IPv6 Router behind router
-
@JKnott Yeah so my UDM Pro does get a IPv6 address but its just that i cant get it to pass on the LAN /64 address it gets to its clients, could it be more of a UDM Pro config problem then?
-
@cashew
Is your modem in bridge or gateway mode? You want bridge.
-
@JKnott it’s the pfsense that is acting as the gateway, unsure of how to put it into bridge mode for IPv6
-
@cashew
You put the modem in bridge mode, not pfsense. For example, my modem came in gateway mode, which provides a single /64. With it in bridge mode, I could use pfsense for my firewall/router and received a /56 prefix from my ISP with DHCPv6-PD. This can provide up to 256 /64s.
-
@JKnott so the UDM Pro should be able to use the DHCPV6-PD and give out IPv6 to its LAN?
-
@cashew
I would assume so, but can't say for certain, as I'm not familiar with it. DHCPv6-PD is the way most ISPs provide IPv6. However not all modems can handle it. I had to change modems to get IPv6.
-
@JKnott yeah my ISP router is in bridge mode, but I have AT&T and have to use this but when doing so I get a /60 on the WAN my problem is configuring Pfsense so that my UDM Pro can get the IPV6 prefix from the LAN port, but since I have DHCPV6 I can’t start my own DHCPv6 server were my UDM Pro would be able to get the delegated prefix from pfsense, my only other option is static, but when I configure it as static the UDM Pro gets a IPv6 address but it just won’t hand it out the clients.
-
@cashew
Are you trying to get an IPv6 address on the WAN side of pfsense? If so, don't worry about it, as you don't need one. With IPv6, routing is often done with link local addresses.
-
@JKnott IPv6 on the WAN is fine it’s just advertising the prefix for the other router to get, that’s were I’m confused, pfsense gets a IPv6 address no problem
-
@cashew
Show your settings on the WAN and LAN interfaces.
-
@JKnott I’m doing this and the UDM Pro gets a IPV6 address I’m just unsure of how to configure pfsense to delegate a IPv6 address to the UDM Pro so that it can pass the IPv6 onto its clients
-
@cashew
Please do a screen capture of your actual WAN and LAN settings, including Router Advertisements.
-
@matthewgcampbell Did you ever get this solved?
-
@abuttino yes sure did, was new to pfsense and integrating IPv6 into networks so I had to look though the docs on both pfsense and how IPv6 works. I did kinda leave this post unanswered. What do you need help with?
-
@matthewgcampbell What did the end configuration look like? Did you have to enable the DHCPV6 server on pfSense? RA on pfSense? What about the WAN/LAN side of them Unifi controller (UDM)?
I worked for a week trying to get this right and had to settle with tunnel broker.
Sending a few screenshots would make my day, that's for sure
Thanks for writing back!
-
@abuttino yeah you need to setup a DHCPv6 server on pfsense as that is the only *current implementation that the UDM Pro supports without hacking around. Other than that the specifics would need to be tuned to your environment, ie how big of a IPv6 block is delegated to you from your isp, how often it changes, mine hasn’t changed for 5 years, etc.
-
@matthewgcampbell How did you set up the wan/lan on the UDM? WAN DHCPV6, but, who issues the DHCPV6 on the UDM? pfSense? Unifi? ID#? PD subnet?
Do you have any anonymized screenshots (black out subnet data) you can provide?
I'm just lost here.
-
@abuttino I’ll have to put some screenshots and examples together, what exactly does your typology look like? how big is the subnet delegated to you by your isp?
-
@matthewgcampbell my ISP gives me a /56. Using the DHCP v6 from pfsense, it would only give the USG a /128, no matter what I used on pfSense.
-
I assume that /128 is your WAN address. That's entirely normal, as it's not used for routing. With IPv6, the link local address is often used for routing.
