DHCPv6 problem with Netgear router



  • Hi everyone,
    after I had finished configuring the pfsense box, I wanted to add IPv6 support, but the netgear router on the pfsense LAN interface does not get an IPv6.
    I configured as follows after a suggestion:

    LAN -> static ipv6 2001: b07: XX1: XX2 :: 1/64

    I had to create a GIF because pfsense is cascaded to a modem and I can not use the 6RD, so I opted for a 6in4 tunnel as suggested.
    I created a GIFs:
    GIF parent interface WAN
    GIF remote address 81.208.50.214
    GIF tunnel local address 2001: b07: XX1: XX2 ::
    GIF tunnel remote address 2001: b07: 51d0: 32d6 ::
    GIF tunnel subnet 64

    I associated the GIF to a new interface leaving the IPv4 settings, IPv6 on none, and the MTU on 1480.
    I verified that the gateway was created and set as default and online.
    I added a rule to the interface just created for the tunnel and checked the one on the LAN interface.
    At this point from the pfsense box I can ping ipv6.google.com
    But I can not figure out how to select the DHCPv6 and RA server.
    I tried to enable it, select managed and write as interval 2001: b07: XX1: XX2 :: 2 to 2001: b07: XX1: XX2 :: 200 and also the two dns google but the netgear router does not get any IPv6 address on its WAN.
    On the netgear router it is possible to select the automatic detection mode in the ipv6 category where the DHCP server can be activated, but it is shown here that there is no IPv6 address on the WAN.

    Thank you for the suggestions


  • LAYER 8 Global Moderator

    @mikekoke said in DHCPv6 problem with Netgear router:

    LAN -> static ipv6 2001: b07: XX1: XX2 :: 1/64

    Where did you come up with that??
    route6: 2001:b00::/29
    descr: Fastweb Networks ipv6 block



  • @johnpoz said in DHCPv6 problem with Netgear router:

    @mikekoke said in DHCPv6 problem with Netgear router:

    LAN -> static ipv6 2001: b07: XX1: XX2 :: 1/64

    Where did you come up with that??
    route6: 2001:b00::/29
    descr: Fastweb Networks ipv6 block

    What do you mean ?
    My ISP is Fastweb.


  • LAYER 8 Global Moderator

    And they assigned that space to you? And told you to setup a tunnel? Why would you be putting the same prefix on your lan as you do on your gif? And your gif tunnel addresses looked all borked as well.. They are not even in the same prefix...

    Here for example is a gif setup... The local and remote address are in the same /64 prefix.. You using 0000 with that :: on the end?

    0_1544374502234_gifsetup.png



  • @johnpoz Yes, it is the space assigned to me.
    I'm not very experienced in ipv6, so I asked the Fastweb forum where they suggested these settings to create the tunnel, having the pfsense wan with private ip address.


  • LAYER 8 Global Moderator

    Where did you get the remote IP from for your gif tunnel? Is that your wan IP of your isp router your behind?

    I would suggest you get with your ISP on how to setup a IPv6 tunnel to them.



  • @johnpoz These are the basic settings that Fastweb provides to all users.
    That IP is provided to everyone for the tunnel.
    81.208.50.214( It is supplied for northern Italy )
    2001:b07:51d0:32d6::


  • LAYER 8 Global Moderator

    I suggest you contact your ISP for clarification because you don't create a local IP in your tunnel and a remote IP in your tunnel that are not in the same prefix.. And you sure and hell would not use the same prefix on your tunnel as you do on your LAN side, etc..

    Do you have a link to these instructions?




  • LAYER 8 Global Moderator

    Says they

    Fastweb offers the service through Tunnel 6rd in DHCP Option 212 configuration (ie all the tunnel data arrive via DHCP)

    You can set your wan to 6rd..

    But not sure how you think you can convert the info they give to a GIF configuration?

    0_1544378337208_6rd.png

    0_1544378344854_gifvs6rd.png



  • @johnpoz I do not understand what you mean ?
    So could I create a 6Rd tunnel even though pfsense has a private ip as a WAN address?


  • LAYER 8 Global Moderator

    NO.. Get with your ISP... The info in that link is for a 6rd tunnel - you can not just convert that to the settings you put into a gif tunnel.



  • @johnpoz I understand.
    In fact, to avoid mistakes I asked for advice on that forum and they gave me that configuration for 6in4 which is ultimately wrong.


  • LAYER 8 Global Moderator

    Where did they give you that - in your link to your thread... They DID not give you any info for GIF..

    That guy was giving you some example from his network - you would have to pull the info from your own settings.

    CALL YOUR ISP!!! Have them give you the ADDRESSES to use for your GIF and what network to put on your LAN - not try and translate stuff from your 6rd info.. Which you could prob pull out the addresses when you setup 6rd... But you can not put prefixes into your ADDRESS spots on your GIF..



  • @johnpoz Request sent now.
    That boy did not seem to have meant that configuration as an example.
    Thanks again for the clarification.



  • @johnpoz said in DHCPv6 problem with Netgear router:

    Where did they give you that - in your link to your thread... They DID not give you any info for GIF..

    That guy was giving you some example from his network - you would have to pull the info from your own settings.

    CALL YOUR ISP!!! Have them give you the ADDRESSES to use for your GIF and what network to put on your LAN - not try and translate stuff from your 6rd info.. Which you could prob pull out the addresses when you setup 6rd... But you can not put prefixes into your ADDRESS spots on your GIF..

    Hello,
    after some clarifications I managed to create the tunnel.
    But I would like to ask two questions about it, when I try to ping an ipv6 from an LAN device, I get an expired request even if it is the dns.
    When I try to solve ipv6 from the pfsense box it returns me with the wrong urls, for example if I solve 2a00:1450:4005:800::200e it goes out ham11s01-in-x0e.1e100.net
    I can not solve these two problems.


  • LAYER 8 Global Moderator

    So what what did you have to do exactly to get the tunnel up? Did you call the ISP and get the correct info?

    Not sure what dns has to do with expired in transit I take it what your seeing on your ping? Can you post of exactly what your seeing.
    As to what that IPv6 resolves to for PTR - yeah that is what it resolves too.

    ;; QUESTION SECTION:
    ;e.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.5.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa. IN PTR
    
    ;; ANSWER SECTION:
    e.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.5.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa. 86400 IN PTR ham11s01-in-x0e.1e100.net.
    
    

    What exactly is the problem?
    The forward of that matches.

    ;; QUESTION SECTION:
    ;ham11s01-in-x0e.1e100.net.     IN      AAAA
    
    ;; ANSWER SECTION:
    ham11s01-in-x0e.1e100.net. 86400 IN     AAAA    2a00:1450:4005:800::200e
    
    

    That IP is a google owned IP.. So not exactly sure what the question is there.. Are you not understanding why it says 1e100.net vs google?



  • @johnpoz Actually the information provided at the beginning was correct. The tunnel works and I can surf on ipv6, the only solution to get ipv6 on the router was to manually hypostate it, so it provides addresses to devices on the LAN network.
    I did some research and I think I understand the result of the dns, but I still can not understand why I can not ping ipv6 addresses from the LAN.

    PS C:\WINDOWS\system32> ping 2a03:2880:f11a:83:face:b00c::25de
    
    Esecuzione di Ping 2a03:2880:f11a:83:face:b00c:0:25de con 32 byte di dati:
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    
    Statistiche Ping per 2a03:2880:f11a:83:face:b00c:0:25de:
        Pacchetti: Trasmessi = 4, Ricevuti = 0,
        Persi = 4 (100% persi),
    PS C:\WINDOWS\system32> ping ipv6.google.com
    
    Esecuzione di Ping ipv6.l.google.com [2a00:1450:4005:80a::200e] con 32 byte di dati:
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    
    Statistiche Ping per 2a00:1450:4005:80a::200e:
        Pacchetti: Trasmessi = 4, Ricevuti = 0,
        Persi = 4 (100% persi),
    PS C:\WINDOWS\system32> ping -6 facebook.com
    
    Esecuzione di Ping facebook.com [2a03:2880:f129:83:face:b00c:0:25de] con 32 byte di dati:
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    Richiesta scaduta.
    
    Statistiche Ping per 2a03:2880:f129:83:face:b00c:0:25de:
        Pacchetti: Trasmessi = 4, Ricevuti = 0,
        Persi = 4 (100% persi),
    

  • LAYER 8 Global Moderator

    @mikekoke said in DHCPv6 problem with Netgear router:

    Richiesta scaduta.

    Request timed out - what are you rules.. If you don't allow icmp then no you wouldn't be able to ping..

    Do a traceroute - does it actually send it to pfsense IPv6

    So what network/prefix did you put on your lan side network?

    You sure your actually even surfing via IPv6?

    What does say https://test-ipv6.com/ show you when you go there from a client


Log in to reply