Native IPv6 from Telekom using GPON and PPPoe [solved]
-
Note: This is a crosspost from /r/pfsense, but I'm the original author of that post too.
Hello guys,
I'm trying to configure native IPv6 that my ISP gave me, and I'm having difficulties with the setup.
I have a modem that is bridged now, and I pass that to pfsense. Everything seems to be just fine with IPv4, but IPv6 seems to have issues. I've called my provider and they said that the subnet that they can provide me is a /64, and they are using DHCPv6 to give out these addresses.What I did is for WAN I used PPPoe for ipv4 (fully working) and set DHCPv6 for ipv6. When I scroll down I have used delegation size of /64, and left everything else unticked, except "Request a Ipv6 prefix/infromation through the ipv4 connectivity link". Without having this ticked, even my router won't get an IPv6.
For the LAN I've used Static IPv4 addressing (which also works here), and used track interface for ipv6 and set my WAN as the tracked interface.
I have also enabled DHCPv6 on my router, hoping that it would give out the addresses like that. I have set that to /64 also.
At this point I have a fully routable ipv6 address on my router, but none of the devices connected to this router get any address assigned.
Could someone please help me understand why it would or wouldn't work, or how could I fix this? -
With only a /64 you can't have it on WAN and LAN. Ask your provider for a /56 or /48 subnet.
-
I called them today, and they said that the best they can do is /64. When I was using their router, I was able to get addresses for each of the devices, but only issue was that there were no firewall settings on that router and all the incoming connections were blocked by default (on ipv6).
Are there any other routers that would be able to use a /64 for this?
-
RTFM: https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv6-wan-types.html#dhcp6 and see if the "Request only an IPv6 Prefix" option will help. Note your WAN connection will then not receive a GUA.
-
I have already tried this, and when I only had that enabled, I did not get any IPv6 address/ or subnet or prefix or anything.
-
@bbusa said in Native IPv6 from Telekom using GPON and PPPoe:
I have already tried this, and when I only had that enabled, I did not get any IPv6 address/ or subnet or prefix or anything.
Was you LAN set to track the WAN interface?
I would forget about using an ISP that only provides a /64, and that maybe even dynamic.
If you need a decent/static IPv6 prefix use an /48 from He.net: https://docs.netgate.com/pfsense/en/latest/interfaces/using-ipv6-with-a-tunnel-broker.html
-
Yes, LAN was set to track.
Only issue is I do not really have a choice. I'm paying for a gigabit internet and I would like to get gigabit speeds. 99.9% of the traffic on my network is going to be ipv6 only traffic, therefore I would prefer to have great speeds. I have nothing against HE (I'm currently using them, as I need a solution in the meantime), but I would like to get this sorted. May I ask how was the ISP router able to advertise addresses? Is this a pfsense limitation or something else? -
@bbusa said in Native IPv6 from Telekom using GPON and PPPoe:
May I ask how was the ISP router able to advertise addresses?
Ask your ISP, it wouldn't surprise me if they cooked something up by themselves so you have to use their hardware.
-
They recommended to me that I should use passthrough, as they do not provide a router that has ipv6 firewall settings on it.
-
@bbusa said in Native IPv6 from Telekom using GPON and PPPoe:
At this point I have a fully routable ipv6 address on my router, but none of the devices connected to this router get any address assigned.
Could someone please help me understand why it would or wouldn't work, or how could I fix this?ISPs typically use DHCPv6-PD to assign a prefix for the local network. It will work with a /64 or larger prefix. Does your ISP support it?
-
As I mentioned above, my ISP will only assign me a /64.
-
I called them today, and they said that the best they can do is /64.
That's really too bad. They should not deploy IPv6 at all until they get a clue.
The generally best answer to a moronic ISP is to use a /48 from www.tunnelbroker.net until your ISP comes to their senses.
-
@bbusa said in Native IPv6 from Telekom using GPON and PPPoe:
As I mentioned above, my ISP will only assign me a /64.
That wasn't my question. It was do they support DHCPv6-PD? That's the way many ISPs provide DHCPv6, even for a /64, as my ISP did initially. They now provide a /56. Incidentally, the WAN interface does not need a routeable address. Link local addresses are often used for routing with IPv6.
-
I'm uncertain what kind of delegation method they are using, when I called them on the phone, the only thing they could tell me about this ipv6 connection is that they can see that I've got a /64 subnet assigned to my connection, and they wished me luck in configuring it. My question is, would I have difficulty with other hardware/software also with this?
I had perfectly good LAN (all my devices got a routable ipv6 address) without pfsense (only had firewall issues) and thats why I went with pfsense. But if pfSense is not compatible with this kind of routing, I think its better for me to look for an alternative solution. Anyone would have any tips maybe? -
@JKnott you mentioned that if they are using DHCPv6-PD then it will work with /64 or larger prefix. Could you please share what kind of configuration would I need to have in order to get it working?
-
Setting the DHCP6 configuration on WAN to pull the /64 delegation in the Client Configuration
Setting one and only one inside interface to Track Interface with an IPv6 Prefix ID of 0.
-
@Derelict This was the original config that I've tried.
"What I did is for WAN I used PPPoe for ipv4 (fully working) and set DHCPv6 for ipv6. When I scroll down I have used delegation size of /64, and left everything else unticked, except "Request a Ipv6 prefix/infromation through the ipv4 connectivity link". Without having this ticked, even my router won't get an IPv6.
For the LAN I've used Static IPv4 addressing (which also works here), and used track interface for ipv6 and set my WAN as the tracked interface."See the original post.
This didn't result with success. -
@bbusa Set the DHCP client debugging on on WAN.
Look at the DHCP logs filtering on command dhcp6c
If they are actually putting an interface address on your WAN (link-local or not) and delegating a /64 you should be able to get one interface working.
If they are putting a /64 on WAN and that's it, they are stupid and you'll need to do something else.
-
@bbusa said in Native IPv6 from Telekom using GPON and PPPoe:
@JKnott you mentioned that if they are using DHCPv6-PD then it will work with /64 or larger prefix. Could you please share what kind of configuration would I need to have in order to get it working?
As I mentioned, ISPs often use DHCPv6-PD to assign IPv6. The "PD" part is what provides the subnet. You have to configure the WAN interface to use DHCPv6 and then There's also a setting on the LAN tab to select track interface and with a /64, you'd have to specify your prefix as 0. There's a bit more than that, but this should get you started, if your ISP supports DHCPv6-PD.
-
Telekom uses / 56 prefixes in the retail package, usually not using other constructions in the business package.
I asked my Telekom close acquaintances what they know about the prefixes used in the business package. Maybe on Monday, I will receive an answer that will probably be the same as the packages in the residential package.
With /56 prefixes, you can formed 256 /64 subnets, 256 interfaces can be addressed.