4. IPv6 setup

IPv6 setup

  • V

    I was trying to set up an IPv6 network for over a month, but I cannot get the setup working. It worked in previous setup before I replaced Mikrotik with pfSense.

    The setup:

    ISP <–-> (WAN) pfSense (LAN) <---> Clients (should get IPv6 addresses)
                                          (OPT) <---> Servers (not now)

    I was told by my ISP that I should use my prefix 2a01:9420:41💯:/64, which has been delegated to me, from which I assign addresses to computers.
    So, I have made the following configuration:

    1. WAN interface was set to DHCP6

    In interfaces (WAN) appeared this:

    IPv6 Link Local - fe80::208:a2ff:fe0c:ca74%mvneta2
    IPv6 Address - 2a01:9420:41:1:208:a2ff:fe0c:ca74
    Subnet mask IPv6 - 64
    Gateway IPv6 - fe80::20c:42ff:fe76:5bc1

    2. In LAN interface I have set this:

    IPv6 Address - 2a01:9420:41💯:1
    Subnet mask IPv6 - 64
    Gateway - none

    3. I activated the DHCPv6 Server & RA

    I filled in the range (2a01:9420:41💯:2 to 2a01:9420:41💯ffff:ffff:ffff:ffff) and set the distribution to assisted.

    When I try tracert -6 <ipv6 address="">, all requests end at the pfSense (and no, the firewall is set to permit all outgoing connections).

    What am I missing?</ipv6>

    0

  • On the WAN tab, have you enabled "Use IPv4 connectivity as parent interface"?

    What do you have for the prefix size?

    Also, try enabling:

    Send IPv6 prefix hint
    Do not wait for a RA
    Do not allow PD/Address release

    0
  • B

    Set the inside interface to track the WAN interface for DHCP6. This turns on SLAAC and will allow the inside machines to use the ipv6 address on the WAN interface to create a ipv6 address for them to use.

    You also dont have to statically set anything on the inside interface for this to work. Dont enable DHCPv6 either.

    0
  • V

    Thank you for responding.

    –-

    If I check the "Use IPv4 connectivity as parent interface", WAN interface does not get any IPv6 address.

    This did not work either:

    Send IPv6 prefix hint
    Do not wait for a RA
    Do not allow PD/Address release

    I have set the WAN interface to DHCPv6 and the LAN interface to track the WAN interface (ID 0).
    I can now see the link-local addresses on devices. However, they do not have any internet connectivity.

    0
  • J
    Banned

    Thanks everyone for good info.

    0
  • G

    @vilican:

    Thank you for responding.

    –-

    If I check the "Use IPv4 connectivity as parent interface", WAN interface does not get any IPv6 address.

    This did not work either:

    Send IPv6 prefix hint
    Do not wait for a RA
    Do not allow PD/Address release

    I have set the WAN interface to DHCPv6 and the LAN interface to track the WAN interface (ID 0).
    I can now see the link-local addresses on devices. However, they do not have any internet connectivity.

    Looks like we have different providers but on my WAN I need to check “Request only an ipv6 prefix”, 64, “Send ipv6 prefix hint”. I track on the LAN.

    0
  • V

    Thanks! It looks like "Request only an ipv6 prefix" solved the problem.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy