Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Double nat and ipv6

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NotAnAlias
      last edited by

      Hey,

      I made a thread here marking my setup, https://forum.pfsense.org/index.php?topic=132993.0
      The tl;dr is that I have two internet connections from the same isp, so they share the same gateway. I put a wrt1200ac with openwrt after one of the modems, which then connects to pfsense's WAN.

      I am assigned a /60 ipv6 from the ISP. Openwrt I have set to assign a /60 on the LAN address, I am not sure if this is correct.
      I tried having pfsense set to a /64 on the WAN and then /60, and pfsense can ping out via ipv6. But the LAN clients on pfsense cannot ping.

      On a computer assigned on LAN:

         Connection-specific DNS Suffix  . : localdomain
   IPv6 Address. . . . . . . . . . . : fd0e:c91c:a166::d0b
   IPv6 Address. . . . . . . . . . . : fd0e:c91c:a166:0:d474:xxxx:xxxx:bfb
   Temporary IPv6 Address. . . . . . : fd0e:c91c:a166:0:8fc:b454:xxxx:xxxx
   Link-local IPv6 Address . . . . . : fe80::d474:14f7:2153:bfbf%20
   IPv4 Address. . . . . . . . . . . : 192.168.1.161
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::1:1%20
                                       192.168.1.1

      I can't ping out.

      I don't have much experience with ipv6, I know there is no NAT with it. I thought it would work automatically because of that. I am not sure how the ipv6 delegation sizes work when there are multiple routers. Could anyone give me some insight? Thanks

      EDIT: Just set the prefix delegation size on openwrt's wan to /60, realized it was /64. That worked fine on Openwrt, but I still can't get ipv6 out on pfsense's LAN. On pfsense I set the ipv6 interface on LAN to OPT2(the other modem with no router) and I couldn't connect to pfsense at all(ipv4), but pfsense  did not kernel panic and it wasn't frozen. I rebooted it and I could connect again, but I still didn't have ipv6 access. I tried switching the ipv6 interface back to WAN and I lost all access, a reboot fixed that again. Looks like switching the ipv6 interface on LAN causes pfsense problems.

      ![lan openwrt.PNG](/public/imported_attachments/1/lan openwrt.PNG)
      ![lan openwrt.PNG_thumb](/public/imported_attachments/1/lan openwrt.PNG_thumb)
      pfsense.PNG
      pfsense.PNG_thumb
      wan6.PNG
      wan6.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • N
        NotAnAlias
        last edited by

        Hmm even disabling ipv6 on WAN on pfsense makes me lose access to it. I regain access after a reboot. There is no special configuration I am doing on pfsense's side and ipv6 worked fine before adding the openwrt router. It seems pfsense becomes quite buggy behind another router for ipv6.

        I don't need v6, but it would be nice. I clearly don't have much knowledge on the subject, but it seems weird to me that ipv6 is more complicated in these scenarios compared to double nat, when v6 was supposed to make this simpler.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.