Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 Comcast issue

    IPv6
    5
    9
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      resistor
      last edited by

      Hi,

      I'm attempting to get IPv6 working with my Comcast Business connection.  Based on old threads I've enabled the following options on my WAN interface:

      • IPv6 = DHCPv6

      • Use IPv4 connectivity as parent interface

      • DHCPv6 Prefix Delegation size = 60

      • Send IPv6 prefix hint

      And on my LAN interface, I've set IPv6 to Tracker Interface - WAN.

      I am able to ping ipv6.google.com over IPv6 from the LAN interface of my pfSense box, but I am not able to acquire an IPv6 address on any of my LAN machines.

      Looking in the DHCPv6 Status page, I do not see any prefix delegations listed, which I suspect is the problem.  I've tried the suggestion of deleting the DUID file and renewing my DHCPv6 lease, but that hasn't changed anything.

      Any other suggestions on what I should try?

      1 Reply Last reply Reply Quote 0
      • R
        resistor
        last edited by

        Looking at ifconfig on the pfSense machine, it does look like there a /60 prefix is being used properly on the LAN port, so I'm confused as to what's going wrong…

        
        igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        	options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether 00:08:a2:0a:b0:e3
        	hwaddr 00:08:a2:0a:b0:e3
        	inet 10.0.1.1 netmask 0xffff0000 broadcast 10.0.255.255
        	inet6 2601:646:8a00:600:208:a2ff:fe0a:b0e3 prefixlen 60
        	inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2
        	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        	status: active</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast> 
        
        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          That's not correct, you should be getting a /64 on your LAN. You are delegated a /60 but you are expected to break it down to 16  different /64s for your LAN type networks meaning each of the LANs should have their own separate /64.

          1 Reply Last reply Reply Quote 0
          • R
            resistor
            last edited by

            Any pointers as to how that could happen?  That's just the output I got from ifconfig on the pfSense box…

            1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott
              last edited by

              @resistor:

              Any pointers as to how that could happen?  That's just the output I got from ifconfig on the pfSense box…

              On the Interfaces > LAN tab, ensure you have the WAN set for Track IPv6 Interface.  You can also select which of the /64 blocks to use with the IPv6 Prefix ID.  The default is 0, but you can select any available.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • MikeV7896M
                MikeV7896
                last edited by

                Before you changed the prefix length setting to 60, did you previously connect with it set to 64? If so, you'll need to delete the DUID file and release/renew the WAN interface so a new DUID is presented to Comcast's DHCPv6 servers. Otherwise Comcast's server will continue to provide you with a /64, since that's what it originally leased to your box. That might explain the inability to connect from the LAN, because pfSense isn't receiving the IP address block it's expecting.

                The S in IOT stands for Security

                1 Reply Last reply Reply Quote 0
                • R
                  resistor
                  last edited by

                  @JKnott:

                  On the Interfaces > LAN tab, ensure you have the WAN set for Track IPv6 Interface.  You can also select which of the /64 blocks to use with the IPv6 Prefix ID.  The default is 0, but you can select any available.

                  As I mentioned in the original post, the LAN IPv6 is set to "Track Interface - WAN".  The prefix is set to 0.

                  1 Reply Last reply Reply Quote 0
                  • R
                    resistor
                    last edited by

                    @virgiliomi:

                    Before you changed the prefix length setting to 60, did you previously connect with it set to 64? If so, you'll need to delete the DUID file and release/renew the WAN interface so a new DUID is presented to Comcast's DHCPv6 servers. Otherwise Comcast's server will continue to provide you with a /64, since that's what it originally leased to your box. That might explain the inability to connect from the LAN, because pfSense isn't receiving the IP address block it's expecting.

                    I did initially connect with a prefix length of 64.  I've tried erasing the DUID and release/renewing (see first post) but it hasn't changed anything.

                    1 Reply Last reply Reply Quote 0
                    • P
                      peppersass
                      last edited by

                      I have IPV6 working with Comcast Business in pfSense.

                      Try setting DHCPv6 Prefix Delegation size = /56. My recollection is that I couldn't get it to work until I set that value. I got that from a post on how to configure pfSense for Comcast Business, but can't remember where I saw it. I don't think it was here.

                      Also, I don't have use IPV4 connectivity as parent interface checked, but I'm not sure that makes any difference.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.