Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Verizon Fios and IPV6, Which Settings Work?

    Scheduled Pinned Locked Moved IPv6
    142 Posts 26 Posters 88.2k Views 25 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SirSilentBob
      last edited by

      May 2022 - Hampton Roads, Virginia has IPv6 connectivity with Verizon FIOS!

      (I am not sure how long ago this became available, but I started messing with it after midnight on May 7th and by 1am had it working. I guess not TOO bad for my first time having native IPv6 and not a tunnel.)

      I wanted to thank @MikeV7896 for the info summary, as well as others who contributed info to use for configuring pfSense to work with FIOS and get IPv6 connectivity. A friend of mine in the neighborhood is also in the process of configuring his freebsd firewall/router to get going on IPv6.

      Just wondering, what additional firewall options (if any) are any of you using, who have IPv6 on Verizon FIOS? All I currently have is the "Default allow LAN IPv6 to any" rule.

      92f8d9e4-0b77-4540-a5ca-b4669d38f698-image.png

      I have not set up any of the stuff to let ICMP through to IPv6 hosts or anything like that. I have seen that supposedly you can have issues if you don't allow those, but so far I have not had any problems.

      MikeV7896M jeremy.duncanJ 2 Replies Last reply Reply Quote 0
      • MikeV7896M Offline
        MikeV7896 @SirSilentBob
        last edited by

        @sirsilentbob said in Verizon Fios and IPV6, Which Settings Work?:

        May 2022 - Hampton Roads, Virginia has IPv6 connectivity with Verizon FIOS!

        (I am not sure how long ago this became available, but I started messing with it after midnight on May 7th and by 1am had it working. I guess not TOO bad for my first time having native IPv6 and not a tunnel.)

        I wanted to thank @MikeV7896 for the info summary, as well as others who contributed info to use for configuring pfSense to work with FIOS and get IPv6 connectivity. A friend of mine in the neighborhood is also in the process of configuring his freebsd firewall/router to get going on IPv6.

        Just wondering, what additional firewall options (if any) are any of you using, who have IPv6 on Verizon FIOS? All I currently have is the "Default allow LAN IPv6 to any" rule.

        92f8d9e4-0b77-4540-a5ca-b4669d38f698-image.png

        I have not set up any of the stuff to let ICMP through to IPv6 hosts or anything like that. I have seen that supposedly you can have issues if you don't allow those, but so far I have not had any problems.

        I believe pfSense allows through the ICMP traffic that needs to be allowed through behind the scenes. It is very specific packet types, so not everything is allowed.

        I actually use a single rule to allow both IPv4 and v6, rather than two separate rules. Nothing else special though.

        Glad to hear another user in SE VA has it now... over on DSLR, there had been one report from Yorktown, but that was it. If you want to have your location added to the list I'm keeping, post over there with the info I ask for in my posts on page 48 of the thread. 🙂 Anonymous posting is allowed there if you don't want to register.

        The S in IOT stands for Security

        S 1 Reply Last reply Reply Quote 0
        • jeremy.duncanJ Offline
          jeremy.duncan @SirSilentBob
          last edited by

          @sirsilentbob can you share your WAN configuration? that allows for this? I have a deployment in Chesapeake and have DHCPv6-PD configured for a /56 prefix but I am not seeing anything.

          MikeV7896M S 2 Replies Last reply Reply Quote 0
          • MikeV7896M Offline
            MikeV7896 @jeremy.duncan
            last edited by

            @jeremy-duncan it should be noted that Verizon’s rollout of IPv6 is very limited at this point. They’ve only recently expanded it in parts of Maryland and Virginia, and the rollout is on a CO-by-CO basis. They seemed to pick a few CO’s around Baltimore and a couple in Newport News/Hampton area as their current wave. I think it’s a test of expansion, and we’ll see further ramping up of things in coming weeks. The current expansion happened about two weeks ago now, and there didn’t seem to be anything new last week so they may be just looking at things to make sure everything’s working properly before moving forward again.

            The S in IOT stands for Security

            1 Reply Last reply Reply Quote 1
            • S Offline
              SirSilentBob @MikeV7896
              last edited by

              @mikev7896 I will try to remember to do that soon!

              1 Reply Last reply Reply Quote 0
              • S Offline
                SirSilentBob @jeremy.duncan
                last edited by

                @jeremy-duncan Sure! Basically exactly what Mike shared, let me know if there is anything else more specific you need (photos). I am honestly not fully understanding why the WAN interface is getting an IPv6 "link local" address (FE80) but the actual address is showing on the LAN interface. I have had an interest in IPv6 for probably 10, 12-ish years, and it just looked so... intimidating that I didn't start looking into and messing with it till now. Still much to learn, I am sure.

                @MikeV7896 A weird thing I had happen since I got this working, I attempted to duplicate the IPv6 settings on additional LANs, not just my primary one, except of course under "Track IPv6 Interface" I put a different IPv6 prefix ID. My primary I used 0, on two more I used 1 and 2. Doing that, I appeared to get IPv6 IPs on those additional LAN segments, but I lost all IPv6 connectivity and everything fell back to IPv4. I saved my config files of course, and just rolled back to how it was with just one LAN configured for IPv6 and then IPv6 began working again. I would expect that there's plenty of IPv6 IPs to provide to other LAN segments, but something escapes me on that. I'm good with just the one LAN having IPv6, but I had hoped that I could allow my RIPE Atlas Probe (which is on an un-filtered network, it needs unrestricted internet access for the measurements it does) to get IPv6 access. Maybe some other time I can try to figure out why other lans kills all IPv6.

                f74300eb-dbfc-42d5-aa45-10a2bd0ecf6d-image.png

                c5571c70-6e3f-4b76-9b89-3932eea0a139-image.png

                635f1987-ce25-4496-a2ae-0887dc188844-image.png

                0afdfdfd-cef3-4d70-8b7a-b97dd53cdecf-image.png

                2042f01b-4f53-4ad2-8998-2d680406c1a8-image.png

                a5956818-aa9a-4966-9777-fee644f5f33b-image.png

                33ab485c-b424-4695-a472-cada22b712bf-image.png

                S 1 Reply Last reply Reply Quote 2
                • S Offline
                  SirSilentBob @SirSilentBob
                  last edited by

                  @MikeV7896 I've submitted as detailed info to you as I can over at DSLR. (I think it needed mod approval) I've done some searching on the subject of taking an isp /56 and being able to put a /64 on each LAN segment. There's tons of reddit posts on it, and like 1 or two here on the Netgate forums. Tracking interface to WAN on each LAN and changing the prefix ID does indeed seem to be the way to do it, but I am seeing posts from a lot of others who are having the same issue, where it just doesn't work, and no resolution. I DID notice that if I check Advanced Configuration that there is a prefix interface drop-down, and only a single LAN is selectable. Maybe only one LAN can get the prefix delegation? Idk, I'll dig into this more I guess.

                  6d9b3f5f-733c-4aaf-9a88-e88e072e3668-image.png

                  I don't think this is an issue that is specific to Verizon FIOS, as I see many others failing to take a isp /56 and cut it down to multiple /64's on multiple LANs. So, I'll just settle with moving my Atlas Probe that you noticed show up near City Center on the map off it's own LAN onto the one which is getting IPv6 without issues.

                  @jeremy-duncan Have you had success with your Chesapeake FIOS deployment, or is it still just a tiny bit out of reach of IPv6 for the moment?

                  MikeV7896M jeremy.duncanJ 2 Replies Last reply Reply Quote 0
                  • MikeV7896M Offline
                    MikeV7896 @SirSilentBob
                    last edited by

                    @sirsilentbob Just wanted to note that I've had no problem taking my /56 and dividing into multiple /64's... I have addresses from four different /64's in use on my pfSense box... my primary LAN, a "test" LAN for a WiFi mesh product I've been testing, an "ATLAS" network for just my probe, and a virtual IP for my WAN interface, and all are working without issue. I don't allow much communication between the networks, (primary LAN can get to everything else, but test and atlas can't get to anything but internet) but everything is working fine on all three, both IPv4 and IPv6.

                    I'll try and grab some screenshots of my settings over the weekend, but it sounds like your settings are right, so not sure why it would work on one but not others.

                    The S in IOT stands for Security

                    1 Reply Last reply Reply Quote 1
                    • jeremy.duncanJ Offline
                      jeremy.duncan @SirSilentBob
                      last edited by

                      @sirsilentbob i'm still waiting to see some IPv6 router advertisements or them to respond to my DHCPv6 solicits. Either way, my IPv6 is limited to a hurricane electric tunnel until then...

                      JKnottJ MikeV7896M 2 Replies Last reply Reply Quote 1
                      • JKnottJ Offline
                        JKnott @jeremy.duncan
                        last edited by

                        @jeremy-duncan

                        Router advertisements should happen frequently. Take a packet capture of the DHCPv6 sequence.

                        To do that:

                        Shutdown pfsense and unplug WAN cable.
                        Reboot pfsense and start Packet Capture, filtering on DHCPv6.
                        Reconnect WAN cable.
                        After a couple of minutes, download packet capture and examine with Wireshark.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        jeremy.duncanJ 2 Replies Last reply Reply Quote 0
                        • jeremy.duncanJ Offline
                          jeremy.duncan @JKnott
                          last edited by

                          @jknott way ahead of you i am doing a tcpdump on the external interface... bupkiss. just my DHCPv6 solicits

                          tcpdump -ni lagg0_vlan2 ip6
                          tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                          listening on lagg0_vlan2, link-type EN10MB (Ethernet), capture size 262144 bytes

                          16:11:02.856512 IP6 fe80::eef4:bbff:fed3:a3e8.546 > ff02::1:2.547: dhcp6 solicit
                          16:11:59.768654 IP6 fe80::eef4:bbff:fec1:d2e8.546 > ff02::1:2.547: dhcp6 solicit
                          16:13:14.636935 IP6 fe80::eef4:bbff:fed3:a3e8.546 > ff02::1:2.547: dhcp6 solicit
                          16:14:02.094810 IP6 fe80::eef4:bbff:fec1:d2e8.546 > ff02::1:2.547: dhcp6 solicit

                          JKnottJ 1 Reply Last reply Reply Quote 0
                          • jeremy.duncanJ Offline
                            jeremy.duncan @JKnott
                            last edited by

                            @jknott i also force router solicitations..

                            16:17:57.834172 IP6 fe80::eef4:bbff:fed3:a3e8 > ff02::2: ICMP6, router solicitation, length 16
                            16:18:01.846522 IP6 fe80::eef4:bbff:fed3:a3e8 > ff02::2: ICMP6, router solicitation, length 16
                            16:18:05.848481 IP6 fe80::eef4:bbff:fed3:a3e8 > ff02::2: ICMP6, router solicitation, length 16

                            1 Reply Last reply Reply Quote 0
                            • MikeV7896M Offline
                              MikeV7896 @jeremy.duncan
                              last edited by

                              @jeremy-duncan Guessing it's just not on in Chesapeake yet then... the only reports from other DSLR users have been Newport News and Yorktown so far... nothing from Norfolk/Chesapeake/VA Beach.

                              The S in IOT stands for Security

                              jeremy.duncanJ 1 Reply Last reply Reply Quote 0
                              • jeremy.duncanJ Offline
                                jeremy.duncan @MikeV7896
                                last edited by

                                @mikev7896 understood thanks

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  SirSilentBob
                                  last edited by

                                  @MikeV7896 Thank you! I'd greatly appreciate it. From what you are saying, it sounds like you are maybe using an on-board NIC for one of your connections and you have four LANs, maybe with a four-port NIC? I am using a 4-port intel gigabit card, and disabled my on-board NIC so I've just got 1 WAN and three LANs. But I'm looking to do a similar setup, a primary lan, a "spare/experimentation" lan and a Atlas Probe lan.

                                  @jeremy-duncan Sorry it isn't working yet for you. Maybe once Verizon finishes up with rolling it out in Newport News & Hampton then they'll migrate over to the southside and start deploying it there...

                                  MikeV7896M 1 Reply Last reply Reply Quote 0
                                  • MikeV7896M Offline
                                    MikeV7896 @SirSilentBob
                                    last edited by

                                    @sirsilentbob

                                    My pfSense box has a SuperMicro motherboard with five onboard NICs... one is OS-accessible but is also shared with the built-in out-of-band management firmware (which I don't use and have disabled in the BIOS), the other four are all dedicated Intel Gigabit NICs. One WAN, 3 LAN. Main LAN connects to a switch for everything else, LAN2 connects to the mesh router, and ATLAS connects directly to the device my Atlas probe is running on.

                                    Our WAN settings vary a little, but I don't think the variances are significant to where your LANs would be affected.

                                    pfsense-wan-ipv6.png

                                    LAN settings, well... there's not much there. I will admit that I'm not using prefix 0 though... LAN = 10, LAN2 = 20, ATLAS = 50...

                                    pfsense-lan-ipv6.png

                                    I did look at the advanced DHCP6 config on my WAN interface (since I didn't see any advanced options on my LANs) and I did see this...
                                    wan-advanced-dhcp6.png
                                    Though I don't have advanced configuration checked normally, and none of the other options in that section are enabled or filled out. WAN was selected by default.

                                    The S in IOT stands for Security

                                    S JKnottJ 2 Replies Last reply Reply Quote 0
                                    • S Offline
                                      SirSilentBob @MikeV7896
                                      last edited by

                                      @mikev7896 Hmm, thanks for sharing. Your drop-down prefix interface being set to WAN is quite interesting to me, I'll try duplicating that! I'll try changing some things when everyone is asleep and won't miss the internet. Also I'll try changing the LAN prefixes from single digit (0, 1 & 2) to double digit ones too.

                                      Could you share how you have your Router Advertisements / Router Mode set, if you get a chance, please? Just wondering if that is a hang-up.

                                      Thanks again!

                                      MikeV7896M 1 Reply Last reply Reply Quote 0
                                      • MikeV7896M Offline
                                        MikeV7896 @SirSilentBob
                                        last edited by

                                        @sirsilentbob My RA router mode setting is Unmanaged. I let SLAAC and RDNSS do its thing, and I've had no issues with any device.

                                        The S in IOT stands for Security

                                        1 Reply Last reply Reply Quote 0
                                        • JKnottJ Offline
                                          JKnott @jeremy.duncan
                                          last edited by

                                          @jeremy-duncan

                                          Do they even support IPv6?

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          MikeV7896M 1 Reply Last reply Reply Quote 0
                                          • JKnottJ Offline
                                            JKnott @MikeV7896
                                            last edited by

                                            @mikev7896

                                            It doesn't matter which prefix ID you use, so long as they're unique for each interface. I don't use advanced IPv6 settings.

                                            PfSense running on Qotom mini PC
                                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                            UniFi AC-Lite access point

                                            I haven't lost my mind. It's around here...somewhere...

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.