Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Verizon Fios and IPV6, Which Settings Work?

    Scheduled Pinned Locked Moved IPv6
    142 Posts 26 Posters 88.2k Views 25 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MikeV7896M Offline
      MikeV7896 @mkomar
      last edited by

      @mkomar Hard to say. As far as their "standard" GPON service area (which I believe should be nearly all of their footprint), they should have IPv6 rolled out completely. I've heard of no new areas from other users... Verizon doesn't share info on where IPv6 is available or not. But since it's been almost a year since they started rolling it out, I think they should be done by now.

      I've seen some posts from people in NYC that have been upgraded to NG-PON2 (for multi-gig) that don't seem to be able to get IPv6 working... so it's possible that Verizon hasn't enabled it on that infrastructure yet. But I'm pretty sure that in most other areas where Fios is available, IPv6 should be working.

      There have been some issues that seem to have arisen lately regarding IPv6 on pfSense, especially pfSense Plus 23.01, but I'm running it right now and don't seem to have any IPv6 issues... so not sure if related or not.

      The S in IOT stands for Security

      M 1 Reply Last reply Reply Quote 0
      • M Offline
        mkomar @MikeV7896
        last edited by

        @mikev7896 I apprecaite it. I appear to be getting an an assignment, but ping6 is reporting:

        ping6: UDP connect: No route to host

        kohenkatzK 1 Reply Last reply Reply Quote 0
        • kohenkatzK Offline
          kohenkatz @mkomar
          last edited by

          @mkomar I think my brother had the same thing last week - he got IPv6 addresses, but no routing. My parents had it happen a few months ago too. (Both are in Montgomery County, MD. I'm a few miles north of them in a different CO area, and it's been working for me for many months, so I'm guessing some of the CO's don't have routing set up properly.)

          M 1 Reply Last reply Reply Quote 0
          • M Offline
            mkomar @kohenkatz
            last edited by

            @kohenkatz sounds good. I'm in Culpeper, VA.

            1 Reply Last reply Reply Quote 0
            • J Offline
              jmpalacios
              last edited by

              Hi everyone,

              Just adding my 2 cents to this discussion to report that I was able to get IPv6 working with Verizon FIOS out of New York City today (Manhattan, Battery Park City). The settings I used were pretty much the ones that have already been discussed here at length, but it took quite a bit of toiling, turning them off and back on a few times, and even a reboot at one point, before my test VLAN's DHCP6 server started successfully assigning v6 IPs to its clients.

              And, even after that, my clients were still unable to route any traffic on that VLAN, they were essentially cut off. So at first I made sure the DNS resolver was properly listening on the VLAN's interface, that no firewall rules were blocking traffic, and finally the change that tipped the balance was setting router mode to Assisted in Router Advertisements.

              I think the only other thing I did, that probably deviates from the general guidance here, is setting the DHCP6 DUID to "DUID-LL: Based on Link-layer Address" in System -> Advanced -> Networking -> IPv6 Options, using my WAN's MAC address (with my WAN interface being the one connected directly to the FIOS ONT).

              Hope that helps people here still struggling with FIOS and IPv6!

              PS: Needless to say, I'm all ears if anyone here more knowledgable on IPv6 than me (just about anyone) has some strong advice against how I set up my connection, thanks!

              T 1 Reply Last reply Reply Quote 0
              • J Offline
                jmpalacios
                last edited by

                A little extra info I learned today when tweaking my IPv6 settings that might be of interest to this forum.

                When trying to get IPv6 working on my LAN interface, I made the cardinal sin of disabling it in an attempt to avoid rebooting the router for the config to take, and of course locked myself out of the GUI. That forced me to reassign interfaces on the console to regain access, which in turn caused me to spend the entire day restoring my configuration to a working state (interface assignments, VLANs, firewall rules, etc.).

                That, of course, broke my fledgling IPv6 setup completely, and at some point attempting to restore it (and after checking everything else was configured as expected, e.g. interface assignments, firewall rules, DCHP6 settings, DNS Forwarder, etc.) I enabled the "Advanced Configuration" option for the DHCP6 client on my WAN interface, to make sure the correct Prefix Interface was selected, but without configuring any other advanced option. Well, until I disabled that (and without changing anything else), none of my LAN clients were getting any IPv6 assignments, and I was back almost to square 1; but when I did disable it, in desperation, all my LAN clients immediately got their IPv6 addresses!

                Hope that helps at least some desperate, IPv6 neophytes souls such as myself!

                1 Reply Last reply Reply Quote 0
                • T Offline
                  tman222 @jmpalacios
                  last edited by tman222

                  @jmpalacios said in Verizon Fios and IPV6, Which Settings Work?:

                  I think the only other thing I did, that probably deviates from the general guidance here, is setting the DHCP6 DUID to "DUID-LL: Based on Link-layer Address" in System -> Advanced -> Networking -> IPv6 Options, using my WAN's MAC address (with my WAN interface being the one connected directly to the FIOS ONT).

                  I agree, I've had to set this as well, although I think I used DUID-LLT instead. In fact I've found that the DUID needs to be updated for IPv6 every time the WAN interface MAC address changes (for instance by changing the WAN interface to a different network port on the firewall), otherwise no new IPv6 prefix would be assigned.

                  J 1 Reply Last reply Reply Quote 0
                  • J Offline
                    jmpalacios @tman222
                    last edited by

                    @tman222 Well, if I'm not mistaken, the intention is precisely for the prefix to change as little as possible, hence my use of a fixed identifier.

                    Or am I misunderstanding the purpose of DUID, and/or the way it should be used?

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ Offline
                      JKnott @jmpalacios
                      last edited by

                      @jmpalacios said in Verizon Fios and IPV6, Which Settings Work?:

                      Well, if I'm not mistaken, the intention is precisely for the prefix to change as little as possible, hence my use of a fixed identifier

                      That's my understanding too.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      J 1 Reply Last reply Reply Quote 0
                      • J Offline
                        jmpalacios @JKnott
                        last edited by

                        @JKnott Well, in that case, using a time-based component would cause it to change every time it's renewed. I can of course see several cases in which that would be desirable, but my use-case is not one of those, hence leaving out the time-based component from the DUID.

                        1 Reply Last reply Reply Quote 0
                        • D Offline
                          daryl425
                          last edited by

                          Just wanted to shout out to all those on this thread. I have IPv6 working over FiOS in NYC now with my pfsense CE 2.6.0 setup. Now to migrate my rules to v6.

                          1 Reply Last reply Reply Quote 0
                          • T Offline
                            tman222
                            last edited by

                            I recently upgraded to Verizon Fios 2Gbit service and it looks like I lost IPv6 capability in the process. The settings described in this thread had been working fine on the prior 1Gbit service, but with the new service I'm unable to get a IPv6 prefix delegated to me (using the same settings). Enabling debug mode on dhcpv6 I see the solicit (RS) going out, but unfortunately no advertisements (RA) follow. Does anyone with the 2Gbit Fios service have IPv6 working for them? The service is still relatively new so perhaps that capability (IPv6) is not yet enabled and will be made available later on. Thanks in advance.

                            luckman212L 1 Reply Last reply Reply Quote 1
                            • N Offline
                              Nuher @MikeV7896
                              last edited by

                              @MikeV7896 Just want to say thank you,followed your settings and it works.

                              1 Reply Last reply Reply Quote 0
                              • M madbrain referenced this topic on
                              • Y Offline
                                y2raza
                                last edited by

                                Hello Mike, 2025 I used your posted settings and cannot have ipv6 work on WAN and one single WIFIVLAN. Do you happen to have any update(s) on this topic?

                                1 Reply Last reply Reply Quote 0
                                • luckman212L Offline
                                  luckman212 LAYER 8 @tman222
                                  last edited by

                                  @tman222 Hello from 2025. I just upgraded my FIOS to 2GB from a 1GB circuit where DHCP6 + PD /56 was working fine. Now zero RAs given here too. Searching around here and on Reddit I can't find anyone reporting a working 2G + v6 setup either. So I guess it's back to a tunnel broker for the rest of the year...

                                  B T 2 Replies Last reply Reply Quote 2
                                  • B Offline
                                    betapc @luckman212
                                    last edited by

                                    @luckman212 Hi, I’m having the same issue. Which tunnel are you using? The one I tried was limiting my speed to about 200–400 Mbps, and it feels a bit pointless to have a 2 Gbps connection if the tunnel only gives me a fraction of that. Since majority of the traffic will prefer IPv6 pathway. Thanks.

                                    luckman212L 1 Reply Last reply Reply Quote 0
                                    • luckman212L Offline
                                      luckman212 LAYER 8 @betapc
                                      last edited by luckman212

                                      @betapc I haven't set up the tunnel yet, because I ran out of time yesterday. but I'm going to try these 3:

                                      • ROUTE64
                                      • BGPTunnel.com
                                      • Hurricane Electric

                                      I'll let you know about the results.

                                      I had the same problem years ago (with macOS mostly) where clients were preferring the IPv6 route, so I wrote a Python module for Unbound to strip away AAAA records from DNS responses. This forces IPv4-only but still allows V6 traffic when I specifically target an IPv6 host by address. The script also has an allowlist (config file) of domains to pass AAAA records thru for, since I have some IPv6-only services I deal with.

                                      So far so good on all that. But it's only been 2 days.

                                      1 Reply Last reply Reply Quote 2
                                      • T Offline
                                        tman222 @luckman212
                                        last edited by

                                        @luckman212 said in Verizon Fios and IPV6, Which Settings Work?:

                                        @tman222 Hello from 2025. I just upgraded my FIOS to 2GB from a 1GB circuit where DHCP6 + PD /56 was working fine. Now zero RAs given here too. Searching around here and on Reddit I can't find anyone reporting a working 2G + v6 setup either. So I guess it's back to a tunnel broker for the rest of the year...

                                        Hi @luckman212 - thanks for testing and confirming that unfortunately IPv6 still doesn't work yet on the Fios 2Gbit service. I tried getting it work way back in 2023 without success, and was about to try again to see if works now (2 years later), but your report saved me the time. Hopefully it will be implemented before too long. Thanks again.

                                        1 Reply Last reply Reply Quote 0
                                        • N Offline
                                          NickBaileyMA
                                          last edited by NickBaileyMA

                                          The original settings in this thread worked fine for me a few years ago when Verizon began rolling this out. Then they seemed to roll everything back in late 2023 and I went the whole of 2024 with no ipv6. I noticed this summer that I was seeing ipv6 addresses again and when looking into it, they appeared to have enabled it all again in Jan. of this year. But by the time I noticed over the summer, I had upgraded to the latest pfsense version and also switch over to KeaDHCP server.

                                          I tried using it for an online game and was noticing that I was getting dropouts for 15 minutes about every hour, so I just went back to using ipv4. This weekend I started looking at it more closely and found that every 1 hour 15 minutes, I would lose the ability to use ipv6. These are the entries I would see in my logs. The period from 9:52-10:04, I would have no ipv6 connectivity. IPv4 would renew the leases fine and connectivity there was unaffected.

                                          Oct 12 10:04:40	dhcp6c	55217	dhcp6c Received INFO
                                          Oct 12 10:04:39	dhcp6c	55217	Sending Renew
                                          Oct 12 10:04:36	dhclient	40170	bound to <redacted ip> -- renewal in 3600 seconds.
                                          Oct 12 10:04:36	dhclient	18404	Creating resolv.conf
                                          Oct 12 10:04:36	dhclient	17251	RENEW
                                          Oct 12 10:04:36	dhclient	40170	DHCPACK from <redacted ip>
                                          Oct 12 10:04:36	dhclient	40170	DHCPREQUEST on igb0 to <redacted ip> port 67
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd017400] ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: Failed to allocate an IPv6 address for client with classes: ALL, pool_lan_0, UNKNOWN
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd017400] ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: no pools were available for the lease allocation
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd017400] ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: failed to allocate an IPv6 lease in the subnet <redacted ip>::/64, subnet-id 1, shared network (none)
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd016d00] ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: Failed to allocate an IPv6 address for client with classes: ALL, pool_lan_0, UNKNOWN
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd016d00] ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: no pools were available for the lease allocation
                                          Oct 12 09:52:27	kea-dhcp6	21138	WARN [kea-dhcp6.alloc-engine.0x1c3afd016d00] ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[<redacted>], [no hwaddr info], tid=0x6b0e2c: failed to allocate an IPv6 lease in the subnet <redacted ip>::/64, subnet-id 1, shared network (none)
                                          

                                          After fooling around with various settings and searching online, I came to the conclusion that pfsense's implementation of KeaDHCP did not appear to handle renewals of the prefix delegation. I don't know if that is the right conclusion, but the config that was being generated looked to have hard coded subnet ranges and never used Kea's pd-pools config block.

                                          Ultimately, all I did to "fix" this was to disable the KeaDHCP service on my LAN interface and change the Router Advertisment-->Router Mode from Managed to Assisted and let my clients sort ipv6 themselves instead of having the router do DHCP. I could set it to Stateless but if someone can tell me what I was doing wrong I'll try and set up DHCP6 again.

                                          As I could not find others online having this problem, I assume I did not have the DHCP server configured correctly, but at least for my use case, I don't actually need DHCP6.

                                          beb9b838-c78b-496e-813b-653f044d6232-image.png

                                          Since making that change, my ipv6 dropouts ceased. Also, an unexpected 1.5-2ms reduction in ping time to the target I was using.

                                          42176401-a3c8-4d22-b829-a9b5c0b4516a-image.png

                                          Hopefully this helps others who might end up in a similar boat. This and the now lost thread on dslreports.com were tremendous resources for getting this working originally.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.