Mark gateway as down and don‘t use it
-
Well ok, but instead of that I could use my second WAN or why do you prefer a tunnel broker? As said I have both WAN's with Dual Stack. I only use the second WAN as IPv4 only because of the Track Interface problem.
I don't know how to setup my LAN other? If I chose a static IP for it, IPv6 stops working.
-
if both have ipv6 then you could do the npt and ula sort of setup.
-
NPt doesn‘t work with dynamic prefixes. There is a feature request since years now...
-
Then use HE ;)
Or just freaking turn it off.. What resource is out there that is only available via IPv6?? I mean really? While I agree ipv6 is the future.. Its not tomorrow that is for damn sure.
If its a headache just disable it. No more headache.
-
Here in Germany most new private internet connections only have DS-Lite. Connecting to them you need an IPv6.
Next is that my ISP starts switching IPV4 only or DS customers to DS-Lite.
I‘m not a fan of IPv6, but now is the time to discover how it works and troubleshoot it.
-
So you need to access these private internet connections?
I agree learn and play.. Been using it for years - and to be honest while its kewl as shit and fun.. It can also be a PITA..
Have you second isp give you static... Get your own static ipv6 range and advertise it out of your 2 isp connections, etc. etc.. There are many ways to skin this cat, some easier than others. Some less painful than others.
-
No. No ISP in Germany provides static IPv6 :(
I do some work for people, for that I have to connect to them, yes. It's strange, the WAN2 IPv6 (Telekom) works fine. Only WAN1 IPv6 is the problem, but only the routing from LAN to Internet. WAN to Internet is no problem.
I found a lot of threads regarding this problem with pfSense, but no solution.
To be clear:
-
Then just get your own..
https://www.ripe.net/manage-ips-and-asns/ipv6/request-ipv6
There is always a solution.. Its just many small companies don't want to pay to do it the right way ;) If you want to play on the world stage with IPv6 and have multiple redundant paths and be able to route this network over these paths.. Just like you would do with IPv4 you need to own the space, etc. No its not cheap.. Then again most companies that don't want to pony up to play in the big game don't need multiple isp connections, and just live with the SLA of their 1 provider, etc.
We do this with IPv4, you advertise your network out of your locations, with different metrics for the different locations... If one location goes down then the network is available at the other location, etc. This is not new, IPv6 really doesn't change this aspect.. You own some space, you have your ASN you work with your isps to allow you to advertise prefixes of your space out of this location or that location, etc. etc. be it IPv4 or IPv6..
So when you say there no solution, your just saying you have not found a solution that fits your current cost model.
That there is no isp in DE that provides static IPv6 seems unlikely - more like the ISP that charge what your willing to pay do not provide static IPv6 for free, etc.. So your saying deutsche telekom will not provide you with internet connection and a static ipv6 prefix?
-
Ok I‘ve got it running. Had to do some changes in my IPv6 config to fix the packetloss problem (seems to be a bug in pfSense).
Now I‘ve setup WAN2 IPv6 and enter it as Tier 2 in Failover group. After that I disable gateway monitoring action and uncheck the only prefix setting.Now if WAN1 fails, it switches to WAN2. But there IPv6 can‘t work so it fallback instant to IPv4. It‘s running like a charm, I‘m happy.
Let‘s hope for a feature dynamic Prefix in NPt to get IPv6 failover proper running. -
@mrsunfire said in Mark gateway as down and don‘t use it:
(seems to be a bug in pfSense).
And what changes were those exactly? If you feel there is a bug then you should be reporting it.
-
Now I only request a prefix, not an IP adress. Without that I had massive random packetloss. The WAN interface didn't forward traffic sometimes. I could rebuilt this problem on different hardware and a fresh install of pfSense. But this happend only with my ISP Unitymedia. Deutsche Telekom worked fine. So I think it's a bug, but I don't know it.
-
When that is the case it is customary to duplicate the steps to repeat the condition and report it, so the developers have something to work with regarding your specific set of circumstances.
I understand it is a burden. Sometimes it is easier to just say, "it's a bug, fix it."
