Cannot route IPv6 - Frustrated
-
@jknott
Glad we got that cleared up. Sorry for pinging a network.Does anyone have any idea how I can get me IPv6 setup working?
Someone somewhere has to be using Comcast Business, pfSense, and a static /56, right?
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
@jknott
Glad we got that cleared up. Sorry for pinging a network.Does anyone have any idea how I can get me IPv6 setup working?
Someone somewhere has to be using Comcast Business, pfSense, and a static /56, right?
Actually, that is what 2600:: has been set up for. An easy to remember ipv6 address when you may not have working dns that you can ping.
-
@isaacfl
Yeah, That's how I found that IP address. I just googled "easy to remember pingable IPv6 addresses.Anyway, I'd still love to hear from anyone with Comcast Business, pfSense, static /56. I say business because I'm told by Comcast that they use different firmware on Business service modems.
Not that this is anyone else's problem, but my bill went up significantly when I got the static /30 and /56. I had been using my own modem up until then. The new bill with static and their "gateway" is $50.00 more. All this was to get IPv6 routing working. Soon I'm going to tell them where they can put their "gateway" & static IP.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
@jknott
Glad we got that cleared up. Sorry for pinging a network.Does anyone have any idea how I can get me IPv6 setup working?
Someone somewhere has to be using Comcast Business, pfSense, and a static /56, right?
What you have above doesn’t really make since to me. I don’t have comcast business or static ipv6. Mine is dhcp /56
But if you really have a static /56 assigned to you, then this is what I would try.
For discussion, we are going to say they gave you 2605
1234:12::/56This means you have 256 subnets:
2605:1234:1234:1200/64 2605:1234:1234:1201/64 2605:1234:1234:1202/64 …… 2605:1234:1234:12fe/64 2605:1234:1234:12ff/64On Wan interface
IPv6 Configuration Type, choose SLAAC. Everything else ok.On your other interfaces, since it is static, you have to just like you do in ipv4, you need to assign a subnet. Remember these are hex numbers, 00 - ff
I left a lot of empty subnets on mine. So If I picked the 10 and 20 subnets as examples
2605:1234:1234:1210/64 for LAN 2605:1234:1234:1220/64 for OPT1
Then on your LAN interface:
IPv6 Configuration Type, choose Static IPv6. Everything else ok. Static IPv6 Configuration IPv6 Address: 2605:1234:1234:1210/64 IPv6 Upstream gateway: NoneThen on your OPT1 interface:
IPv6 Configuration Type, choose Static IPv6. Everything else ok. Static IPv6 Configuration IPv6 Address: 2605:1234:1234:1220/64 IPv6 Upstream gateway: NoneI have found I get best results by rebooting the router for this to fully work.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
@isaacfl
Yeah, That's how I found that IP address. I just googled "easy to remember pingable IPv6 addresses.Anyway, I'd still love to hear from anyone with Comcast Business, pfSense, static /56. I say business because I'm told by Comcast that they use different firmware on Business service modems.
Not that this is anyone else's problem, but my bill went up significantly when I got the static /30 and /56. I had been using my own modem up until then. The new bill with static and their "gateway" is $50.00 more. All this was to get IPv6 routing working. Soon I'm going to tell them where they can put their "gateway" & static IP.
Are you sure you have a "static" /56? because on your first post, it kind of looked like you were trying to use a dynamic prefix /56?
-
@isaacfl
I've only ever been able to use Comcast via DHCP6 on WAN. SLAAC does not get me an address. Also, other than the fact that I don't have an OPT interface. I'm basically configured like you typed up.What I'm told by Comcast is that I HAVE to use DHCP6 on my WAN interface. I, WITH MUCH EXASPERATION, mentioned to them that I wanted static not DHCP for IPv6. They said that even though I was using DHCP, the subnet and address assigned to my WAN interface would not change. Apparently they assign the address to me but deliver it via DCHP6.
For IPv4 this is all working great. I don't understand why there are issues with IPv6. Clearly there's something beyond my grasp.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
@isaacfl
I've only ever been able to use Comcast via DHCP6 on WAN. SLAAC does not get me an address. Also, other than the fact that I don't have an OPT interface. I'm basically configured like you typed up.What I'm told by Comcast is that I HAVE to use DHCP6 on my WAN interface. I, WITH MUCH EXASPERATION, mentioned to them that I wanted static not DHCP for IPv6. They said that even though I was using DHCP, the subnet and address assigned to my WAN interface would not change. Apparently they assign the address to me but deliver it via DCHP6.
For IPv4 this is all working great. I don't understand why there are issues with IPv6. Clearly there's something beyond my grasp.
Ok, I think you have dynamic. This is not "static" but it is unchanging, as long as your DUID doesn't change. So with pfsense as long as you don't rebuild the router it will stay the same.
It is part of one of the ipv6 recommended standards that as long as you use the same DUID and you aren't offline for extended period of time then the ISP will give the same prefix (/56 in your case). With pfsense the DUID is created and stored during install and as long as you don't manually change it, it won't change.
With ipv6 there are 2 parts to dhcp. One is what you are probably familiar with that just gets an ip address to use on an interface. The other part is a request for a prefix that you can then use to assign downstream.
Here is my Interface WAN setup:
Here is my LAN interface. Note it is track interface and I picked 10 for this subnet from my pool of 00-ff.
My OPT1 is the same except IPv6 prefix ID is 20. Again arbitrary pick on my part.
-
Also I think it is best to reboot after changing all of this. I don't think you have to, but it shouldn't hurt.
-
I have tried the hint on WAN, tack interface setup until I was blue in the face. It does not work with my setup.
I'm not sure you're reading all the way back to the beginning. My pfSense router does not handle DHCP for my LAN, nor does it handle VLANS.
All I want to use the router for is routing. All other layer 2/3 is handled by my Cicso switch. DHCP is handled by a Redhat box. All I want it to route IPv6 out of my LAN to pfSense, and then to the Comcast "Gateway" and then to the freakin' internet.
IPv4 works very well this way. I believe there's a way to do what I want, just something isn't right.
-
This is IPv4. Working great. See how the VLANS are all 172.16.x.254. That's the default gateway on all my subnets. All subnets route to the default route in the cisco, which is the 172.16..0.253/30 which is connected to the pfSense router. Pf sense has a route back to 172.16.0.0/16 via that same interface.
I need this to work the same (or equivalent) on IPv6. Track interface does not get an IPv6 address at all.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
I have tried the hint on WAN, tack interface setup until I was blue in the face. It does not work with my setup.
I'm not sure you're reading all the way back to the beginning. My pfSense router does not handle DHCP for my LAN, nor does it handle VLANS.
All I want to use the router for is routing. All other layer 2/3 is handled by my Cicso switch. DHCP is handled by a Redhat box. All I want it to route IPv6 out of my LAN to pfSense, and then to the Comcast "Gateway" and then to the freakin' internet.
IPv4 works very well this way. I believe there's a way to do what I want, just something isn't right.
I am not sure I am following your configuration then?
So when you are saying "does not handle" you don't mean it doesn't work? It is just being done somewhere else?
If that is the case, then you probably have your "somewhere else" configured wrong, cause in ipv6 routing just works, or it should, since it is automatic. -
Maybe this will help. In an ipv6 router every interface negotiates a link local address (fe80 addresses). You don't set default gateways because routers advertise themselves to each other and devices.
So the brick box is pfsense, and it has a single interface internal connected to Cisco, which then further routes?
-
When I set Track interface on LAN it doesn't get an IP address. I still am getting an IPv6 address on WAN.
-
Destination Gateway Flags Netif Expire
default 96-77-17-178-stati UGS igb0
10.200.0.0/24 172.16.0.253 UGS igb1
10.200.1.254 link#2 UHS lo0
10.200.1.254/32 link#2 U igb1
xx.xx.17.176/30 link#1 U igb0
xx-xx-17-177-stati link#1 UHS lo0
localhost link#4 UH lo0
172.16.0.0/16 link#2 U igb1
pfSense link#2 UHS lo0Internet6:
Destination Gateway Flags Netif Expire
default fe80::fc91:14ff:fe UGS igb0
localhost link#4 UH lo0
xxxx:xxxx:xx::c000: link#1 U igb0
xxxx:xxxx:xx::c000: link#1 UHS lo0
xxxx:xxxx:xx::c000: link#1 UHS lo0
fe80::fc91:14ff:fe fe80::fc91:14ff:fe UGHS igb0
fe80::%igb0/64 link#1 U igb0
fe80::21b:21ff:fe7 link#1 UHS lo0
fe80::%igb1/64 link#2 U igb1
fe80::1:1%igb1 link#2 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0 -
@johnnybinator said in Cannot route IPv6 - Frustrated:
When I set Track interface on LAN it doesn't get an IP address. I still am getting an IPv6 address on WAN.
from the way picture shows it looks like, it is all done in the Cisco. It is just a point to point connection from the pfsense to cisco? You said Cisco does layer2/3. Layer 3 includes ipv6, so the Cisco has to be configured to do the routing in your case.
Your best bet is to hook a pc to the pfsense LAN interface and see that it is able to ping the internet.
-
@isaacfl
You know, that's a good idea. I hadn't thought of that. Thanks. -
@johnnybinator said in Cannot route IPv6 - Frustrated:
@isaacfl
You know, that's a good idea. I hadn't thought of that. Thanks.Have you been using pfsense for awhile, so it is only ipv6 you are struggling with? or are you new to pfsense?
Will help me to know that.
-
I've been running pfSense for 5 + years. I love it. IPv6 is pretty new to me. I can see there's more than a small amount to learn.
I've been in IT for 25 years, I usually adapt to new things easier than this. Maybe I'm getting old.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
I've been running pfSense for 5 + years. I love it. IPv6 is pretty new to me. I can see there's more than a small amount to learn.
I've been in IT for 25 years, I usually adapt to new things easier than this. Maybe I'm getting old.
ok I would try the get a pc working on the lan side of the pfsense then. I would bet it is probably working, then we would need to figure out how to get it to work in your configuration.
I have only been using pfsense for a few months, so new on its idiosynchrocies, but I have been working with ipv6 for a few years now. So I am more familiar with ipv6 than pfsense.
I won't be able to spend anymore time today, but I will say that ipv6 routing isn't as difficult as ipv4. The difference is ipv6 uses the link local address and multicast on each interface to do the actual routing.
-
@johnnybinator said in Cannot route IPv6 - Frustrated:
I've been running pfSense for 5 + years. I love it. IPv6 is pretty new to me. I can see there's more than a small amount to learn.
I've been in IT for 25 years, I usually adapt to new things easier than this. Maybe I'm getting old.
For the most part, IPv6 works the same as IPv4, but with longer addresses. However, there are some differences, such as ARP being replaced with neighbour discovery, default gateway and prefix being automagically configured with router advertisements. There are other things for improved performance, such as fix length headers and extension headers
One book I find is a good reference is IPv6 Essentials, from O'Reilly.
