IPv6 setup

vilican

I was trying to set up an IPv6 network for over a month, but I cannot get the setup working. It worked in previous setup before I replaced Mikrotik with pfSense.

The setup:

ISP <–-> (WAN) pfSense (LAN) <---> Clients (should get IPv6 addresses)
                                      (OPT) <---> Servers (not now)

I was told by my ISP that I should use my prefix 2a01:9420:41:/64, which has been delegated to me, from which I assign addresses to computers.
So, I have made the following configuration:

1. WAN interface was set to DHCP6

In interfaces (WAN) appeared this:

IPv6 Link Local - fe80::208:a2ff:fe0c:ca74%mvneta2
IPv6 Address - 2a01:9420:41:1:208:a2ff:fe0c:ca74
Subnet mask IPv6 - 64
Gateway IPv6 - fe80::20c:42ff:fe76:5bc1

2. In LAN interface I have set this:

IPv6 Address - 2a01:9420:41:1
Subnet mask IPv6 - 64
Gateway - none

3. I activated the DHCPv6 Server & RA

I filled in the range (2a01:9420:41:2 to 2a01:9420:41ffff:ffff:ffff:ffff) and set the distribution to assisted.

When I try tracert -6 <ipv6 address="">, all requests end at the pfSense (and no, the firewall is set to permit all outgoing connections).

What am I missing?</ipv6>

JKnott

On the WAN tab, have you enabled "Use IPv4 connectivity as parent interface"?

What do you have for the prefix size?

Also, try enabling:

Send IPv6 prefix hint
Do not wait for a RA
Do not allow PD/Address release

behemyth

Set the inside interface to track the WAN interface for DHCP6. This turns on SLAAC and will allow the inside machines to use the ipv6 address on the WAN interface to create a ipv6 address for them to use.

You also dont have to statically set anything on the inside interface for this to work. Dont enable DHCPv6 either.

vilican

Thank you for responding.

–-

If I check the "Use IPv4 connectivity as parent interface", WAN interface does not get any IPv6 address.

This did not work either:

Send IPv6 prefix hint
Do not wait for a RA
Do not allow PD/Address release

---

I have set the WAN interface to DHCPv6 and the LAN interface to track the WAN interface (ID 0).
I can now see the link-local addresses on devices. However, they do not have any internet connectivity.

jamesfoley

Thanks everyone for good info.

gsmornot

@vilican:

Thank you for responding.

–-

If I check the "Use IPv4 connectivity as parent interface", WAN interface does not get any IPv6 address.

This did not work either:

Send IPv6 prefix hint
Do not wait for a RA
Do not allow PD/Address release

---

I have set the WAN interface to DHCPv6 and the LAN interface to track the WAN interface (ID 0).
I can now see the link-local addresses on devices. However, they do not have any internet connectivity.

Looks like we have different providers but on my WAN I need to check “Request only an ipv6 prefix”, 64, “Send ipv6 prefix hint”. I track on the LAN.

vilican

Thanks! It looks like "Request only an ipv6 prefix" solved the problem.