Can't enable IPv6 Configuration Type for OPT1/OPT2?

EmptyWallet

Hello!

I'm running pfSense 2.4.1, and setting it up for the first time.

I'm going to be using OPT1 and OPT2 for additional LAN ports on my rig, and I'm setting them up now.

Things I've done so far:

1. Enabled both OPT1 and OPT2 Interfaces in pfSense
2. Set IPv4 Configuration Type to StaticIPv4 (Is this correct? LAN is setup this way..)
3. Set IPv6 Configuration Type to "blank" (LAN is setup with "Track Interface", this is where my question comes in…)
4. Set the IPv4 OPT1 address to 192.168.2.1
5. Set the IPv5 OPT2 address to 192.168.3.1
6. Set each of them to "/24" so that I can enable DHCP on both OPT1 and OPT2.
7. Set firewall rules for both OPT1 and OPT2 to allow traffic, I've mimic'd the "LAN" rules while changing the interface areas that need to be changed.

My question comes in around setting up the option in #3, and for that matter #2...what should those be? Should they mirror the "LAN" settings? I can set them as StaticIPv4, and "blank", but then what happens with IPv6? Is setting it at "StaticIPv4" correct?

When I try to setup OPT1 and OPT2 to "Track Interface" like "LAN" is setup, it makes me define an interface to track. My only option is "WAN", and when I select that it gives me an error that selection has already been taken, and it has...by the LAN.

So, how should I set those two up?

Derelict

It depends on how WAN is configured and what size prefix the ISP is routing to you.

EmptyWallet

@Derelict:

It depends on how WAN is configured and what size prefix the ISP is routing to you.

It would seem mirroring the LAN settings on IPv4 is fine for now (StaticIPv4), but when I try and mirror the IPv6 settings (Track Interface) it forces me to choose "WAN", and I can't make that selection.

So…I've just left the IPv6 selection blank for now.

Seems to be working fine...but I'm sure that's not totally the correct/best way.

What you just stated there went a bit over my head as well. :)

Derelict

Well, that is because I don't feel like explaining it again when it is all in the pfSense Book.

Successfully administering an IPv6 site requires at least a little understanding about how IPv6 works.

You should be receiving a prefix delegation from your ISP.

Track interface is used to assign a /64 from that prefix delegation to inside interfaces.

If your ISP assigns a /60, you have 16 different IPv6 prefix IDs (0 - f) for inside interfaces.

If your ISP assigns a /56, you have 256 different IPv6 prefix IDs (0 - ff) for inside interfaces.

If your ISP assigns a /48, you have 65536 different IPv6 prefix IDs (0 - ffff) for inside interfaces.

The prefix ID "fills in" the network bits between the delegated prefix and /64 on that interface.

Every interface needs a distinct prefix id. You will be shown what the range is in the interface configuration screen. It will look something like (hexadecimal from 0 to ff) under the IPv6 Prefix ID field.

EmptyWallet

@Derelict:

Well, that is because I don't feel like explaining it again when it is all in the pfSense Book.

Successfully administering an IPv6 site requires at least a little understanding about how IPv6 works.

You should be receiving a prefix delegation from your ISP.

Track interface is used to assign a /64 from that prefix delegation to inside interfaces.

If your ISP assigns a /60, you have 16 different IPv6 prefix IDs (0 - f) for inside interfaces.

If your ISP assigns a /56, you have 256 different IPv6 prefix IDs (0 - ff) for inside interfaces.

If your ISP assigns a /48, you have 65536 different IPv6 prefix IDs (0 - ffff) for inside interfaces.

The prefix ID "fills in" the network bits between the delegated prefix and /64 on that interface.

Every interface needs a distinct prefix id. You will be shown what the range is in the interface configuration screen. It will look something like (hexadecimal from 0 to ff) under the IPv6 Prefix ID field.

Well I certainly appreciate the help! ;)

Interestingly, it won’t allow me to change the prefix, it says it needs to be between “0” - “0”?

Derelict

Then you are not receiving a prefix delegation from your ISP. You are probably receiving a single /64. That is only good for one inside interface. Call them and see what your prefix delegation request should be. Put it on your WAN interface.

Attached is what I use here for Cox Las Vegas

Every ISP is a little different.

![Screen Shot 2017-10-29 at 6.05.19 PM.png](/public/imported_attachments/1/Screen Shot 2017-10-29 at 6.05.19 PM.png)
![Screen Shot 2017-10-29 at 6.05.19 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-10-29 at 6.05.19 PM.png_thumb)

EmptyWallet

@Derelict:

Then you are not receiving a prefix delegation from your ISP. You are probably receiving a single /64. That is only good for one inside interface. Call them and see what your prefix delegation request should be. Put it on your WAN interface.

Attached is what I use here for Cox Las Vegas

Every ISP is a little different.

Got it. Thank you so much!

cmcqueen

I've been setting up an OPT1 interface in pfSense 2.4.5. I configured everything correctly with IPv6 Configuration Type being "Track Interface", tracking the WAN. But still, I found that IPv6 would not start operating until I went to Status → Interfaces, and did "Release WAN" and then "Renew WAN". Then IPv6 started working.

JKnott

@EmptyWallet said in Can't enable IPv6 Configuration Type for OPT1/OPT2?:

So, how should I set those two up?

That depends on how you set up your network. Do you want to use one of your global prefixes? If so, you have to use track interface, just as you do with the LAN.