IPv6 with two or more LAN-side interfaces

Bob.Dig

Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD, len 41
Feb 14 17:01:41 pfSense dhcp6c[73783]:   IA_PD: ID=0, T1=302400, T2=483840
Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD prefix, len 25
Feb 14 17:01:41 pfSense dhcp6c[73783]:   IA_PD prefix: 2a02:xxxx:xxxx:xxxx::/64 pltime=604800 vltime=1209600
Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option preference, len 1

NogBadTheBad

@Bob-Dig

Might want to hide part of the IPv6 address.

Bob.Dig

So is there any option left with that ISP-IPv6 or no?

jimp

What lengths did you try? Only 64, 63, and 60? You should at least try some other common ones: 56, 48, etc. before ruling them out.

Bob.Dig

@jimp Ok, tried them now, not working.

JKnott

@Bob-Dig said in IPv6 with two or more LAN-side interfaces:

So is there any option left with that ISP-IPv6 or no?

You could try mentioning what ISP that is. There might be someone here who has experience with them.

Bob.Dig

@JKnott Na, as I was mentioning they are doing 1:1 CG-NAT (IPv4) nobody could believe that here.
I am pretty sure they only do /64, so what are my options?

JKnott

@Bob-Dig

Well, it's hard to know what to believe, when you won't mention who the ISP is. If all you get is a single /64, then you can't do much, as both SLAAC and DHCPv6 require a full /64 to work properly. One option would be to use he.net for a 6in4 tunnel.
They provide a /48.

Bob.Dig

Interesting, never thought something like that with all the IPv6-addresses we got, little that I know.
The ISP is
https://www.pyur.com/

Thanks @ all

Bob.Dig

@JKnott said in IPv6 with two or more LAN-side interfaces:

Or, if you're handy with Packet Capture and Wireshark, you can see what is provided. The prefix size and address are provided in both the Advertise XID and Reply XID lines.

Could you help me with that? I have downloaded Wireshark and also captured something and then loaded it in Wireshark.

But what should I capture in the first place and how to look for it in Wireshark would be much appreciated.

JKnott

@Bob-Dig

To capture with Wireshark, you need some way to insert a computer running it between the modem and the pfSense computer. This is can be done with a managed switch, configured for port mirroring. Failing that, you can use the Packet Capture that's built in to pfSense. You can then capture the packets when you disconnect/reconnect the WAN port. You can then download the capture to view in Wireshark. If you use a managed switch, you can capture everything from power up, instead of just disconnecting the WAN port. You want to filter on DHCPv6, which is port 546 or 547. You can use either. That should leave you with the XID packets, which you can then open and find the info.

Bob.Dig

@JKnott So is that it? Or is it not?

Bob.Dig

@JKnott Just to be sure, this is what my ISP is giving out or what I asked for? I want to be absolute sure about this once and for all.

JKnott

@Bob-Dig

I see your prefix length is 64, which means you get a single /64. My length is 56, which leaves room for 256 /64s.

Can your ISP provide a better prefix? As I mentoned, I have a /56, but other ISPs provide a /60 for 16 /64s or a /48, for 65536.

Bob.Dig

@JKnott Thank you.
No, as far I can tell, my ISP is not changing that. Could you call comcast and ask for a larger prefix? Sure you could, but it would took ages to get someone on the phone who is even capable of understanding it. I am almost not.

Thanks again and I replaced the picture.

JKnott

@Bob-Dig said in IPv6 with two or more LAN-side interfaces:

No, as far I can tell, my ISP is not changing that.

Have you even tried? Handing out a single /64 has to be the ultimate in stingy. There are enough /48s to give well over 4000 of them to every single person on earth and that's with only 1/8 the IPv6 address space allocated to Global Unique Addresses.

BTW, he.net will give, for free, a /48. Prior to my ISP (Rogers) offering IPv6, I used a tunnel broker who gave me a /56 for free.

Bob.Dig

@JKnott Most home users will not notice it anyway. I can live with it but I wanted to know it for sure.

JKnott

@Bob-Dig

Still, it wouldn't hurt to ask.

Bob.Dig

@JKnott It would hurt me. Had enough problems with my isp in the last years and know some thing or two how they operate.

JKnott

@Bob-Dig

Maybe you should get a different ISP then.