IPv6 Gif /60 and VLAN



  • Hi everyone, yesterday I asked fastweb a /60 or /61 space for IPv6 so that I could add it to the vlan as a subnet mask /64.
    The spoiler shows the settings that they suggested to me for the gif a /64, but I would like to know how to correctly set up the tunnel a /60 or /61 and how to implement ipv6 in a vlan, even if I have already tried it, in fact I had set in the interface of the vlan the ipv6 on static putting 2001:b07:XX1:XX3::/64 and I had activated RA having the ipv6 on the devices but not the internet access.
    I think the interface and distribution part of ipv6 works, while probably the problem is the gif.
    The following configuration, to have ipv6 with the Fastweb ISP, worked for two years without problems, I say it because when I had asked for help here on the forum they had problems understanding my configuration.
    I have already written a topic in my native language but here I hope to have more support.
    Thanks for your help.

    1. set the WAN IPv6 configuration type to 'none' and save (so you will cancel your previous tunnel setting "6RD")
      2)set the IPv6 configuration type of the LAN to "static IPv6" and enter your first IPv6 subnet address, ie 2001: b07: XX1: XX2 :: 1 (so you will pass from the previous automatic "TRACK" to a manual configuration but corrected IPv6) and save

    3)define the "6in4" tunnel by configuring the network port in interfaces-assignment-GIFs as follows:

    GIF parent interface WAN
    GIF remote address 81.208.50.214
    GIF tunnel local address 2001: b07: XX1: XX2 ::
    GIF tunnel remote address 2001: b07: 51d0: 32d6 ::
    GIF tunnel subnet 64

    4)then associate a new interface to the newly created GIF port (if you want you can call it "FASTWEB"), then set the new interface leaving both the IPv4 and IPv6 configuration on "none" but setting MTU to 1480

    5)check that you have created the corresponding gateway (from system-routing), which you can set as default for the IPv6 address family

    6)create a firewall rule (Firewall-Rules) to enable IPv6 traffic on the interface you just created (on the WAN you don't need to create a rule for IPv6 as the tunnel traffic will pass from the new one) and obviously already creates a rule to enable IPv6 on the LAN)

    7)At this point from the diagnosis menu (diagnostic-ping or diagnostic-traceroute) you should be able to reach an IPv6 address (e.g. ipv6.google.com) from your pfSense box.

    8)try to set Router Mode in unmanaged mode and check

    Sorry for the double post, but in the previous one it cannot be answered.


Log in to reply