Testbenching pfsense in VMware trying to enable IPv6
-
I'm using 6to4 to get IPv6 enabled on my Asus router (running Merlin instead of stock).
The pfsense VM is getting an IPv6 address as expected but I'm having issues getting IPv6 on the LAN interface.
Since it's already a tunneled IPv6 config, do I have to do something special (e.g. involving black candles, virgins, and goats) to get a subset of the pfsense WAN segment allocated for the pfsense LAN or is there something more straightforward? I've been trying DHCP6 and SLAAC to no success.
-
What size prefix do you have? Normally, you'd get a prefix containing multiple /64 prefixes, each of which can be assigned to a pfSense interface. I get a /56, which is 256 /64s, from my ISP.
-
The Asus is providing a /48 on the LAN side so in my VMware setup the vmWAN is using DHCP6 to get its external address.
So I assume I need to segment the /48 somehow and then statically config the vmWAN then setup a subset pool of the /48 for the vmLAN?
This is where my IPv6-fu is weak.
-
You want a /64 on the LAN side, not a /48. If you receive a /48, you have 65536 /64s. Each of those /64s can be assigned to an interface. You normally have /64s on the LAN, so that SLAAC will work properly. When you configure an interface, you use the IPv6 Prefix ID to select which /64 to use.
-
The 6to4 config on the Asus is handing me the /48 and none of the fields are editable so I guess it's decided by the tunnel broker. As you know FiOS isn't and seemingly will never be native IPv6. But their 1gig/1gig for $80/month is a STEAL.
So I guess I should statically assign the pfWAN an IP from the /48 then slice off a /64 and assign it to the pfLAN?
-
The 6to4 config on the Asus is handing me the /48 and none of the fields are editable so I guess it's decided by the tunnel broker
No, it's determined by your router. I used to use a 6in4 tunnel with a /56 and I still was able to select the /64 I used.
-
The 6to4 config on the Asus is handing me the /48 and none of the fields are editable so I guess it's decided by the tunnel broker
No, it's determined by your router. I used to use a 6in4 tunnel with a /56 and I still was able to select the /64 I used.
The length is not editable in the Asus. I get the LAN prefix and length and the router, nothing is editable.
Perhaps I should be using "track interface" on the pfWAN?
On the Asus 6to4 status page: (details obfuscated)
LAN IPv6 Address 2002:xxxx:yyyy::1 (the Asus LAN)
LAN Prefix Length 48
LAN IPv6 Prefix 2002:xxxx:yyyy::On the pfWAN (using DHCP6)
IPv6 Address 2002:xxxx:yyyy::1:1 (so it looks as though it sliced off ::1:zzzz (the next /64 for the pfWAN)
Subnet mask IPv6 64So I'm trying to figure out how to delegate the 2002:xxxx:yyyy::1:zzzz /64 slice to DHCP6 on the pfLAN interface.
I hope this is clear enough.
-
I have used an Asus Merlin with ipv6 and as far as I know it cannot delegate a prefix. It just hands out individual addresses.
You should probably ask on the Merlin forum though.
https://www.snbforums.com/forums/asuswrt-merlin.42/
