IPv6 in Norway without DHCPv6 PD on WAN upstream



  • Dear all, im stuck, but I seem to have a configuration upstream that does not match the common "easy" way.

    I have a test lab, where I will connect routers to the LAN side of pfSense for testing. These routers will do DHCPv6 towards pfsence and get a PD from pfsense. It is important that pfSense supports the testing of the endless IPv6 mess we have today.

    However, my ISP provides a /56 subnet, all routed to the WAN interface. For example.

    Upstream router = 2001:8c90:ed12::1/64
    WAN interface of pfSense = 2001:8c90:ed12::2/64
    Prefix provided by the upstream operator, routed to me.
    2001:8c90:ed14::/56

    Now, since there is no DHCPv6 on the WAN side of pfSense, I configure IPv6 static.
    WAN address above, gateway above.

    On the lan side I configure one of the subnets from ed14 to LAN/64.
    I add DHCPv6 server config to deliver subnets via PD to the LAN side test routers.

    Everything is working as it should, except.

    A PC on the LAN test router, has an address based on the PD the test router got from pfSense.

    If you ping from the PC, it goes correctly through the test router, through pfSense and out to the world. BUT The reply comes into the WAN of pfSense and is dropped.

    Obviously this is because pfSense doesnt "own" this subnet, it thinks.

    The challenge is, how to tell pfSense this prefix is valid and routed.

    There seems to be no way to tell pfSense this when WAN is static ipv6.

    From what I read, if the operator supports DHCPv6 PD, pfsense will automagically fix everything.

    But from my understanding what I have is a very standard IPv6 setup that pfSense doesnt support (via GUI at least).

    But there seems to be little to no documentation online for "manual" shell based config to resolve this, if I could even realize where to start.

    Thank you for your energy.



  • Hmm, maybe adding a static route would solve this? If you go to System, Routes and Static routes.