Trouble with multi-LAN, single-WAN setup

tomask · Jul 6, 2016, 5:10 AM

Hi All,

I've got a fairly simple ipv6 setup but having trouble getting it to work 100%. I am fairly new to ipv6 so perhaps I just missed something.

bce0 - 2222:fc00:0:21::10:21c/64 with GW at 2222:fc00:21::1
bce1 - 2222:fc00:0:123::10:21c/64
bce1_vlan2999 - 2222:fc00:0:127::10:21c/64

bce0 is the WAN/Internet link, bce1 and bce1_vlan2999 are the "internal" LAN links. Obviously, there are machines on both LANs that need to go to the Internet.

I have leased all 3 /64 subnets but only the 2222:fc00:0:21::/64 is routed to bce0. I can ask for all 3 to be routed to me if that's the right thing to do.

When I ssh onto the pfSense router, I can ping6 and access the Internet over ipv6 with no troubles.

I cannot access the Internet via ipv6 from any of the internal machines on either of those LANs. I can see the ipv6 packets via tcpdump leaving the router on bce0 having the "internal" ipv6 source addresses (e.g. 2222:fc00:0:123::9012:5678:1234) which I suppose is the issue but not sure how to fix it.

I've got the latest pfSense 2.3.5.

Note: the ipv6 prefixes and VLAN number were altered for security.

Any help would be much appreciated, I did spend quite a bit of time googling and searching this forum but have not had much luck.

tomask · Jul 6, 2016, 1:19 PM

Worked it out, just needed to get my upstream provider to add static routes for those internal LANs to his upstream router.

2222:fc00:0:123::10:21c/64 via 2222:fc00:0:21::10:21c
2222:fc00:0:127::10:21c/64 via 2222:fc00:0:21::10:21c