Enabling IPv6 on Comcast home network
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
When the Netgate has no more ports I will buy one with a larger capacity
Huh? You will buy another netgate appliance with more switch ports? What? That is not cost effective thinking at all.
If you need switch ports you buy a switch, you don't buy a bigger router with more ports in it..
You can pick up pretty fancy 24 port poe switch for fraction of the cost of a netgate router with 8 switchports.. The 7100 is $1k
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
My delegated prefix is 2601:18d:8b7f:ea70::/64 in both modes. Is that why only one computer can get an ipv6 address at a time?
Where are you seeing that? My WAN prefix is completely different from the /56 I get from my ISP. If only one computer is getting an address, there's something really wrong. A single /64 can provide 18.4 billion, billion addresses. I really don't understand how you can be seeing that, unless you're doing something significantly wrong.
Your configuration should be modem > pfsense > LAN, with the modem in bridge mode.
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
My delegated prefix is 2601:18d:8b7f:ea70::/64 in both modes. Is that why only one computer can get an ipv6 address at a time?
Where are you seeing that? My WAN prefix is completely different from the /56 I get from my ISP. If only one computer is getting an address, there's something really wrong. A single /64 can provide 18.4 billion, billion addresses. I really don't understand how you can be seeing that, unless you're doing something significantly wrong.
Your configuration should be modem > pfsense > LAN, with the modem in bridge mode.
When I sign into my cable modem on the LAN I can go to Gateway > Connection > Status and see my delegated prefix under Local IP Network. I posted a screenshot earlier.
If a /64 prefix can give me plenty of LAN addresses then the next place to look is the router and/or the Linux boxes. If I bypass the router my Linux boxes both get an ipv6 address. However that breaks my multicast dns.
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
With IPv6 and SLAAC, there is nothing to configure. It just works.
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
I am fairly certain that the Linux boxes are not configured quite correctly even though I followed the Arch Linux wikis. I have asked for help in the Arch forums but with no response.
With IPv6 and SLAAC, there is nothing to configure. It just works.
I tried once to enable SLAAC and it did not work but I can try again.
Interfaces>LAN>IPv6 Configuration Type = SLAAC
Services>DHCPv6 Server & RA>LAN>DHCPv6 Server = unchecked
Services>DHCPv6 Server & RA>LAN> Router Advertisements>Router mode = disabledNow the LAN interface has no ipv6 address at all
-
Then you've got something configured wrong. I've been using SLAAC for over 5 years with pfsense and 6 with my previous firewall, which was based on Linux. I have never seen it fail.
Post some screen captures of your WAN and LAN IPv6 configuration.
-
@jknott said in Enabling IPv6 on Comcast home network:
Then you've got something configured wrong. I've been using SLAAC for over 5 years with pfsense and 6 with my previous firewall, which was based on Linux. I have never seen it fail.
Post some screen captures of your WAN and LAN IPv6 configuration.
This is what I get when a do a factory reset:
-
On WAN
Select Use IPv4 connectivity as parent interfaceDHCPv6 Prefix Delegation size should be whatever Comcast provides. With my ISP it's 56.
Select Send IPv6 prefix hint
Select Do not allow PD/Address release
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.
LAN
Why are you using DHCPv6? Unless you have a specific need, you should be using SLAAC.
Router Advertisements
I have unmanaged
-
@jknott said in Enabling IPv6 on Comcast home network:
On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.Where are you seeing that?
LAN
Why are you using DHCPv6? Unless you have a specific need, you should be using SLAAC.
Router Advertisements
I have unmanaged
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.Where are you seeing that?
Right here at the bottom.
-
@lenhuppe said in Enabling IPv6 on Comcast home network:
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?
-
@jknott said in Enabling IPv6 on Comcast home network:
@lenhuppe said in Enabling IPv6 on Comcast home network:
I was unable to select unmanaged and turn on SLAAC
With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?
I don't know for certain how Comcast does ip6. Their tech support is not very helpful so I may be on my own to figure it out. Also, my Netgate does not have DHCPv6-PD as an option on the WAN. When the cable modem wss in bridge mode the WAN and LAN interfaces appeared to be getting valid ip6 addresses.
With SLAAC enabled it looked like my Linux box was getting an ip6 address but mDNS was not working. When I tried to verify the ip address of my spare Linux box I was getting 169.x.x.x which does not exist on my network. I was unable to use SSH or connect to my wifi or printer to check their status. Even after disabling ip6 on the pfSense these problems persisted.
I have grad school work to get done so I had no choice but to try removing the pfSense. To the best of my knowledge I am up and running again. My spare Linux system had to be reinstalled. Thank goodness I have my own recovery system.
Prior to this my Netgate had served me well.
-
Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.
When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.
-
@jknott said in Enabling IPv6 on Comcast home network:
Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.
When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.
I have a crazy schedule but I will do that. I will look up how to do that and get it done. Maybe we can figure this out and help other Comcast customers (victims). I will isolate the Netgate and use my spare Linux box to run whatever tests you want.
Meanwhile I will also reinstall pfSense. My Netgate has been in operation for a long time and had many updates. It has not been reinstalled for at least two years.
-
As a former customer of Comcast, they use DHCPv6-PD to delegate a prefix. When I was last a customer (almost 20 months ago now), a residential customer was able to obtain a /60 prefix, and a business customer was able to obtain a /56. Set your WAN to use DHCPv6-PD, check the box to send a prefix hint, set the prefix size accordingly, and set your LAN and other networks to track the WAN interface, giving each network a unique prefix ID.
With Comcast, your WAN will get a global address outside of the prefix that has been delegated to you.
How you set up your networks is up to you, and the ISP has no bearing on this. I successfully ran both DHCPv6 and SLAAC without issue, though most of the time I ran SLAAC only (unmanaged RA setting). When I ran both, I had the RA set to "Assisted" mode. Most devices used SLAAC, some used DHCPv6.
Hope that helps!
-
I was a comcast customer for many many years. And yeah you could get a /60, but I always had issues with it changing on me.. Not sure if because it was new at the time..
But I just setup HE tunnel - got my /48 and never looked back. It works, its simple to setup. And you get /48 with ability to set your own ptr for your addresses, etc. And it never changes..
I still have my same /48 even though been on a new isp, that doesn't even have ipv6.
At worst you add a couple of ms of latency.. In the long run its just easier to run a tunnel for IPv6 - since its static /48 you can do whatever you want on your network with it.
I have had my /48 with them "FREE" for like 11 years or something..
-
@johnpoz said in Enabling IPv6 on Comcast home network:
but I always had issues with it changing on me.. Not sure if because it was new at the time.
I had the same issue with Rogers, until the Do not allow PD/Address release setting was added.
-
That might of been it.. This was quite a was back.. And my current isp doesn't even have ipv6, and shows no signs of it anywhere on their roadmap..
-
