xfinity, netgear cm1000 and ipv6 problems.

hescominsoon

@hescominsoon i filed this as a bug since I have tried two different modems with the same problem:
https://redmine.pfsense.org/issues/11255

MikeV7896

It's definitely not a bug... I personally used pfSense with Comcast and had no issues with IPv6 over 5+ years. What are your WAN IPv6 settings?

For Comcast, they should be something like...

• IPv6 Configuration Type: DHCPv6
• Use IPv4 connectivity as parent interface: Pretty sure this can be set either way. If checked, IPv4 must be up and running before IPv6 is attempted.
• Request only an IPv6 prefix: Unchecked recommended; will work either way. If checked, WAN will only have a link-local IPv6 address.
• DHCPv6 Prefix Delegation size: 60 if residential service, 56 if business
• Send IPv6 prefix hint: Checked
• Do not wait for a RA: Checked

And then for your LAN(s), IPv6 Configuration Type would be "Track Interface", and the IPv6 settings would be "WAN", and pick a prefix ID.

hescominsoon

@virgiliomi said in xfinity, netgear cm1000 and ipv6 problems.:

It's definitely not a bug... I personally used pfSense with Comcast and had no issues with IPv6 over 5+ years. What are your WAN IPv6 settings?

For Comcast, they should be something like...

• IPv6 Configuration Type: DHCPv6
• Use IPv4 connectivity as parent interface: Pretty sure this can be set either way. If checked, IPv4 must be up and running before IPv6 is attempted.
• Request only an IPv6 prefix: Unchecked recommended; will work either way. If checked, WAN will only have a link-local IPv6 address.
• DHCPv6 Prefix Delegation size: 60 if residential service, 56 if business
• Send IPv6 prefix hint: Checked
• Do not wait for a RA: Checked

And then for your LAN(s), IPv6 Configuration Type would be "Track Interface", and the IPv6 settings would be "WAN", and pick a prefix ID.

Some background on myself: I am a comcast partner and, in my area at least, comcast is not giving out larger than a /64. i've been able to confirm this at multiple residential clients of mine. yes i know it's a ipv6 standard thing..but who says isp's always follow the rules?

As for the settings...that's what i had them at when things stopped working. I turned ipv6 totally off in all areas until I could get a response. I'll rebuild them back to the above configuration and try it again.

hescominsoon

@virgiliomi
ok here's what i have now:
IPv4 Address
76.100.142.xxx
Subnet mask IPv4
255.255.252.0
Gateway IPv4
76.100.140.xxx
IPv6 Link Local
fe80::217:54ff:fe02:69b5%em0
IPv6 Address
2001:558:6003:8:51ce:81db:6dce:xxxx
Subnet mask IPv6
128
Gateway IPv6
fe80::201:5cff:fe86:a446
DNS servers
127.0.0.1
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
I have enabled track interface on one internal interface. tried both id 0 and id 1. Neither of them have gotten me an ipv6 allocation:

hescominsoon

@virgiliomi
right now i am going to disable ipv6 again. i will hook up my laptop and post what i get there. I have some packet captures i can let you see as well. If you'd like to see them I'll pm you the link to where i have them stored..:)

MikeV7896

Keeping in mind that most people have a gateway (modem + router in one) rather than a separate modem and router, they will probably only ever see a /64. That's what needs to be used on a LAN, and those gateways don't usually support more than one LAN. But pfSense connected to a modem (not a gateway, unless it's in bridge mode) should be able to request a prefix that gets you multiple /64's, so you can set up multiple networks, each with their own /64.

Clearly you have a WAN address... so DHCPv6 is working. Requesting a /60 prefix on your WAN will work regardless of your service. If you have business service and need more than 16 /64's, you could request a /56. Your internal networks should be Track Interface > WAN, and each should use a different prefix ID.

hescominsoon

@virgiliomi yes i have all of those setup in the interfaces. i do NOT have an ipv6 wan address...it only get one when i plug a laptop directly into the cm1000..the pfsense box is NOT pulling an ipv6 address at all.

hescominsoon

@virgiliomi so i tried re-enabling ipv6 and i got an ipv6 address on wan..the instant i enabled track interface it dropped the ipv6 on the wan and refuses to pull ipv6 again.

MikeV7896

@hescominsoon Make sure your LAN is set to Track Interface, then go to Status > Interfaces and do a Release then Renew on your WAN interface and see if IPv6 returns.

hescominsoon

@virgiliomi they are..and tried this more than once..nothing. If i plug a laptop into the modem ipv6 works perfectly.

MikeV7896

@hescominsoon

I'm not sure what to say other than maybe try Comcast's forums or other ISP community sites on the internet for settings that will work. It's been over a year since I had Comcast service, but I used pfSense with IPv6 and had no issues for over four years using the settings I provided earlier.

If you have a gateway (modem+router) in gateway mode, pfSense won't work for IPv6 because the gateway will acquire a single /64 for its own use. I don't know if their gateways will sub-delegate additional /64's or not.

If you have a gateway that is in bridge mode, or have just a regular modem (I used both Motorola/Zoom and Arris modems over my time on Comcast), you should be able to request a /60 unless they've changed things since I left.