IPv6 DHCPv6 Leases Not Being Assigned on pfSense LAN Network
-
My goal is to setup a working DHCPv6 on my pfSense LAN network. Unfortunately I have not been able to successfully assign IPv6 addresses to my LAN network, I am reaching out here for assistance to do so.
I'll firstly show a diagram of my network and where the pfSense box sits. In the below diagram you will notice that my pfSense box is connected to my ISP router using the WAN 192.168.20.140.
IPv6 is working perfectly on my 'Home Network' (directly connected to my ISP router) but IPv6 addresses are not being registered on my pfSense LAN network.
.
WAN is setup with the below settings:-
LAN with these settings:-
and the DHCPv6 settings as follows:-
No matter what I change I just cannot seem to see any leases in the 'DHCPv6 Leases' section. Am I missing something? Hoping someone is able to point me in the right direction to enable IPv6 on my LAN.
-
your double natting, for you to get ipv6 on pfsense lan you would have to use prefix delegation from your ISP router to pfsense, so it could track and get an IPv6 prefix for your lan..
Highly doubt your isp router supports such an option.
-
@johnpoz Thank you so much for your reply.
Would you have a alternative setup suggestion for me? What's the best way to setup for this scenario?
-
Does your ISP even support Prefix delegation? They have to hand you say a /56 or /60 so that pfsense can use a /64 out of that range on its lan side networks..
You need a device directly connected to your ISP that understand that - say pfsense ;)
Or you if your going to run a device in front of pfsense, it would have to support downstream delegation of the prefix so that pfsense could then hand that out to clients behind it. I find that highly unlikely in any sort of isp supplied device or any soho device you would pick up off the shelf and your local computer store.
Pfsense can do it ;)
To be honest - the easiest way to get IPv6 behind pfsense in your current setup - regardless of what your isp supports or what your device in front of pfsense supports is to just setup a ipv6 tunnel with Hurricane electric (free).. They will give you a /48 that you can then break up into /64s behind pfsense.
https://www.tunnelbroker.net/
If you just need 1 network (/64) you can get that as well and setup via tunnel.. Setup is only a few minutes, and documentation all over the place on how to do it.. Or if you want to go that route can help you.. I have been running HE tunnel with pfsense for like 10 years..
https://docs.netgate.com/pfsense/en/latest/interfaces/using-ipv6-with-a-tunnel-broker.html
-
Thanks @johnpoz - extremely helpful information.
Another question if I may? Do you think another good solution would be bridging the ISP modem / router with pfSense. I haven't done this before but I assume I would set the modem to bridge mode and then enter my PPPoE details in pfSense.
What are you thoughts there?
-
Yeah if you can turn your device into only a "modem" where pfsense directly gets your public IP, and any other info from your ISP, ie the prefix delegation then yeah that would work too.
Couple of caveats to that.. You would normally not be able to use its wireless when you put it into bridge mode.. From your drawing I take it your currently using that.
2nd would be that with delegation of a prefix and tracking of the /64 to use behind pfsense.. You can run into issues where this delegation changes, so the prefix used changes.. Ie your ipv6 could change on you.
Nice thing with the tunnel, is assignment of IP prefixes you want to use are static.. So no worry about changes, and you can take these IPv6 with you - if you change your isp, you still would be using same IPv6 space.. Even if your new ISP doesn't even support IPv6.. You also have the ability with HE to setup PTRs on your IPv6 space.. There are many advantages to just using a tunnel.. But sure if you can put your device into bridge mode you should be able to get the delegation to work.. That is if your ISP even support it, some ISPs only hand out 1 /64
-
@johnpoz Your correct - I was going to ask about that, wireless is being used. I guess I could setup another wireless point running off the pfSense LAN.
Good thing is that my modem / router is able to be bridged and my IP has provided fixed IP addresses.
So would I be correct in assuming that once I setup my modem / router to bridged mode then I connect a cable from the modems (ethernet / WAN port) to the pfSense WAN port.
-
@daygle said in IPv6 DHCPv6 Leases Not Being Assigned on pfSense LAN Network:
No matter what I change I just cannot seem to see any leases in the 'DHCPv6 Leases' section. Am I missing something? Hoping someone is able to point me in the right direction to enable IPv6 on my LAN.
Is your modem in bridge or gateway mode? It has to be in bridge mode. If in gateway, only devices directly connected to it will get IPv6 addresses. For example, I get a /56 prefix from my ISP, with the modem in bridge mode, which pfSense can then split into 256 /64s. In gateway mode, I only get as single /64, which cannot be passed through pfSense.