IPv6 with two or more LAN-side interfaces
-
Might want to hide part of the IPv6 address.
-
So is there any option left with that ISP-IPv6 or no?
-
What lengths did you try? Only 64, 63, and 60? You should at least try some other common ones: 56, 48, etc. before ruling them out.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Ok, tried them now, not working.
-
@Bob-Dig said in IPv6 with two or more LAN-side interfaces:
So is there any option left with that ISP-IPv6 or no?
You could try mentioning what ISP that is. There might be someone here who has experience with them.
-
-
Well, it's hard to know what to believe, when you won't mention who the ISP is. If all you get is a single /64, then you can't do much, as both SLAAC and DHCPv6 require a full /64 to work properly. One option would be to use he.net for a 6in4 tunnel.
They provide a /48. -
Interesting, never thought something like that with all the IPv6-addresses we got, little that I know.
The ISP is
https://www.pyur.com/Thanks @ all
-
@JKnott said in IPv6 with two or more LAN-side interfaces:
Or, if you're handy with Packet Capture and Wireshark, you can see what is provided. The prefix size and address are provided in both the Advertise XID and Reply XID lines.
Could you help me with that? I have downloaded Wireshark and also captured something and then loaded it in Wireshark.
But what should I capture in the first place and how to look for it in Wireshark would be much appreciated.
-
To capture with Wireshark, you need some way to insert a computer running it between the modem and the pfSense computer. This is can be done with a managed switch, configured for port mirroring. Failing that, you can use the Packet Capture that's built in to pfSense. You can then capture the packets when you disconnect/reconnect the WAN port. You can then download the capture to view in Wireshark. If you use a managed switch, you can capture everything from power up, instead of just disconnecting the WAN port. You want to filter on DHCPv6, which is port 546 or 547. You can use either. That should leave you with the XID packets, which you can then open and find the info.
-
@JKnott So is that it? Or is it not?
-
@JKnott Just to be sure, this is what my ISP is giving out or what I asked for? I want to be absolute sure about this once and for all.
-
I see your prefix length is 64, which means you get a single /64. My length is 56, which leaves room for 256 /64s.
Can your ISP provide a better prefix? As I mentoned, I have a /56, but other ISPs provide a /60 for 16 /64s or a /48, for 65536.
-
@JKnott Thank you.
No, as far I can tell, my ISP is not changing that. Could you call comcast and ask for a larger prefix? Sure you could, but it would took ages to get someone on the phone who is even capable of understanding it. I am almost not.Thanks again and I replaced the picture.
-
@Bob-Dig said in IPv6 with two or more LAN-side interfaces:
No, as far I can tell, my ISP is not changing that.
Have you even tried? Handing out a single /64 has to be the ultimate in stingy. There are enough /48s to give well over 4000 of them to every single person on earth and that's with only 1/8 the IPv6 address space allocated to Global Unique Addresses.
BTW, he.net will give, for free, a /48. Prior to my ISP (Rogers) offering IPv6, I used a tunnel broker who gave me a /56 for free.
-
@JKnott Most home users will not notice it anyway. I can live with it but I wanted to know it for sure.
-
Still, it wouldn't hurt to ask.
-
@JKnott It would hurt me. Had enough problems with my isp in the last years and know some thing or two how they operate.
-
Maybe you should get a different ISP then.
-
You understand it would take you all of a couple of minutes to get everything you want to do up and running with a FREE /48 from HE.. You can do your statics on and not have to worry about any changes in the prefix... You can even take the same /48 with you if you change ISPs
You also can set PTRs on this /48 space if you have any need for that, etc.
There really is little reason to have to "deal" with lack luster and shitty isps when it comes to doing ipv6.. Giving out 1 /64 is just plain stupid.. But when the vast majority of their users are using their device, and only have 1 flat network behind - why not just do it that way, etc..
So find an isp that does what you want, or just run a tunnel.. It really is a couple of minutes to setup.
