Enabling IPv6 on Comcast home network
-
@virgiliomi said in Enabling IPv6 on Comcast home network:
To be on-topic... in gateway mode, Comcast's rented gateways will provide a /64 to the gateway's LAN, so no prefix delegation to pfSense, IIRC.
I have the same device on Rogers and I have it in bridge mode. I get a /56 prefix.
-
Hi all - this is OP
JKnott was right that I needed to put the cable modem into bridge mode. Also johnpoz was right that doing so has no effect on the POTS line. I did not have to configure the Netgate in any way. The default settings just worked.
I ended up deploying a Zyxel NWA210AX and it was a straight forward process. I would say that the Zyxel is a good match to the Netgate. I can use Firefox to manage both of them locally and that is how I like it.
I ran out of ports on the Netgate so I will need to deploy an additional switch. I should deploy a second access point so I may just get a poe switch. The only thing I am unsure of is if I want to get a managed switch so that I can learn how to allocate my network resources better.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
JKnott was right that I needed to put the cable modem into bridge mode. Also johnpoz was right that doing so has no effect on the POTS line.
Actually, I said both.
A managed switch is a good idea if you want to bring out multiple LAN interfaces. Just use VLANs to the switch and configure the ports as needed.
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
JKnott was right that I needed to put the cable modem into bridge mode. Also johnpoz was right that doing so has no effect on the POTS line.
Actually, I said both.
Shame on me for missing that
A managed switch is a good idea if you want to bring out multiple LAN interfaces. Just use VLANs to the switch and configure the ports as needed.
I have a wifi 6 ap now so I will run my MacBook off of that and free up a port. I can also use a poe injector when I position the ap. When the Netgate has no more ports I will buy one with a larger capacity. Its a great buy at any price.
-
@jknott said in Enabling IPv6 on Comcast home network:
If you're not in bridge mode, you will only be able to get a single /64, which pfsense cannot split among your LAN interfaces.
My delegated prefix is 2601:18d:8b7f:ea70::/64 in both modes. Is that why only one computer can get an ipv6 address at a time?
But did you actually get a prefix that you requested?
Is that a setting on the pfSense or something I need to specify to my ISP when setting up my account?
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
When the Netgate has no more ports I will buy one with a larger capacity
Huh? You will buy another netgate appliance with more switch ports? What? That is not cost effective thinking at all.
If you need switch ports you buy a switch, you don't buy a bigger router with more ports in it..
You can pick up pretty fancy 24 port poe switch for fraction of the cost of a netgate router with 8 switchports.. The 7100 is $1k
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
My delegated prefix is 2601:18d:8b7f:ea70::/64 in both modes. Is that why only one computer can get an ipv6 address at a time?
Where are you seeing that? My WAN prefix is completely different from the /56 I get from my ISP. If only one computer is getting an address, there's something really wrong. A single /64 can provide 18.4 billion, billion addresses. I really don't understand how you can be seeing that, unless you're doing something significantly wrong.
Your configuration should be modem > pfsense > LAN, with the modem in bridge mode.
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
My delegated prefix is 2601:18d:8b7f:ea70::/64 in both modes. Is that why only one computer can get an ipv6 address at a time?
Where are you seeing that? My WAN prefix is completely different from the /56 I get from my ISP. If only one computer is getting an address, there's something really wrong. A single /64 can provide 18.4 billion, billion addresses. I really don't understand how you can be seeing that, unless you're doing something significantly wrong.
Your configuration should be modem > pfsense > LAN, with the modem in bridge mode.
When I sign into my cable modem on the LAN I can go to Gateway > Connection > Status and see my delegated prefix under Local IP Network. I posted a screenshot earlier.
If a /64 prefix can give me plenty of LAN addresses then the next place to look is the router and/or the Linux boxes. If I bypass the router my Linux boxes both get an ipv6 address. However that breaks my multicast dns.
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
With IPv6 and SLAAC, there is nothing to configure. It just works.
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
With IPv6 and SLAAC, there is nothing to configure. It just works.
I tried once to enable SLAAC and it did not work but I can try again.
Interfaces>LAN>IPv6 Configuration Type = SLAAC
Services>DHCPv6 Server & RA>LAN>DHCPv6 Server = unchecked
Services>DHCPv6 Server & RA>LAN> Router Advertisements>Router mode = disabledNow the LAN interface has no ipv6 address at all
-
Then you've got something configured wrong. I've been using SLAAC for over 5 years with pfsense and 6 with my previous firewall, which was based on Linux. I have never seen it fail.
Post some screen captures of your WAN and LAN IPv6 configuration.
-
@jknott said in Enabling IPv6 on Comcast home network:
Then you've got something configured wrong. I've been using SLAAC for over 5 years with pfsense and 6 with my previous firewall, which was based on Linux. I have never seen it fail.
Post some screen captures of your WAN and LAN IPv6 configuration.
This is what I get when a do a factory reset:
-
On WAN
Select Use IPv4 connectivity as parent interfaceDHCPv6 Prefix Delegation size should be whatever Comcast provides. With my ISP it's 56.
Select Send IPv6 prefix hint
Select Do not allow PD/Address release
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.
LAN
Why are you using DHCPv6? Unless you have a specific need, you should be using SLAAC.
Router Advertisements
I have unmanaged
-
@jknott said in Enabling IPv6 on Comcast home network:
On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.Where are you seeing that?
LAN
Why are you using DHCPv6? Unless you have a specific need, you should be using SLAAC.
Router Advertisements
I have unmanaged
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.Where are you seeing that?
Right here at the bottom.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?
I don't know for certain how Comcast does ip6. Their tech support is not very helpful so I may be on my own to figure it out. Also, my Netgate does not have DHCPv6-PD as an option on the WAN. When the cable modem wss in bridge mode the WAN and LAN interfaces appeared to be getting valid ip6 addresses.
With SLAAC enabled it looked like my Linux box was getting an ip6 address but mDNS was not working. When I tried to verify the ip address of my spare Linux box I was getting 169.x.x.x which does not exist on my network. I was unable to use SSH or connect to my wifi or printer to check their status. Even after disabling ip6 on the pfSense these problems persisted.
I have grad school work to get done so I had no choice but to try removing the pfSense. To the best of my knowledge I am up and running again. My spare Linux system had to be reinstalled. Thank goodness I have my own recovery system.
Prior to this my Netgate had served me well.
-
Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.
When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.
-
@jknott said in Enabling IPv6 on Comcast home network:
Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.
When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.
I have a crazy schedule but I will do that. I will look up how to do that and get it done. Maybe we can figure this out and help other Comcast customers (victims). I will isolate the Netgate and use my spare Linux box to run whatever tests you want.
Meanwhile I will also reinstall pfSense. My Netgate has been in operation for a long time and had many updates. It has not been reinstalled for at least two years.
-
As a former customer of Comcast, they use DHCPv6-PD to delegate a prefix. When I was last a customer (almost 20 months ago now), a residential customer was able to obtain a /60 prefix, and a business customer was able to obtain a /56. Set your WAN to use DHCPv6-PD, check the box to send a prefix hint, set the prefix size accordingly, and set your LAN and other networks to track the WAN interface, giving each network a unique prefix ID.
With Comcast, your WAN will get a global address outside of the prefix that has been delegated to you.
How you set up your networks is up to you, and the ISP has no bearing on this. I successfully ran both DHCPv6 and SLAAC without issue, though most of the time I ran SLAAC only (unmanaged RA setting). When I ran both, I had the RA set to "Assisted" mode. Most devices used SLAAC, some used DHCPv6.
Hope that helps!
