Double nat and ipv6

  • Hey,

    I made a thread here marking my setup,
    The tl;dr is that I have two internet connections from the same isp, so they share the same gateway. I put a wrt1200ac with openwrt after one of the modems, which then connects to pfsense's WAN.

    I am assigned a /60 ipv6 from the ISP. Openwrt I have set to assign a /60 on the LAN address, I am not sure if this is correct.
    I tried having pfsense set to a /64 on the WAN and then /60, and pfsense can ping out via ipv6. But the LAN clients on pfsense cannot ping.

    On a computer assigned on LAN:

       Connection-specific DNS Suffix  . : localdomain
       IPv6 Address. . . . . . . . . . . : fd0e:c91c:a166::d0b
       IPv6 Address. . . . . . . . . . . : fd0e:c91c:a166:0:d474:xxxx:xxxx:bfb
       Temporary IPv6 Address. . . . . . : fd0e:c91c:a166:0:8fc:b454:xxxx:xxxx
       Link-local IPv6 Address . . . . . : fe80::d474:14f7:2153:bfbf%20
       IPv4 Address. . . . . . . . . . . :
       Subnet Mask . . . . . . . . . . . :
       Default Gateway . . . . . . . . . : fe80::1:1%20

    I can't ping out.

    I don't have much experience with ipv6, I know there is no NAT with it. I thought it would work automatically because of that. I am not sure how the ipv6 delegation sizes work when there are multiple routers. Could anyone give me some insight? Thanks

    EDIT: Just set the prefix delegation size on openwrt's wan to /60, realized it was /64. That worked fine on Openwrt, but I still can't get ipv6 out on pfsense's LAN. On pfsense I set the ipv6 interface on LAN to OPT2(the other modem with no router) and I couldn't connect to pfsense at all(ipv4), but pfsense  did not kernel panic and it wasn't frozen. I rebooted it and I could connect again, but I still didn't have ipv6 access. I tried switching the ipv6 interface back to WAN and I lost all access, a reboot fixed that again. Looks like switching the ipv6 interface on LAN causes pfsense problems.

    ![lan openwrt.PNG](/public/imported_attachments/1/lan openwrt.PNG)
    ![lan openwrt.PNG_thumb](/public/imported_attachments/1/lan openwrt.PNG_thumb)

  • Hmm even disabling ipv6 on WAN on pfsense makes me lose access to it. I regain access after a reboot. There is no special configuration I am doing on pfsense's side and ipv6 worked fine before adding the openwrt router. It seems pfsense becomes quite buggy behind another router for ipv6.

    I don't need v6, but it would be nice. I clearly don't have much knowledge on the subject, but it seems weird to me that ipv6 is more complicated in these scenarios compared to double nat, when v6 was supposed to make this simpler.

Log in to reply