how do i set pfsense to get ipv6 from isp
-
@stephenw10
it is pppoe basedAfter a conversation with my ISP ("CCC" in israel)
They say I get an ipv6 address
(Appears to them on the computer that I have an address)
I just do not see it or something like thatI did not touch or change anything in the ipv6 settings
I always got an address automaticallyIt could be that in version 2.4.5 it was different
I do not know -
@firefox said in how do i set pfsense to get ipv6 from isp:
They say I get an ipv6 address
Are you getting a WAN address? Also, packet captures can do wonders when trying to solve problems. Try this:
Shut down pfsense & unplug WAN cable
Reboot pfsense and run Packet Capture on the WAN port, filtering on port 546 or 547
Plug in WAN cable
Post the capture file hereBTW, it really can help if you mention your ISP, in case someone else here has experience with them.
-
Enable 'Debug' in the dhcpb6 client settings. Check the dhcp logs after connecting.
If you are pulling a prefix only you want see that unless you have an internal interface set to use it.
Steve
-
@jknott
I wrote that my ISP is CCC IN israelAre the settings that appear on the screenshots I uploaded correct?
Maybe there
I need to change something -
Sorry, I must have missed that. However, I see you gave a prefix delegation size of 64. If your ISP provides only a /64, then you can't pass IPv6 onto your LAN. If the ISP provides a different size then you use that number. For example my ISP provides a /56, which I can then split into 256 /64s on the LAN side.
-
Yeah, I pull a /56 here with link-local on WAN.
You could pull a /64 and use it only on LAN. Make sure you are requesting the correct prefix size though. I have seen that fail if it's not exactly what the ISP is offering.
-
@jknott
i try that again
And now I see the ipv6why it says offline packetloss ?
-
@firefox
Your ISP's router may not be responding to IPv6 ping requests. Maybe do a IPv6 traceroute (you might need to temporarily disable monitoring to do this, see below) and try using hop #3 or 4 as the monitoring IP address, or use something more global like Google DNS or something. Or you can change the gateway setting to disable the monitoring (System > Routing > [edit the IPv6 gateway] > check "Disable Gateway Monitoring"), though that might affect failover if you have dual WAN. -
@virgiliomi
Or not use gateway monitoring. I don't use it, as it doesn't do much for most users.
-
updating
I returned everything to the previous state
Ipv4 only
Because for some reason everything works slowly
I currently will not use ipv6 maybe I will try again in a few months -
Yeah, that's typical of having partial v6 connectivity. Most operating systems will try to use it first if they think they have a v6 connection. If that is broken you have to wait for it to timeout before it tries v4 resulting in a pretty bad experience!
-
@stephenw10
Is there a way around this?
Any page loaded in a second or two
Loads after 10 or 20 seconds -
You can probably configure the clients to use only IPv4 or use v4 by default.
Otherwise you need to either have fully functioning IPv6 or none.
Steve
-
While you can normally adjust a OS preference to ipv4 from v6. Some devices are more difficult than others, and can be difficult to actually disable completely.
If you are having issues with ipv6 - the simple solution is just not provide it at all.. Which is easy enough to disable at pfsense. Its much easier to do that way, then trying to configure each client to not use ipv6 or prefer v4 over, etc.
I don't provide any automatic IPv6 to any clients on any of my vlans. But I can configure clients on the vlans I have it enabled manually to use it..
-
i disabled ipv6
on my pc
Now it works properlyThanks
-
@firefox said in how do i set pfsense to get ipv6 from isp:
i disabled ipv6
on my pc
Now it works properlyThanks
Smart move! Here you can see why:
https://www.youtube.com/watch?v=Vt4Jl4t43ug -
I wouldn't put much stock in what that guy says. He doesn't understand IPv6 enough to make those claims. In fact some of what he said is nonsense.
I made some comments on on that video last month.
@ firefox
As for IPv6, that is where the world is moving, so disabling IPv6 is not the fix. All you're doing is hiding the problem. If your ISP has a problem and they can't/won't fix it, there's always he.net.
-
Yes, a fully functional IPv6 connection is the way forward here.
-
@jknott said in how do i set pfsense to get ipv6 from isp:
In fact some of what he said is nonsense.
haha - "some" its pretty much all nonsense, I wasn't going to sit through 30 minutes of nonsense.. so just skipped through it.. Every part I stopped on was just nonsense.
Some of his comments as well - don't read books, don't read rfc's - watch videos? Come on!
I would agree disable ipv6 is not a "fix" What it is, is a way for you to get up to speed with your understanding before you use what yes is the future.
Until such time that you have a NEED there is no reason to have it enabled unless you actually understand how it works, how to secure it and how it functions to be able to troubleshoot it when things go wrong.
Many users have it and don't even know, they might not be having any problems, they might not attribute issues they are having with IPv6, etc.
Do you have a web server running if you don't need one, do you have ftp running when you don't need one.
Security 101 says if your not using something - then it shouldn't be enabled. If you have no use for ipv6 then there is little reason for you to have it up and running. Unless your actively going to be using it, or experimenting with it.
I would not say you should disable your IPv6 unless you're having issues. But if you are, there is nothing wrong with just turning it off until such time that you actually need it. Or are willing to spend the time needed to get up to speed and properly configure your network for its use.
You can for sure bring up ipv6 in limited fashion to use and play without until such time your are comfortable and know enough to properly deploy it across your full network.
What is nice about pfsense - it gives you the ability to do just that. Vs some soho router where it on or off, with limited ability to manage it or monitor it, etc.
The mentioned hurricane electric is a very controlled way to bring ipv6 into your network. Limit its scope or not. With no need to have to deal with your isp lack of ipv6 support or inadequate type of deployment.
-
@johnpoz said in how do i set pfsense to get ipv6 from isp:
haha - "some" its pretty much all nonsense,
That pretty much sums up his videos. I have tried to watch a couple of others but couldn't stomach them. I guess he's one of these "experts" who's read a couple of magazine articles and now knows all there is to know.
It reminds me of a job I was on a few years ago, where the woman, who was the office manager, got annoyed because I plugged my computer into the switch with a CAT 5 patch cord. She was convinced it was going to affect her network, which we'd just cabled with CAT 6. She knew that because her husband (he's a veterinarian) had read some magazine articles.