Best way to confirm ipv6 setup?

tyn

Hi,
I'm definitely feeling out of my depth with ipv6 and I could use some help from the lovely people here. I followed some guidance on setting up ipv6 for the Australian ISP, Internode. They are meant to give a static /56 prefix and they say what it is on my account page on their website. I must be doing something wrong because I don't see an address on my LAN interface.

Other than looking at the pfsense status/interfaces page is there any other ways to determine what my ISP is giving pfsense and how pfsense is configuring itself?

Also, is there a way to test ipv6 connectivity from pfsense itself; perhaps using the command prompt?

Thanks in advance

edit: I found a couple simple public ipv6 addresses that can be used in the Diagnostics/Ping and Traceroute pages:

• (OpenDNS) 2620:0:ccd::2 and 2620:0:ccc::2
• (Google) 2001:4860:4860::8888 and 2001:4860:4860::8844

Derelict

If it is actually static you must statically-assign a /64 subnet to each inside interface and enable at least Unassisted router advertisements on those interfaces. You also need to be sure you are passing IPv6 traffic on the firewall rules.

If they are routing 2001:4860:4860:ab00::/56 to you then that gives you:

2001:4860:4860:ab00::/64
2001:4860:4860:ab01::/64
2001:4860:4860:ab02::/64
...
2001:4860:4860:abfd::/64
2001:4860:4860:abfe::/64
2001:4860:4860:abff::/64

to use on inside interfaces. All 256 /64 prefixes from 00 - ff.

If it is not actually static but is assigned as a Prefix Delegation using DHCP6 then you configure it differently.

https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv6-wan-types.html

You can use most of the same tools but some of them require a different command (ping6 vs ping) or a command-line flag. Many use -6.

You can always use Diagnostics > Ping and select IPv6.

JKnott

@tyn said in Best way to confirm ipv6 setup?:

They are meant to give a static /56 prefix

ISPs generally use DHCPv6-PD for subscribers. DHCPv6 provides an address for the router and the PD, the prefix(es) for the local network. While DNS servers may also be provided, you can use whatever you want, as with IPv4.

BTW, the address assigned to the router is often not used for routing. Routing on IPv6 is often done over the link local address.

tyn

Thanks for the help @Derelict and @JKnott. I now have my WAN and LAN interfaces looking like they are working as they should. I can also successfully ping and traceroute to the public ipv6 address I found.

For others who may have similar problems I found this post useful to understand a little more about how track interface works.

My next hurdle is to get prefix delegation working from the pfsense that connects to the internet to the pfsense that does internal routing and services. I'm having some trouble with that but I'll create a new post for it since it's outside of this topic.