IPV6 on more than one NIC



  • Is it possible to track interface, in may case WAN for more than one NIC?
    I have a LAN and a DMZ. Each one has their NIC. I did enable IPV6 on LAN, but I seem unable to track interface for DMZ. I suppose this is an obvious fact, but I do not know why, and I do not know if there is a way around it.
    Can someone explain that to me?



  • You should be able to set it up the same as you would the LAN. Can you not set IPv6 Configuration Type to track interface? Are you seeing some error?



  • @jknott
    Hello JKnott, yes, i receive an error telling me that the track6 prefix id is either being used or out of range if i set it to 1.

    0_1545355920278_6cf52c99-97aa-469d-9be9-1d1ccfd81b6f-image.png

    0_1545355939825_6c52dba2-8eda-4da5-82d6-1963875cdec1-image.png

    I should add that the ISP provides me with a /128 IPV6. I suppose it is a single address. My guess is that may be the issue. But i am not too sure, i am trying to get my head wrapped around a few things with pfSense.... Struggling.... Struggling.



  • Check "IPv6 Prefix ID" on the page for that interface. It must be different for each interface. Unless you get only a /64 prefix from your ISP, you should have multiple IDs to use. I have a /56, which means I can use any ID in the range of 0 - ff. That /128 on the WAN interface only provides a routable address for the router. It's not using in routing traffic between it and the Internet. You should have a block of addresses, with at least a /64 prefix, but it could be much more. As I mentioned, I have a /56 and some a /48.



  • How do I find out what is my prefix ID? Should i contact my ISP?



  • @jknott I spoke with the ISP they say it is a 64. I am not sure they provided me the correct information. Is there a way to calculate the delegation size of an IPv6? I have looked it online and from what i can calculate it is a 56.
    I am confused.

    EDIT:
    Not satisfied by the answer i received, i contacted the ISP again, and they stated that they cannot tell me what delegation size is my IPv6 for something that5 has to do with security reasons?



  • If you've only got a /64, then you can only configure one interface. With my /56, I can choose any value I want 0 - ff, for up to 256 interfaces/VLANs. Ask your ISP if they can give you something a bit bigger. The delegation size is determined entirely by the prefix they give you. A /64 gives you a single /64 block of 18.4 billion, billion addresses. A /56, 256 /64s and a /48, 65536. Other values may also be used. Also, check "DHCPv6 Prefix Delegation size" on the WAN interface is big enough, provided your ISP provides more than a /64. You can pick any size up to that offered by the ISP.



  • @jknott Not satisfied by the answer i received from the ISP, i called back, and they stated that they cannot tell me what delegation size is for my IPv6 for something that has to do with security reasons?

    EDIT:
    I spoke again with the ISP, and htey said there were no security reason, but that IPv6 isn't much used for costumers and that the rep did not understand what i was talking about. They do not know how to answer my question. So, I tried using a /56 in my wan, and it assigned an IP to my 2nd NIC.
    The issue for me now is to know if it works.



  • @nthly said in IPV6 on more than one NIC:

    The issue for me now is to know if it works.

    There are ways to tell what prefix is assigned by examining traffic with Wireshark, but a bit complex to describe here. What you can do is experiment with the prefix ID and also the delegation size to see what works. Who knows, they may surprise you and provide a /48. 😉

    See if prefix ID ff works with that /56.

    Perhaps if you mention who your ISP is, someone else here can advise better.

    BTW, it sounds like they could use better tech "support".



  • @jknott Sure.

    My ISP is Spectrum/TWC.
    Yes. They could definitely use better Tech Support. The said that what I am asking is mostly handled by the Business portion and Customer side is not really knowledgeable about it. It would be disappointing having to go with a business line just to get a larger IPv6 assignment. Maybe they think IPv6 addresses are scarce?

    I had an IP assigned to both LANs using /56, but when i tested it online it did not work, not even for my LAN. I now reverted to /64, and despite rebooting the machine and tests tell me i am not using IPv6.



  • I see they have a community support forum. Perhaps someone there can help.



  • @jknott
    Here is what I have found on the Thread.

    "TWC uses DHCP6. You'll get a /128 for your WAN interface and a /56 PD. IPv6 is not intended for address translation and should be considered un-NAT-able."

    However, in order for me to be able to have IPv6 addresses on both LANs i need to check "Send IPv6 prefix hint" under "DHCP6 Client Configuration".
    But it won't work.



  • @nthly

    Post your issues in that community forum. People there will have experience with your ISP. I can only advise based on my experience with another ISP. Perhaps you can find some info that you can post here for the benefit of others. However, that /128 is irrelevant to the issue and the /56 means you have 256 /64s available. Also, I would hope that no one ever uses NAT on IPv6. It was needed to get around the IPv4 address shortage and created it's own problems in the process.



  • @jknott Alright. I doubt they will volunteer to help me with pfSense though.


  • LAYER 8 Netgate

    Be sure you check the debug logs on the DHCP6 portion of your WAN configuration.

    You can then search the DHCP logs for process dhcp6c to see exactly what is happening.

    This is the configuration that works for me (Cox Las Vegas.)

    0_1545428505156_Screen Shot 2018-12-21 at 1.38.09 PM.png



  • @nthly

    Alright. I doubt they will volunteer to help me with pfSense though.

    They might. My community forum provided some help for me and now I am able to provide pfSense help in return. The thing is, they know your ISP better than I do and may know of some issues, whereas I can only provide general info. Also, some configuration is the same no matter what router you're using.

    However, you won't know, if you don't ask.



  • I’m on legacy charter (now spectrum) and the prefix delegation size of 56 works (checked send ipv6 prefix hint). It’s been a while since I set this up but if I remember right I had to power off my pfsense box followed by the modem, then power on modem and finally pfsense box. However I’m currently not using dhcpv6 server but router advertisements of unmanaged for two vlans.



  • @salth20fan Thank you for the input salth20fan.
    I was under the impression from my clueless playing around with the functions in IPv6 that it could have been a /56, but the info i got from Spec/Chart/TWC were less than clarifying! I do not blame them... given I may not be informed enough to properly work my questions.



  • @jknott
    Definitely! Thank you.



  • @derelict
    Hello derelict.
    I did try to enable IPv6 hint, Debug, and I cannot remember if "Do not allow PD...." is checked by default -i think so. Then i went to System Logs > DHCP, and checked. I believe I received some sort of error there of the sort 64 + 4 + 64 along with mention to delegation size. But I cannot remember from the top of my head.

    What is astonishing for me is that in the mist of all that, the machine on which my pfSense was running gave up. Upon rebooting the hdd of the PC (an old optiplex 755 core duo) started spinning with crazy noise. I checked online with my phone and i replaced the CMOS battery. It never powered up again.
    I am not sure it is the HDD or the motherboard that does not work anymore. I believe the second since it receives no power.

    Regardless, It won' be worth trying and saving it. A friend of mine will donate me his old optiplex with an Intel i3-4130 (AES NI enabled i think for when 2.5 drops?).

    Bottom line, Thank you for your help. I will resume my tinkering as soon as i receive the replacement machine. Another alternative is buying an appliance with pfSense on it. But to do that I may need guidance. My needs are home network and 1Gbps internet approximately --mostly gaming. (I'm open to suggestions in regards to the appliance).

    Thx



  • Hello. So I just moved into an area with Spectrum as well. My IPv6 works fine. I have two internal interfaces, LAN and DMZ. Both are serving up IPv6 just fine.

    I put how I did it on my blog. Link below. Just a big FYI, Spectrum doesnt let you ping the gateway so you have to disable the Gateway Monitoring or else pfSense thinks its down. Thats at the bottom of my blog. Hope that helps! if you still having issues, make sure you don't have any funky rules or something blocking ICMP for IPv6. its used heavily in IPv6 for communication.

    https://malacube.wordpress.com/2018/12/29/pfsense-spectrum-ipv6-setup/



  • @sneffy80
    Thank you so much for the info. I will definitely check your link out. I am still waiting for an Intel I350 to provide the new computer i got with lan capabilities --it should arrive in 2/3 days at most.
    If it isn't an issue, I'd like to keep in touch with you while setting IPv6 up.



  • @nthly fo sho. No worries, just hit me up in the forum.



  • @sneffy80
    Great!

    Thank you very much for the guide.
    I have now IPv6 on every interface.

    Much appreciated!



  • @nthly

    Glad to help.