee:0:215:5dff:feb8:ea10
Assigned by device
Link local address
fe80::215:5dff:feb8:ea10
Assigned by device
SO the Pfsense is Actually getting ipv6 in the Right Prefix via Dhcp from HUb ,HOWEVER its prefers the link-local on the WAN interface.

JKnott

@Jid said in IPV6 - pfsense behind BT Hub:

@JKnott
"With it in gateway mode, only devices connected directly to it will get an address". That is the case here .
The Probem is HOW do I get Devices on LAN side of Pfsense(connected directly to BT hub) to be able to route out in ipv6.

You don't. You're likely only getting a singe /64 from the modem. You can't take it further. You have to get the modem in bridge mode to do what you want.

JKnott

@Jid said in IPV6 - pfsense behind BT Hub:

fdaa:bbcc:ddee:0:215: is that good.

That would be a Unique Local Address, the IPv6 equivalent of IPv4 RFC 1918 addresses. It is not usable for accessing the Internet.

JKnott

@JKnott said in IPV6 - pfsense behind BT Hub:

@Jid said in IPV6 - pfsense behind BT Hub:

@JKnott
"With it in gateway mode, only devices connected directly to it will get an address". That is the case here .
The Probem is HOW do I get Devices on LAN side of Pfsense(connected directly to BT hub) to be able to route out in ipv6.

You don't. You're likely only getting a singe /64 from the modem. You can't take it further. You have to get the modem in bridge mode to do what you want.

I just did a quick search and came across this about putting your modem into bridge mode. This is what you have to do.

stephenw10

If you don't have reason not to have it in bridge mode then just do that and win. But there were some odd static v4 issues you may hit of you have a number of IPv4 addresses in a subnet they route to you.

Jid

@JKnott
Thanks
But got a /56 from BT ,i thought i could break this down into further /64 ,use one on the WAN to (same subnet as BT Lan range ,and use another in the Pfsense LAN?

JKnott

@Jid said in IPV6 - pfsense behind BT Hub:

@JKnott
Thanks
But got a /56 from BT ,i thought i could break this down into further /64 ,use one on the WAN to (same subnet as BT Lan range ,and use another in the Pfsense LAN?

That would required configuring that hub in a way that wasn't intended, so you're not likely to have much luck. while BTprovides up to a /56, in gateway mode, you only get a single /64 and there's nothing pfSense can do with that, other than act as a straigth through firewall. It's the same situation as I have hear. I have a modem from my ISP, which I have in bridge mode. It passes the full /56 to pfSense, which I can then split into 256 /64s. If my modem was in gateway mode, I would only get a singe /64. In gateway mode, it won't even provide IPv6 on the guest WiFi.

Bottom line, put it into bridge mode and pfSense will do what you want.