IPv6 Tracking Interfaces Lose IPv6 Address

Bob.Dig

@mcury I have another router in front of my pfsense and every time the prefix changes, I have to reboot pfSense (via cron) to notice this change. It problaby would work ootb with a modem/bridge.

mcury

ISP modem is set to bridge mode, pfsense is receiving public IP address..
For IPv6 I get a /64 only, which is being provided to my VLAN10 (wifi vlan) with track interface prefix 0.
Reconnecting the devices to the AP solves the problem. It works for one hour or maybe two..

Bob.Dig

@mcury What ISP is it?

mcury

@bob-dig said in IPv6 Tracking Interfaces Lose IPv6 Address:

@mcury What ISP is it?

NET Virtua (also called as Claro or Embratel).
Unfortunately in Brazil it's the only one I can use that works with bridge mode.. Very few options over here..

johnpoz

@mcury said in IPv6 Tracking Interfaces Lose IPv6 Address:

Very few options over here..

Just going to throw this out there, as an option to crappy isp IPv6 deployments.

https://tunnelbroker.net/

You can get a /48, its static - no worry about changing prefixes. You even have PTR control. If you change isp - you still use your same /48.. It takes all of a couple of min to setup on pfsense.

Now you can enable IPv6 on all your vlans.. /48 has 65k /64s to use..

They do have a pop in South America even - located in Bogota, CO

I honestly don't get why people put up with the shitty isp ipv6 deployments - a single /64? WTF!! at min they should give you a /56..

mcury

Done, pretty easy indeed, thanks johnpoz.
Now getting a /48, already using two /64, one in LAN and other in WIFI.
ipv6-test.com tests success for both networks.

Latency could be better, but hey, I have a /48 now :)

johnpoz

South America - not the most well connected internet area of the world to be honest.. I take in that pop not all that close to you even.. And its the only one they have in that area.. I would think they would have one is São Paulo, which is where all of the stuff we route in an out of South America goes through..

Mine is a tad better ;)

mcury

It would be nice to have a he tunnel in Sao Paulo indeed.. I'm from Rio, the latency would be pretty nice..

But still, it would be worse than yours.. kkkk tad better is being nice with me :)

johnpoz

You could reach out to them, or check on their forums to see if any plans on new pop closer to you.. They have a lot of them.. Seems odd why not in São Paulo

mcury

I'm searching their forum already, found an user that is saying that the latency from BR to US is better than BR to CO.. hmm, let me change to US to test

johnpoz

Yeah could be issues with peering... Many many years ago, I have been using them for like 11 or something.. When first brought up tunnel, there was no peering with my isp at the time.. And trying to use their chicago pop routed through new york ;)

So might be possible you get better latency with a different pop.. That has better peering with your isp or isps in the area that your isp peers with, etc..

edit: Just looked they have a couple in Miami, FL - you could try those.. Good luck and enjoy.. While sure you can have some added latency with the tunnel, and a bit over overhead.. It is just some much better than really any isp ipv6 nonsense.. I really don't get why its so difficult for them..

mcury

Pinged all North America pops and found the following:

Ashburn, VA, US 135 ms
Calgary, AB, CA 176 ms
Chicago, IL, US 134 ms
Dallas,  TX, US 158 ms
Denver,  CO, US 158 ms
Freemont,CA, US 183 ms
Freemont,CA, US 181 ms
Honolulu,HI, US 230 ms 
Kansas,  MO, US 146 ms
LA,      CA, US 173 ms
MIAMI,   FL, US 141 ms
NY       NY, US 117 ms  <<< New York 117 ms is pretty nice
Phoenix  AZ, US 167 ms
Seattle  WA, US 187 ms
Toronto  ON, CA 140 ms
Winnipeg MB, CA 162 ms

Much better than CO indeed

Good luck and enjoy..

Thanks :)

johnpoz

Yeah all comes down to peering ;)

From just geographic distance you would think Miami would be better than NY ;)

Other than HI, all of those are better than the South American one - that is just crazy...

JKnott

@mcury said in IPv6 Tracking Interfaces Lose IPv6 Address:

Now getting a /48, already using two /64, one in LAN and other in WIFI.

Why do you have your WiFi on a separate network, other than guest WiFi? The only time I've had my main WiFi separate was back in the days when I was using 802.11b and WEP. I put my WiFi on the outside of my firewall and used a VPN to access my network. Currently, I have a guest WiFi on a separate network that's not even allowed to reach anything on my other networks.

Anyhow, that's 2 down, 46 to go.

JKnott

@johnpoz said in IPv6 Tracking Interfaces Lose IPv6 Address:

From just geographic distance you would think Miami would be better than NY ;)

But perhaps not the telecom distance. There are certain cities where the international carriers appear and the local carriers meet them there. However, this map shows more fibre going from Brazil to Florida than NYC.

BTW, many years ago, when I was working for a telecom carrier, I often worked with some of the international carriers in Toronto, in the same building where he.net is.

johnpoz

@jknott said in IPv6 Tracking Interfaces Lose IPv6 Address:

Why do you have your WiFi on a separate network

Because he wants it that way ;)

I have my trusted wifi on my lan network.. But it uses eap-tls to auth.. And only "my" devices (phone, tablet) can connect. But all of my other wifi networks are on their own vlan.. Guest being 1 of them, but also 2 more for iot and media devices (roku, etc.)

mcury

WIFI is separated from my LAN due to pfblockerng, I was filtering only my LAN network, and leaving WIFI without any filtering..

I also have a personal NAS , which I don't let WIFI users to reach it.. Only port 32400 is allowed for Plex access.

Unfortunately Guest network (VLAN20) is disabled since a long time..
Back in the days before the pandemic I used to make a barbecue with friends once a week and they used the GUEST WIFI, hope those days come back..

If I receive friends today, they will have WPA3, and IPv6 hehe :)
Using a nanohd to split the wifi networks in VLANs

johnpoz

@mcury said in IPv6 Tracking Interfaces Lose IPv6 Address:

they will have WPA3

Something I ran into - maybe it would effect you. I had turned my guest ssid to wpa3 only.. This broke the qr code I had printed on cards for guest to use. If manually added the network it worked just fine.

I had to enable transition mode where wpa2 was on the same ssid.. If your device is wpa3 capable it says it uses that via what my phone says (developer profile on iphone).. But when it was wpa3 only - the qr code would not work, unable to join network.

Just in case you might be doing the same sort of thing with qr codes.. Friends don't like typing in 20+ character psks ;) hehehe

mcury

hmm, nice to know, I didn't test the QR code feature yet, usually I give them the password in the old way, old school password share :)

johnpoz

Yeah I started a thread over on their forums about it

https://community.ui.com/questions/wpa3-qr-code-generation/538e4658-37e7-46a3-882d-ec46ad722744

It's gotten a few responses - but no actual solution.