IPv6 issues behind router

  • Hi guys,

    I'm having trouble with setting my IPv6 up correctly. Maybe my situation is unsolvable, at least it's not ideal and I know that:

    • I'm getting one /64 subnet by my provider only,
    • pfSense is behind a router, which I can not set to bridged mode (currently).

    So I set up pfSense WAN to DHCP on both IPv4 and IPv6 and LAN to track the IPv6 WAN. IPv4 uses a different subnet and it works as expected. I set up the DHCPv6 relay, so I would expect that I get a valid IPv6 address from my router, which is unfortunately not the case. Neither can I set up the IPv6 manually on devices that are connected to pfSense, at least I'm not able to ping anything outside ::1. When I connect a device to the router, it gets an IPv6 address and everything is working fine.

    I have to admit I'm a total noob in this area, and I have been working on this 6 or 7 hours straight, also reading up on IPv6 without understand it completely (otherwise I guess I would be able to solve my problem or know that it's impossible to solve). Please see the screenshots attached. Any help would be gladly appreciated and of course I would provide more details if necessary, however I have no idea where to go next, so I don't know which information I should provide in addition to this. 😕

    Thanks for any help!

    2.png 1.png 3.png 5.png

  • If you can't put the modem in bridge mode, it will be in gateway mode. This means it expects the computers etc., to be connected to it. It will also block DHCPv6-PD from reaching pfSense, which it needs to provide a prefix to the local network. About all you can do is set up pfSense to act as a pass through firewall, instead of a router.

  • Thank you for your answer. I implemented this yesterday and it works for now. Due to some stupid restrictions of my ISP, I can activate the bridged mode in my modem in a week, which I'll probably do at that point, because I'm still not happy with this situation / transparent bridge (I think this is what you meant?) due to various reasons. I will then lose IPv6 altogether (again, ISP...), which is currently important to me personally only because I have no individual IPv4 address (DSlite) - also due to ISP reasons.

    As you can see there's more than enough reason to ditch my ISP altogether later this year. But as I said, for now this at least works with compromises so thank you for the clarifications, I think I'm currently gaining a little more understanding on IPv6.

  • If you will have bridge/transparent mode, then you will be able to use pfSense as intended, with DHCPv6-PD and assigning a prefix behind it. What prefix will you get from the ISP? I get a /56, which provides 256 /64s.

  • I know I would, but as I said (or tried to), as soon as I set my current router / modem to bridge mode, it involves (due to my ISP's restrictions), that I don't get IPv6 anymore at all. And currently I get a /64 only (see original post), which proves (additionally) that my ISP offers IPv6 only because they don't have enough IPv4 addresses.

    When I set my router / modem to bridge mode (acting as a modem only), I then get an individual IPv4 address (which I currently do not have, hence DSlite I think it's called) and my ISP seems to think "oh well, no IPv6 necessary anymore". Which is at least in my case in some way true, because currently I need IPv6 only to make stuff like my Plex server, my cloud etc. accessible on the internet - which obviously wouldn't be possible as long as my server is not reachable by IPv4. Some german website said this DSlite thingy is more or less a german thing only, so I'm not sure you're aware of this problem at all, but I hope this post clarifies my situation better.

Log in to reply