Ask help about BASIC ipv6 setup with /48 static address



  • Hi everyone,

    I recently doing something on Proxmox VE(KVM) + Pfsense + IPv6 address block.

    Here is what happened on me :

    I setup two brs:

    vmbr0 to physical interface (enp5s0f0) as pfSense WAN running on a KVM VM

    vmbr1 to none as p'fSense LAN running on the same KVM VM

    the server IDC provide an IPv6 address block 2607:fca8:1a::/48 and Gateway address on ::1

    I tested setup VM on vmbr0 setup address like 2607:fca8:1a::f/48 and 2607:fca8:1a:1000::2/48 (Both gateway ::1/48), they all works fine ping google dns or something else.

    So I delete the test VM , then set pfsense VM WAN address 2607:fca8:1a::f/48 (Use pfsense gui),but then I try to setup LAN address as I thought (2607:fca8:1a:1000::1/56), it says address already in use by WAN

    So I searched some article says I should select DHCPv6 Client mode on WAN , so I can get PD to use on the LAN side.But the IDC i'm using now didn't enable DHCPv6.

    Then I thought maybe I should try set /64 on WAN, set another /64 on LAN, but seems cant get access from LAN side to the world.And if I set WAN to second /64 it even cant reach the ::1/48 gateway address.

    Sorry for my poor english, I have no choice but come here to ask help. What should I set the WAN(vmbr0 to physical interface) and LAN(vmbr1 to none interface but assign VMs to it) address to make VMs on the LAN(vmbr1) can access the world.

    PS: vmbr0 set 2607:fca8:1a::2/48 with gw 2607:fca8:1a::1 on the host system ( cause need it to access host web panel)


  • Netgate

    You likely do not need any IPv6 on WAN. They are probably routing the /48 to a link-local address but that is just a guess.

    | the server IDC provide an IPv6 address block 2607:fca8:1a::/48 and Gateway address on ::1

    If they have that /48 on the interface and not routed to you that is hopelessly broken and idiotic. Post the exact instructions they gave you regarding the IPv6 provisioning on that interface.



  • @derelict said in Ask help about BASIC ipv6 setup with /48 static address:

    You likely do not need any IPv6 on WAN.

    You do not need a routeable IPv6 address on the WAN interface. However, you do need an IPv6 link local address. You normally get one of those when IPv6 is enabled on an interface.



  • @derelict

    Hi there ,

    Sorry for the delay

    I send a ticket ask about if they just forget to tell me about the ipv6 address which the /48 routed to , and they send me these:

    "The default configuration is to assign the /48 to the switch port which it sounds like that is not what you need for your setup."

    Seems that they just assign the address block to the port, then I tell them it should be routed to an IPv6 address outside the block , there were no respond several days......

    Wanna to know if they didnt or unable to change the situation right now, will my address block work ?


  • Netgate

    No. That's a completely asinine way to do IPv6. They should route it to you, not put it on the interface. I can't think of any valid reason for 65536 /64 networks on one interface.



  • @derelict

    Well....Sounds like the only option right now is waiting...

    Thanks for your help


  • Netgate

    "The default configuration is to assign the /48 to the switch port which it sounds like that is not what you need for your setup."

    It's not what anyone needs for any setup.