IPv6 Comcast issue

resistor

Hi,

I'm attempting to get IPv6 working with my Comcast Business connection.  Based on old threads I've enabled the following options on my WAN interface:

• IPv6 = DHCPv6

• Use IPv4 connectivity as parent interface

• DHCPv6 Prefix Delegation size = 60

• Send IPv6 prefix hint

And on my LAN interface, I've set IPv6 to Tracker Interface - WAN.

I am able to ping ipv6.google.com over IPv6 from the LAN interface of my pfSense box, but I am not able to acquire an IPv6 address on any of my LAN machines.

Looking in the DHCPv6 Status page, I do not see any prefix delegations listed, which I suspect is the problem.  I've tried the suggestion of deleting the DUID file and renewing my DHCPv6 lease, but that hasn't changed anything.

Any other suggestions on what I should try?

resistor

Looking at ifconfig on the pfSense machine, it does look like there a /60 prefix is being used properly on the LAN port, so I'm confused as to what's going wrong…

igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether 00:08:a2:0a:b0:e3
	hwaddr 00:08:a2:0a:b0:e3
	inet 10.0.1.1 netmask 0xffff0000 broadcast 10.0.255.255
	inet6 2601:646:8a00:600:208:a2ff:fe0a:b0e3 prefixlen 60
	inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast> 

kpa

That's not correct, you should be getting a /64 on your LAN. You are delegated a /60 but you are expected to break it down to 16  different /64s for your LAN type networks meaning each of the LANs should have their own separate /64.

resistor

Any pointers as to how that could happen?  That's just the output I got from ifconfig on the pfSense box…

JKnott

@resistor:

Any pointers as to how that could happen?  That's just the output I got from ifconfig on the pfSense box…

On the Interfaces > LAN tab, ensure you have the WAN set for Track IPv6 Interface.  You can also select which of the /64 blocks to use with the IPv6 Prefix ID.  The default is 0, but you can select any available.

MikeV7896

Before you changed the prefix length setting to 60, did you previously connect with it set to 64? If so, you'll need to delete the DUID file and release/renew the WAN interface so a new DUID is presented to Comcast's DHCPv6 servers. Otherwise Comcast's server will continue to provide you with a /64, since that's what it originally leased to your box. That might explain the inability to connect from the LAN, because pfSense isn't receiving the IP address block it's expecting.

resistor

@JKnott:

On the Interfaces > LAN tab, ensure you have the WAN set for Track IPv6 Interface.  You can also select which of the /64 blocks to use with the IPv6 Prefix ID.  The default is 0, but you can select any available.

As I mentioned in the original post, the LAN IPv6 is set to "Track Interface - WAN".  The prefix is set to 0.

resistor

@virgiliomi:

Before you changed the prefix length setting to 60, did you previously connect with it set to 64? If so, you'll need to delete the DUID file and release/renew the WAN interface so a new DUID is presented to Comcast's DHCPv6 servers. Otherwise Comcast's server will continue to provide you with a /64, since that's what it originally leased to your box. That might explain the inability to connect from the LAN, because pfSense isn't receiving the IP address block it's expecting.

I did initially connect with a prefix length of 64.  I've tried erasing the DUID and release/renewing (see first post) but it hasn't changed anything.

peppersass

I have IPV6 working with Comcast Business in pfSense.

Try setting DHCPv6 Prefix Delegation size = /56. My recollection is that I couldn't get it to work until I set that value. I got that from a post on how to configure pfSense for Comcast Business, but can't remember where I saw it. I don't think it was here.

Also, I don't have use IPV4 connectivity as parent interface checked, but I'm not sure that makes any difference.