Documentation or help? V6 Subnets routing / CARP

  • I can't get IPv6 from my ISP, but I have static v4 IPs.

    Now I have ,more WAN and 2 PFsense as CARP-Cluster.
    Prior to the CARP-Cluster I have a switch where all the WAN comes together.

    one of that routers prior of the switch is also a pfsense. So I got the tip to install the ip-v6 tunnel there.
    Than I should have a /64 net for this router and a /48 where I can take some /64subnets from to give that to the members of the CARP …

    I installed the HE-IPv6-tunnel to the first router, but now I can't find any documentation how to set up the /48 and how to route the two /64subnets from there to the CARP-Cluster.

    Is there any documentation I just didn't found? Is there anyone who may help me to set this up?

  • Rebel Alliance Developer Netgate

    That isn't something we have docs for since it's somewhat advanced but you can really do that however you like.

    For example:

    • Take the first /64 of the /48 and use it for the network between the edge pfSense and your cluster
    • Assign each box an IPv6 address in that /64, using using the edge pfSense as their gateway
    • Add a CARP VIP inside the /64 to the cluster
    • Add that CARP VIP as a gateway on the edge pfSense
    • Static route however many networks you want to use behind the cluster to the IPv6 CARP VIP gateway you just made
    • Choose and assign /64's to the internal interface(s) however you like, etc, etc.

    That's just one possible way to do it. There are whole volumes that could be written with possible design variations there, it's all up to you, really.

  • This is so much to do … only because of my Provider is unable to give IPv6 native to me.
    20 Years after the invention of IPv6 ...

    But thank you very much!!! I will try if I get this running now.

  • Ok … almost that way ..

    I got a /64 and a /48 from HuricaneElektric
    The /64 is no between the first PFSense and the CARP-Cluster
    The /48 is routed to the vIP of the CARP-Clusters WAN-vIP

    the first /64 out of the /48 is for the LAN now.
    RA is set to unmanaged for LAN-IPv6

    Some stuff with default-GW and firewall arround ... Now it works really fine!

Log in to reply