IPv6 Router behind router
-
@JKnott IPv6 on the WAN is fine it’s just advertising the prefix for the other router to get, that’s were I’m confused, pfsense gets a IPv6 address no problem
-
@cashew
Show your settings on the WAN and LAN interfaces.
-
@JKnott I’m doing this and the UDM Pro gets a IPV6 address I’m just unsure of how to configure pfsense to delegate a IPv6 address to the UDM Pro so that it can pass the IPv6 onto its clients
-
@cashew
Please do a screen capture of your actual WAN and LAN settings, including Router Advertisements.
-
@matthewgcampbell Did you ever get this solved?
-
@abuttino yes sure did, was new to pfsense and integrating IPv6 into networks so I had to look though the docs on both pfsense and how IPv6 works. I did kinda leave this post unanswered. What do you need help with?
-
@matthewgcampbell What did the end configuration look like? Did you have to enable the DHCPV6 server on pfSense? RA on pfSense? What about the WAN/LAN side of them Unifi controller (UDM)?
I worked for a week trying to get this right and had to settle with tunnel broker.
Sending a few screenshots would make my day, that's for sure
Thanks for writing back!
-
@abuttino yeah you need to setup a DHCPv6 server on pfsense as that is the only *current implementation that the UDM Pro supports without hacking around. Other than that the specifics would need to be tuned to your environment, ie how big of a IPv6 block is delegated to you from your isp, how often it changes, mine hasn’t changed for 5 years, etc.
-
@matthewgcampbell How did you set up the wan/lan on the UDM? WAN DHCPV6, but, who issues the DHCPV6 on the UDM? pfSense? Unifi? ID#? PD subnet?
Do you have any anonymized screenshots (black out subnet data) you can provide?
I'm just lost here.
-
@abuttino I’ll have to put some screenshots and examples together, what exactly does your typology look like? how big is the subnet delegated to you by your isp?
-
@matthewgcampbell my ISP gives me a /56. Using the DHCP v6 from pfsense, it would only give the USG a /128, no matter what I used on pfSense.
-
I assume that /128 is your WAN address. That's entirely normal, as it's not used for routing. With IPv6, the link local address is often used for routing.
-
@JKnott Unfortunately, I couldn't end up getting the lan dhcpv6 on the USG to give addresses out. I tried for a solid week.
-
Try capturing the DHCPv6-PD sequence from your ISP.
To do that, shut pfsense down and disconnect the WAN port. Then reboot and run Packet Capture on the WAN port, filtering on DHCPv6. You can filter port 546 or 547. Then reconnect the WAN port. Post the capture here.
-
I would like to see @matthewgcampbell 's setup on pfSense DHCPv6 and RA so I can just figure it out from his settings. I am pretty astute.
-
The reason I asked for the capture was to see what the ISP is sending you. A couple of years ago I had a problem that was caused by my ISP. By examining the capture, I was not only able to verify the problem was at the ISP, but also able to identify the failing system by host name.
-
Unfortunately, what you are asking, I cannot do. The system is in AZ and I'm visiting NY for another week.
I can definitely tell you pfSense is getting an /56 IPv6. Then turning on pfSense's DHCPv6 server I get a /128 on my Unifi USG WAN port.
What I was hoping is, pfSense would issue a /64 to the downstream router, which the pfSense's DHCP server is configured to give.
This concept is quite new to me, obviously :)
Falling short of screenshots which would give routable IP addresses..
IP Supplied by ISP on WAN
aaaa:bbbb:cccc:92ef:eeee:fffff:fffff:fffff
LAN Track Interface:
aaaa:bbbb:cccc:1300:eeee:ffff:ffff:fffffFrom what I remember /56 is:
aaaa:bbbb:cccc::/56
(first 3)DHCP Prefix delegation From:
aaaa:bbbb:cccc:1300:eeee:ffff:ffff:fffff
To:
aaaa:bbbb:cccc:1400:eeee:ffff:ffff:fffff
RA: StatelessUSG gets:
aaaa:bbbb:cccc:1300:eeee:ffff:ffff:7d1/128 -
Pfsense will create a /64 on the LAN interface. It will not provide anything to a downstream router unless you configure that. You'd then have to configure the downstream router to do something with it. So, your first step would be to configure pfsense to route 1 or more /64s to the downstream router.
-
@JKnott Could have sworn I already did that in the DHCPV6.
-
All DHCPv6 does is provide some addresses to the clients. DHCPv6-PD provides your /56 prefix to Pfsense. Pfsense provides indiviual /64s from your /56 to individual interfaces. Anything beyond that, such has a downstream router, has to be configured in one way or another. One possibility is to configure DHCPv6-PD the LAN or other interface to provide a prefix to the downstream router. The other way is to manually configure routes, unless you want to get into OSPF. Then you have to configure the downstream router. It doesn't just happen automagically.
