Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 with two or more LAN-side interfaces

    Scheduled Pinned Locked Moved IPv6
    61 Posts 6 Posters 7.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @NogBadTheBad
      last edited by Bob.Dig

      @NogBadTheBad Looks like it:

      Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD, len 41
      Feb 14 17:01:41 pfSense dhcp6c[73783]:   IA_PD: ID=0, T1=302400, T2=483840
      Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD prefix, len 25
      Feb 14 17:01:41 pfSense dhcp6c[73783]:   IA_PD prefix: 2a02:xxxx:xxxx:xxxx::/64 pltime=604800 vltime=1209600
      Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option preference, len 1
      
      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @Bob.Dig
        last edited by NogBadTheBad

        @Bob-Dig

        Might want to hide part of the IPv6 address.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 1
        • Bob.DigB
          Bob.Dig LAYER 8
          last edited by

          So is there any option left with that ISP-IPv6 or no?

          JKnottJ 1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            What lengths did you try? Only 64, 63, and 60? You should at least try some other common ones: 56, 48, etc. before ruling them out.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            Bob.DigB 1 Reply Last reply Reply Quote 1
            • Bob.DigB
              Bob.Dig LAYER 8 @jimp
              last edited by Bob.Dig

              @jimp Ok, tried them now, not working.

              1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @Bob.Dig
                last edited by

                @Bob-Dig said in IPv6 with two or more LAN-side interfaces:

                So is there any option left with that ISP-IPv6 or no?

                You could try mentioning what ISP that is. There might be someone here who has experience with them.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                Bob.DigB 1 Reply Last reply Reply Quote 1
                • Bob.DigB
                  Bob.Dig LAYER 8 @JKnott
                  last edited by Bob.Dig

                  @JKnott Na, as I was mentioning they are doing 1:1 CG-NAT (IPv4) nobody could believe that here.
                  I am pretty sure they only do /64, so what are my options?

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @Bob.Dig
                    last edited by

                    @Bob-Dig

                    Well, it's hard to know what to believe, when you won't mention who the ISP is. If all you get is a single /64, then you can't do much, as both SLAAC and DHCPv6 require a full /64 to work properly. One option would be to use he.net for a 6in4 tunnel.
                    They provide a /48.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 1
                    • Bob.DigB
                      Bob.Dig LAYER 8
                      last edited by Bob.Dig

                      Interesting, never thought something like that with all the IPv6-addresses we got, little that I know.
                      The ISP is
                      https://www.pyur.com/

                      Thanks @ all

                      1 Reply Last reply Reply Quote 0
                      • Bob.DigB
                        Bob.Dig LAYER 8 @JKnott
                        last edited by Bob.Dig

                        @JKnott said in IPv6 with two or more LAN-side interfaces:

                        Or, if you're handy with Packet Capture and Wireshark, you can see what is provided. The prefix size and address are provided in both the Advertise XID and Reply XID lines.

                        Could you help me with that? I have downloaded Wireshark and also captured something and then loaded it in Wireshark.

                        But what should I capture in the first place and how to look for it in Wireshark would be much appreciated.

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @Bob.Dig
                          last edited by

                          @Bob-Dig

                          To capture with Wireshark, you need some way to insert a computer running it between the modem and the pfSense computer. This is can be done with a managed switch, configured for port mirroring. Failing that, you can use the Packet Capture that's built in to pfSense. You can then capture the packets when you disconnect/reconnect the WAN port. You can then download the capture to view in Wireshark. If you use a managed switch, you can capture everything from power up, instead of just disconnecting the WAN port. You want to filter on DHCPv6, which is port 546 or 547. You can use either. That should leave you with the XID packets, which you can then open and find the info.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          Bob.DigB 1 Reply Last reply Reply Quote 0
                          • Bob.DigB
                            Bob.Dig LAYER 8 @JKnott
                            last edited by Bob.Dig

                            @JKnott So is that it? Or is it not? ☺

                            Capture.JPG

                            Bob.DigB JKnottJ 2 Replies Last reply Reply Quote 0
                            • Bob.DigB
                              Bob.Dig LAYER 8 @Bob.Dig
                              last edited by Bob.Dig

                              @JKnott Just to be sure, this is what my ISP is giving out or what I asked for? I want to be absolute sure about this once and for all.

                              1 Reply Last reply Reply Quote 0
                              • JKnottJ
                                JKnott @Bob.Dig
                                last edited by

                                @Bob-Dig

                                I see your prefix length is 64, which means you get a single /64. My length is 56, which leaves room for 256 /64s.

                                Can your ISP provide a better prefix? As I mentoned, I have a /56, but other ISPs provide a /60 for 16 /64s or a /48, for 65536.

                                PfSense running on Qotom mini PC
                                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                UniFi AC-Lite access point

                                I haven't lost my mind. It's around here...somewhere...

                                Bob.DigB 1 Reply Last reply Reply Quote 1
                                • Bob.DigB
                                  Bob.Dig LAYER 8 @JKnott
                                  last edited by Bob.Dig

                                  @JKnott Thank you.
                                  No, as far I can tell, my ISP is not changing that. Could you call comcast and ask for a larger prefix? Sure you could, but it would took ages to get someone on the phone who is even capable of understanding it. I am almost not.

                                  Thanks again and I replaced the picture.

                                  JKnottJ 1 Reply Last reply Reply Quote 0
                                  • JKnottJ
                                    JKnott @Bob.Dig
                                    last edited by

                                    @Bob-Dig said in IPv6 with two or more LAN-side interfaces:

                                    No, as far I can tell, my ISP is not changing that.

                                    Have you even tried? Handing out a single /64 has to be the ultimate in stingy. There are enough /48s to give well over 4000 of them to every single person on earth and that's with only 1/8 the IPv6 address space allocated to Global Unique Addresses.

                                    BTW, he.net will give, for free, a /48. Prior to my ISP (Rogers) offering IPv6, I used a tunnel broker who gave me a /56 for free.

                                    PfSense running on Qotom mini PC
                                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                    UniFi AC-Lite access point

                                    I haven't lost my mind. It's around here...somewhere...

                                    Bob.DigB 1 Reply Last reply Reply Quote 0
                                    • Bob.DigB
                                      Bob.Dig LAYER 8 @JKnott
                                      last edited by

                                      @JKnott Most home users will not notice it anyway. I can live with it but I wanted to know it for sure.

                                      JKnottJ 1 Reply Last reply Reply Quote 0
                                      • JKnottJ
                                        JKnott @Bob.Dig
                                        last edited by

                                        @Bob-Dig

                                        Still, it wouldn't hurt to ask.

                                        PfSense running on Qotom mini PC
                                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                        UniFi AC-Lite access point

                                        I haven't lost my mind. It's around here...somewhere...

                                        Bob.DigB 1 Reply Last reply Reply Quote 0
                                        • Bob.DigB
                                          Bob.Dig LAYER 8 @JKnott
                                          last edited by Bob.Dig

                                          @JKnott It would hurt me. Had enough problems with my isp in the last years and know some thing or two how they operate.

                                          JKnottJ 1 Reply Last reply Reply Quote 0
                                          • JKnottJ
                                            JKnott @Bob.Dig
                                            last edited by

                                            @Bob-Dig

                                            Maybe you should get a different ISP then.

                                            PfSense running on Qotom mini PC
                                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                            UniFi AC-Lite access point

                                            I haven't lost my mind. It's around here...somewhere...

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.