IPv6 on SoCal Spectrum



  • I upgraded my spectrum internet to Gigabit today. The tech said I need IPv6 to get the most out of the connection so i've finally gone through the trouble of setting up IPv6 on my pfsense box. I'm running 2.4.4 on a Atom C3758 w/ 16GB RAM.

    All of my internal LANs are now set up correctly and give out IPv6 addresses internally. The problem I have is I can't get an outbound IPv6 address from Spectrum. I've tried using DHCP6 and SLAAC with a variety of configurations but nothing seems to obtain an address. If I plug in my Windows 10 laptop directly to the modem I can get an IPv6 address without issue. What am I doing wrong?

    Attached are the settings I'm currently using for DHCP6.

    53175aca-c4a1-46bf-b351-7fe2809296a1-image.png



  • @caskater4

    Show your LAN page. There are some relevant settings there too. Also, I see you've selected a prefix size of 64. This means you'll only have a single /64 prefix available. Many ISPs provide a /56, for 256 /64s. Others may provide a /48 or /60. What does yours provide?



  • Here's the top of that page.
    8a38aa56-164a-4336-a674-726d68a6d56f-image.png

    And this is my internal LAN page.
    793b991a-0f4f-4225-9667-e1ddd5bf1380-image.png

    I called Spectrum support to ask about the prefix. They were worthless, even after being escalated they had no idea what I was talking about and would just say "It should be automatic. We don't have any guidance for that." I'll try out some of those other values you mentioned.



  • Is there a way to determine the prefix and any other relevant settings when connecting my laptop?



  • @caskater4

    On the LAN page, change IPv6 configuration to track interface and further down enter WAN for IPv6 interface. I am assuming they provide IPv6 via DHCPv6-PD.



  • @caskater4 said in IPv6 on SoCal Spectrum:

    Is there a way to determine the prefix and any other relevant settings when connecting my laptop?

    On the LAN page, there's a box for prefix ID. Try different sizes. It might say the allowable range in the text below that box.



  • @JKnott said in IPv6 on SoCal Spectrum:

    @caskater4

    On the LAN page, change IPv6 configuration to track interface and further down enter WAN for IPv6 interface. I am assuming they provide IPv6 via DHCPv6-PD.

    When selecting Track Interface, the IPv6 Interface drop down is empty and won't allow me to select WAN for some reason.

    0f1c3dbf-6027-4739-98ad-4778101ea07f-image.png



  • @caskater4

    LAN interface. Your looking at WAN.



  • Okay that sort of seems to work. WAN is now on DHCP6 (64prefix) and LAN set to Track Interface. I now have an IPv6 address on the WAN and LAN interfaces as well as my internal machines.

    fb991c60-f6e1-423d-b294-61b493a4d271-image.png

    e6aef03a-0fba-4113-abc0-0be15c9e9ae0-image.png

    Also, when I run test-ipv6.com I get failures still.

    47c20b16-fd14-497f-a091-c8168d13d0c2-image.png

    Also, if i'm running through Track Interface, isn't that assigning public IPs to all my internal machines? Does that not expose my devices directly to the Internet?



  • @caskater4 said in IPv6 on SoCal Spectrum:

    Also, if i'm running through Track Interface, isn't that assigning public IPs to all my internal machines? Does that not expose my devices directly to the Internet?

    Yep, you should have 18.4 billion, billion addresses available, which makes it a tad difficult for attackers to find you. Also, that's why you're running a firewall. It will block unauthorized access. As for not getting to the Internet, I'd look at routing issues. You can use Packet Capture to see what's happening, though you'd probably want to download the captures and use Wireshark to analyze them.

    Also, you can try different prefix delegation sizes to see what you can get.



  • @JKnott Okay new problem. IPv6 works great but now IPv4 is broken somehow.

    7fa12d19-fb8c-4c7c-b558-1f8c2f8adb8f-image.png

    I can verify that I can ping/tracert external IPv6 addresses no problem. I can ping/tracert local IPv4 addresses but any external addresses fail to make contact.

    39d060dd-872d-453c-acf2-833ca7364e43-image.png

    Am I going to have to make IPv4 traffic track interface as well? Can I not have a IPv4 NAT and public IPv6 setup? Surely this is common.

    Here are my LAN firewall rules. The last two are for opening traffic to the outside world and look correct to me.

    c7a5231a-4942-4c3d-87c6-76a7f1d13ec5-image.png

    And my outbound NAT rules
    2b70ed5b-956c-4b6d-9c7f-7221e032b7be-image.png



  • The router can reach IPv4 external addresses no problem.
    65e4951b-5976-4bdd-8725-954135c6745f-image.png



  • Alright I figured it out. I had some bad rules defined in the WAN interface firewall. Everything is resolved now. Thanks for all your help!



  • @caskater4

    Were you able to determine what your available prefix size is?

    Also, on the WAN page, there's a setting "Do not allow PD/Address release". Make sure that's checked.



  • I don't see anything that would tell me the prefix size. The subnet mask on the router is 128.

    I have a new problem unfortunately. I use AdvancedTomato on a Asus R7000 for WiFi. This is hooked up to the pfsense box and offers multiple SSID bridging to different VLANs.

    The problem I am seeing now is that any device connected over WiFi cannot access the internet. None have an IPv6 address but have an IPv4 address. For some reason these devices are also getting an IPv6 DNS server. I assume they are unable to access the Internet because they are trying to use the IPv6 DNS address and can't because they don't have an IPv6 address itself.

    I've tried enabling IPv6 support on the Tomato box but it doesn't seem to work. Do any of you have a similar setup with IPv6 working on WiFi?



  • Correction, this appears to only affect IPv6 capable devices. Any device using WiFi that can only do IPv4 works fine without issue.



  • @caskater4 said in IPv6 on SoCal Spectrum:

    I don't see anything that would tell me the prefix size. The subnet mask on the router is 128.

    As I mentioned earlier, if you look at the text below the prefix ID box on the LAN page, it may say. For example, mine says the available range is 0-ff, which is correct for my /56.

    The /128 means that address is only to identify the WAN interface. It is not used for routing and has nothing to do with the prefix size.

    BTW, custom on IPv6 is to call that a prefix, not subnet mask. Same function, different name.



  • @caskater4 said in IPv6 on SoCal Spectrum:

    I use AdvancedTomato on a Asus R7000 for WiFi.

    Are you using that as a router or AP? If router, then it would have to be able to be configured for IPv6. If just as an AP, it would be transparent and any devices connected to it should behave as if directly on the LAN.



  • It's setup as an AP, not a router.

    The text below Prefix ID reads: "(hexadecimal from 0 to 0) The value in this field is the (Delegated) IPv6 prefix ID. This determines the configurable network ID based on the dynamic IPv6 connection. The default value is 0."

    I also tried adding my guest network as a track interface with Prefix set to 1 and it wouldn't let me.



  • So I enabled IPv6 DHCP6-PD on the Tomato AP and now most of my devices are getting IPv6 addresses. My laptops, tablets, TVs and alexa's are all connected now. However, for some reason our phones (Pixel 2XL and iPhone) are not getting internet access. They still don't show an IPv6 address. This is rather odd. I've tried restarting the phone and deleting the WiFi profile but nothing seems to fix it.



  • @caskater4 said in IPv6 on SoCal Spectrum:

    So I enabled IPv6 DHCP6-PD on the Tomato AP

    So, you were using it as a router. If it were just an AP, you wouldn't be able to do that. Also, where are you getting that DHCPv6-PD from? You certainly wouldn't get it from pfSense. Is that Tomato AP connected directly to the ISP?



  • No the Tomato is connected directly to pfsense on a port thats setup for VLAN trunking. The IPv4 DHCP server is disabled on it. In the basic settings theres a section on IPv6. It seems as though its a general IPv6 support, not enabling the DHCP server on the Tomato itself.



  • Charter will allow you a /56 if you select that on the "DHCPv6 Prefix Delegation size" config on the WAN interface. Then as stated you can use a 0-ff for the prefix ID on your internal interfaces to assign a /64 to that network.


Log in to reply