IPv6 Prefix Delegation with Hurricane Electric Tunnel
-
I have a static IPv4 assigned to me with which I have created an HE IPv6 Tunnel
HE has provided me with /48 and /64 routed subnets.
/48 : 2001:470:6aaa::/48
/64 : 2001:470:1bbb:123::/64After the tunnel came up, I configured the LAN interface of the firewall with IPv6 static IP 2001:470:1bbb:123::1/64 and then went to DHCPv6 server, enabled it like and I can successfully get IPv6 connectivity on all the devices connected directly to the pfSense LAN.
However, since I live share an apartment with my colleagues, I have been relentlessly trying to allocate them /64 subnets out of the /48 so that each person can have their own IPv6 public endpoints :
pfSense Router (LAN IPv6 2001:470:1bbb:123::1/64)
|
|
|
Router 1 ----- Router 2 ------ Router 3 ------ Router 4-------All the downstream routers are Asus branded and support DHCPv6.
Even though I have enabled Prefix Delegation on the LAN DHCPv6 Server, none of the downstream routers are picking up an IPv6 address.
Here is the PD page :
Here is the IPv6 page on one of the downstream routers :
Can anyone help me configure this properly ?
-
Did you hit apply?
From the faq
https://www.asus.com/support/FAQ/113990Seems you have to hit apply and then relogin to see the info?
-
@johnpoz Yup. Applied Settings. Rebooted. Checked if settings persist, still no luck.
-
I would sniff on pfsense interface and see if its even asking for the delegation. What its specifically asking for, etc.
You could always do a static setup.
-
@johnpoz said in IPv6 Prefix Delegation with Hurricane Electric Tunnel:
I would sniff on pfsense interface and see if its even asking for the delegation. What its specifically asking for, etc.
You could always do a static setup.
Did a packet capture on the LAN interface of pfSense, I could see DHCPv6 requests and a valid reply by the pfSense.
The Asus router is now taking IPv6 prefix delegated by pfSense (magically, idk how), however the connectivity is being lost in around 30 seconds. So I guess this is an issue with Asus WRT.
In the end, I have configured static IP and routes for all the routers, and fingers crossed it has been working quite stable for a week.
-
You don't need all those routers. Pfsense can do it all. Just create an interface for each subnet. You can do that with VLANs and a managed switch. With a /48, you can have up to 65535 colleagues.
-
@jknott
I went that route earlier, but most of have Wireless devices, and no one is willing to invest in a proper AP that can support multiple VLANs, hence dropped that idea.These cheap Asus routers come from an eBay listing which was selling around 12 of those for 18$, hence we're stuck with that.
-
Then use those routers as APs, one on each subnet. Again, no need for routing. However, have fun with finding clear WiFi channels on 2.4 GHz.