Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Best way to confirm ipv6 setup?

    IPv6
    3
    4
    502
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tyn last edited by tyn

      Hi,
      I'm definitely feeling out of my depth with ipv6 and I could use some help from the lovely people here. I followed some guidance on setting up ipv6 for the Australian ISP, Internode. They are meant to give a static /56 prefix and they say what it is on my account page on their website. I must be doing something wrong because I don't see an address on my LAN interface.

      Other than looking at the pfsense status/interfaces page is there any other ways to determine what my ISP is giving pfsense and how pfsense is configuring itself?

      Also, is there a way to test ipv6 connectivity from pfsense itself; perhaps using the command prompt?

      Thanks in advance

      edit: I found a couple simple public ipv6 addresses that can be used in the Diagnostics/Ping and Traceroute pages:

      • (OpenDNS) 2620:0:ccd::2 and 2620:0:ccc::2
      • (Google) 2001:4860:4860::8888 and 2001:4860:4860::8844
      JKnott 1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        If it is actually static you must statically-assign a /64 subnet to each inside interface and enable at least Unassisted router advertisements on those interfaces. You also need to be sure you are passing IPv6 traffic on the firewall rules.

        If they are routing 2001:4860:4860:ab00::/56 to you then that gives you:

        2001:4860:4860:ab00::/64
        2001:4860:4860:ab01::/64
        2001:4860:4860:ab02::/64
        ...
        2001:4860:4860:abfd::/64
        2001:4860:4860:abfe::/64
        2001:4860:4860:abff::/64

        to use on inside interfaces. All 256 /64 prefixes from 00 - ff.

        If it is not actually static but is assigned as a Prefix Delegation using DHCP6 then you configure it differently.

        https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv6-wan-types.html

        You can use most of the same tools but some of them require a different command (ping6 vs ping) or a command-line flag. Many use -6.

        You can always use Diagnostics > Ping and select IPv6.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • JKnott
          JKnott @tyn last edited by

          @tyn said in Best way to confirm ipv6 setup?:

          They are meant to give a static /56 prefix

          ISPs generally use DHCPv6-PD for subscribers. DHCPv6 provides an address for the router and the PD, the prefix(es) for the local network. While DNS servers may also be provided, you can use whatever you want, as with IPv4.

          BTW, the address assigned to the router is often not used for routing. Routing on IPv6 is often done over the link local address.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 1
          • T
            tyn last edited by

            Thanks for the help @Derelict and @JKnott. I now have my WAN and LAN interfaces looking like they are working as they should. I can also successfully ping and traceroute to the public ipv6 address I found.

            For others who may have similar problems I found this post useful to understand a little more about how track interface works.

            My next hurdle is to get prefix delegation working from the pfsense that connects to the internet to the pfsense that does internal routing and services. I'm having some trouble with that but I'll create a new post for it since it's outside of this topic.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post