No LAN IPv6 address with Track Interface on WAN
-
You can't do that. With IPv6, the LAN is supposed to be a /64 only. If you split it, you will break some things.
That's what I'd read as well but a few posts above you mentioned it was possible to further subnet /64 with manually configured routing.
it still seems like it's not possible to have pfSense further subnet a /64 address on the WAN such that clients on the LAN interface can use IPv6
You should be able to, but you can't use DHCPv6-PD to provide it. You have to manually configure routing to do it.
The pfSense documentation also has an IPv6 Subnet Table which has prefix lengths > 64 bits.
Chasing my ISP will be fruitless. They are essentially a cable TV company who do everything they can to avoid support. I did take a look at the tunnel option and it should work but my goal was to have a seamless IPv6 experience. No extra dyndns etc.
I actually had another idea. The only reason I have separate WAN and LAN networks is for a firewall. If I switch to an Internal/External Bridge I should be able to use my modem's IPv6 DHCP server (which works well) and still keep my firewall.
-
https://www.boards.ie/ttfpost/108440018
Virgin Hub 3 has modem mode which is same as thing as bridge mode Modem only To have modem mode as an option you must be on a IPv4 address If you don't see modem mode listed your hub is using a Dslite IPv6 address You won't see modem mode when you are on a Dslite IPv6 address You can request virgin media to put your Hub on a IPv4 address to have access to modem mode Modem Mode you connect a Cat 5e or Cat 6 ethernet cable from a lan port on the hub to wan port on a different router All routing and wifi will be controlled by your own router -
@Bob-Dig thx. Any idea if getting Virgin to switch the modem back to IPv4 removes IPv6? It's IPv6 connectivity that I'd like to have working.
-
You can have other sizes for routing etc., but LANs require a /64. SLAAC depends on it.
-
@azaclauson
Having the modem in bridge mode allows pfSense to work with what's behind it. To use IPv6, the ISP normally uses DHCPv6-PD, which provides the prefix that pfSense assigns to the LANs. You may also have an IPv6 WAN address, which has absolutely nothing to do with the LAN prefixes, or routing for that matter. -
To use IPv6, the ISP normally uses DHCPv6-PD
Yes but as best I can tell that's my exact problem. My ISP is not providing Prefix Delegation. Instead a single /64 network is available on the modem.
I have been relatively successful switching pfSense from operating as a router between the WAN and LAN interfaces to instead operating as a transparent bridge. I've now got usable DHCP IPv6 addresses on my Windows and Linux machines and I can set firewall rules. I think there's still something missing with Router Advertisements but I can play around with that further. For the moment I know have a local firewalled IPv6 network.
-
@azaclauson said in No LAN IPv6 address with Track Interface on WAN:
Yes but as best I can tell that's my exact problem. My ISP is not providing Prefix Delegation. Instead a single /64 network is available on the modem.
How can you tell that, when you're not set up to use prefix delegation? You will not see it coming from a modem in gateway mode, ever. You will see it only in bridge mode. All you'll see in gateway mode is router advertisements containing the prefix for the connected LAN.
I posted a full DHCPv6 sequence earlier, which shows the PD part. Do you see anything like that coming from your modem? If not, you don't have it. If you want to have more than 1 /64, you must use bridge mode. There is no way around that.
-
Hi very new to IPv6 but I am in exact same scenario. Modem is in gateway mode and cannot but put into bridge.
Modem's IPv6 is /64 and plugged into WAN on pfsense and pfsense gets an IPv6 ip on WAN.
What I am a little confused about is what DHCPv6 Relay is for? Was thinking I could relay the DHCPv6 IPs my modem is handing out to my LAN but apparently not as I'm not seeing that suggested. I'm guessing if the LAN did pick up these relayed addresses that would be a routing problem I'm not quite grasping?
Thanks
-
As on IPv4, the relay simply means your DHCP server is elsewhere, instead of on the local network. It forwards the DHCP requests to that remote server.
-
Thanks @JKnott
So I was thinking thats why this would be viable in this scenario where WAN which sees DHCPv6 server (my non bridged modem) and could theoretically relay and hand out address on my lan. I guess though there would be routing problems without a lot of static routes. ie gateway modem wouldn't know how to route to the IPV6 LAN clients through pfsesne unless it could take static routes (and mine cant) and pfsense would think any traffic it gets on LAN for the locally assigned IPv6 addresses should go out WAN without static routes as well. -
@Jim-Coogan what ended up being a show stopper for me was my ISP only allocating a /64 range to my modem. For DHCPv6 relay to work with pfSense acting as a router you need to be able to use DHCPv6 with Prefix Delegation. To do that you need a bigger allocation than /64, e.g. /56 or /60 etc.
