IPv6 doubts

cmpsalvestrini

I will certainly do that. Thanks for the enlightenment Insert appropriate illuminated face here

Derelict

Just ping6 an address on the /56 from the outside and pcap on WAN for it. No need to set anything up. If you don't see anything pcap on the interface for everything IPv6 and see if you see Neighbor Discoveries for it.

cmpsalvestrini

So let's see if this is correct:

a) Added the link-local address for the ISP-provided router as gateway for the LAN network (the ISP's router page gave me that information, as per screenshot:

WAN is as is (static 2001:818:d9d9:ba00::1/64, gateway 2001:818:d9d9:ba00::1)

LAN side is configured as follows:

This should in theory give me IPv6 Internet accessibility in my LAN side.

I hope I understood correctly what was suggested here. Feel free to yell at me if I haven't done something well.

Derelict

No.

Set the WAN to get an address using SLAAC and see what it does.

Derelict Netgate about 3 hours ago

What do you get on the WAN if you set it to SLAAC? (I would set it to SLAAC, apply, then shut down pfSense, reboot your modem until it comes back green, then start pfSense).

See what WAN shows in Status > Interfaces after that.

Forget about the /56 for the moment. Just do what the ISP told you to do. When you do that and it doesn't work (which is the highly-likely outcome) you can go back and say, "I did what you told me to do and it didn't work."

That is the only way to deal with ISP tech support.

cmpsalvestrini

Right. I'm connected to the WAN via SLAAC on the pfSense WAN port. Let's see now... I have IPv6 address, i have a gateway. Screenshot:

All fine and dandy. I get good ping6 too:

PING6(56=40+8+8 bytes) 2001:818:d9d9:ba00:6eb3:11ff:fe1b:5402 --> 2a00:1450:4003:806::2004
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=0 hlim=57 time=11.665 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=1 hlim=57 time=11.528 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=2 hlim=57 time=11.364 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=3 hlim=57 time=11.576 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=4 hlim=57 time=11.548 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=5 hlim=57 time=11.471 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=6 hlim=57 time=11.333 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=7 hlim=57 time=11.477 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=8 hlim=57 time=11.443 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=9 hlim=57 time=11.334 ms
16 bytes from 2a00:1450:4003:806::2004, icmp_seq=10 hlim=57 time=11.288 ms
^C
--- www.google.com ping6 statistics ---
11 packets transmitted, 11 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 11.288/11.457/11.665/0.113 ms

Now as to the LAN side... Plotz. A Windows client reports no IPv6 gateway at all, so I get a juicy No network access.

EDIT: Doh. I had not enabled RA... -.- Still, the Windows client reports "No Internet access".

johnpoz

So go back to your idiot ISP and say ok Im slaac and got xyz for IP... How do i use the /56 you told me I have behind my router..

Derelict

OK, now you have to determine if traffic for 2001:818:d9d9:ba00::/56 is arriving on your interface. Set up a packet capture like this and start it.

The try to do stuff with it like ping6 2001:818:d9d9:ba01::1/56 from the outside, telnet to it from the outside, etc.

Then stop the capture and see what is there.

If you need someone to ping6 it from the outside holler.

Hmm. This is interesting: