• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 Router behind router

Scheduled Pinned Locked Moved IPv6
68 Posts 3 Posters 14.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    matthewgcampbell
    last edited by Sep 8, 2020, 1:40 PM

    How should i set up my Pfsense box:

    SG-5100 gets ipv6 via DHCPv6 on WAN, and I have a router behind it which can either get a address via prefix delegation or via a static IP, since i get it via DHCPv6 on WAN i cant just start a DHCPv6 server. How would you do something like this, should i do something like IPv6 prefix translation?

    J 1 Reply Last reply Sep 8, 2020, 4:32 PM Reply Quote 1
    • J
      JKnott @matthewgcampbell
      last edited by Sep 8, 2020, 4:32 PM

      @cashew

      ????

      Prefix translation? This isn't IPv4, where you have to use NAT to get around the address shortage.

      Assuming your ISP is providing more than a single /64, you can have pfsense split your prefix into multiple /64s, which are routed as needed. However, pfsense cannot provide DHCPv6-PD on the LAN side, you will have to manually configure any IPv6 routing.

      BTW, I assume your modem is in bridge, not gateway mode.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      M 1 Reply Last reply Sep 8, 2020, 5:58 PM Reply Quote 1
      • M
        matthewgcampbell @JKnott
        last edited by matthewgcampbell Sep 8, 2020, 5:59 PM Sep 8, 2020, 5:58 PM

        @JKnott so i’m actually also using pfsense to bypass my at&t gateway router combo thing and i get a DHCPv6 address on the WAN (a /60) and prefix translation for IPv6 does exist as you can see here, if i get /60 on the WAN, how would you configure the IPv6 route to the router behind it in my case a UDM Pro. The UDM Pro can either pull a static address or a address via DHCPv6 prefix delegation.

        J 1 Reply Last reply Sep 8, 2020, 6:10 PM Reply Quote 0
        • J
          JKnott @matthewgcampbell
          last edited by Sep 8, 2020, 6:10 PM

          @cashew

          Once you have IPv6 up on your LAN, you can configure routing to provide prefixes to other routers. So, if your LAN is prefix ID 0, then you could route any of the other prefix IDs to another router. It's basic routing, just as you would have with IPv4.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          M 1 Reply Last reply Sep 8, 2020, 6:27 PM Reply Quote 0
          • M
            matthewgcampbell @JKnott
            last edited by matthewgcampbell Sep 8, 2020, 6:28 PM Sep 8, 2020, 6:27 PM

            @JKnott Yeah so my UDM Pro does get a IPv6 address but its just that i cant get it to pass on the LAN /64 address it gets to its clients, could it be more of a UDM Pro config problem then?

            J 1 Reply Last reply Sep 8, 2020, 7:13 PM Reply Quote 1
            • J
              JKnott @matthewgcampbell
              last edited by Sep 8, 2020, 7:13 PM

              @cashew

              Is your modem in bridge or gateway mode? You want bridge.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              M 1 Reply Last reply Sep 8, 2020, 10:04 PM Reply Quote 0
              • M
                matthewgcampbell @JKnott
                last edited by Sep 8, 2020, 10:04 PM

                @JKnott it’s the pfsense that is acting as the gateway, unsure of how to put it into bridge mode for IPv6

                J 1 Reply Last reply Sep 9, 2020, 1:29 AM Reply Quote 0
                • J
                  JKnott @matthewgcampbell
                  last edited by Sep 9, 2020, 1:29 AM

                  @cashew

                  You put the modem in bridge mode, not pfsense. For example, my modem came in gateway mode, which provides a single /64. With it in bridge mode, I could use pfsense for my firewall/router and received a /56 prefix from my ISP with DHCPv6-PD. This can provide up to 256 /64s.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  M 1 Reply Last reply Sep 9, 2020, 1:37 AM Reply Quote 0
                  • M
                    matthewgcampbell @JKnott
                    last edited by Sep 9, 2020, 1:37 AM

                    @JKnott so the UDM Pro should be able to use the DHCPV6-PD and give out IPv6 to its LAN?

                    J 1 Reply Last reply Sep 9, 2020, 10:43 AM Reply Quote 0
                    • J
                      JKnott @matthewgcampbell
                      last edited by Sep 9, 2020, 10:43 AM

                      @cashew

                      I would assume so, but can't say for certain, as I'm not familiar with it. DHCPv6-PD is the way most ISPs provide IPv6. However not all modems can handle it. I had to change modems to get IPv6.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      M 1 Reply Last reply Sep 9, 2020, 12:51 PM Reply Quote 1
                      • M
                        matthewgcampbell @JKnott
                        last edited by Sep 9, 2020, 12:51 PM

                        @JKnott yeah my ISP router is in bridge mode, but I have AT&T and have to use this but when doing so I get a /60 on the WAN my problem is configuring Pfsense so that my UDM Pro can get the IPV6 prefix from the LAN port, but since I have DHCPV6 I can’t start my own DHCPv6 server were my UDM Pro would be able to get the delegated prefix from pfsense, my only other option is static, but when I configure it as static the UDM Pro gets a IPv6 address but it just won’t hand it out the clients.

                        J 1 Reply Last reply Sep 9, 2020, 3:53 PM Reply Quote 0
                        • J
                          JKnott @matthewgcampbell
                          last edited by Sep 9, 2020, 3:53 PM

                          @cashew

                          Are you trying to get an IPv6 address on the WAN side of pfsense? If so, don't worry about it, as you don't need one. With IPv6, routing is often done with link local addresses.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          M 1 Reply Last reply Sep 10, 2020, 12:12 AM Reply Quote 1
                          • M
                            matthewgcampbell @JKnott
                            last edited by Sep 10, 2020, 12:12 AM

                            @JKnott IPv6 on the WAN is fine it’s just advertising the prefix for the other router to get, that’s were I’m confused, pfsense gets a IPv6 address no problem

                            J 1 Reply Last reply Sep 10, 2020, 6:33 PM Reply Quote 0
                            • J
                              JKnott @matthewgcampbell
                              last edited by Sep 10, 2020, 6:33 PM

                              @cashew

                              Show your settings on the WAN and LAN interfaces.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              M 1 Reply Last reply Sep 12, 2020, 2:05 AM Reply Quote 0
                              • M
                                matthewgcampbell @JKnott
                                last edited by matthewgcampbell Sep 12, 2020, 2:06 AM Sep 12, 2020, 2:05 AM

                                @JKnott I’m doing this and the UDM Pro gets a IPV6 address I’m just unsure of how to configure pfsense to delegate a IPv6 address to the UDM Pro so that it can pass the IPv6 onto its clients my config

                                J A 2 Replies Last reply Sep 12, 2020, 3:08 AM Reply Quote 0
                                • J
                                  JKnott @matthewgcampbell
                                  last edited by JKnott Sep 12, 2020, 3:09 AM Sep 12, 2020, 3:08 AM

                                  @cashew

                                  Please do a screen capture of your actual WAN and LAN settings, including Router Advertisements.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    abuttino @matthewgcampbell
                                    last edited by Mar 20, 2021, 4:05 PM

                                    @matthewgcampbell Did you ever get this solved?

                                    M 1 Reply Last reply Mar 20, 2021, 5:09 PM Reply Quote 0
                                    • M
                                      matthewgcampbell @abuttino
                                      last edited by Mar 20, 2021, 5:09 PM

                                      @abuttino yes sure did, was new to pfsense and integrating IPv6 into networks so I had to look though the docs on both pfsense and how IPv6 works. I did kinda leave this post unanswered. What do you need help with?

                                      A 1 Reply Last reply Mar 20, 2021, 8:52 PM Reply Quote 0
                                      • A
                                        abuttino @matthewgcampbell
                                        last edited by Mar 20, 2021, 8:52 PM

                                        @matthewgcampbell What did the end configuration look like? Did you have to enable the DHCPV6 server on pfSense? RA on pfSense? What about the WAN/LAN side of them Unifi controller (UDM)?

                                        I worked for a week trying to get this right and had to settle with tunnel broker.

                                        Sending a few screenshots would make my day, that's for sure

                                        Thanks for writing back!

                                        M 1 Reply Last reply Mar 21, 2021, 2:21 AM Reply Quote 0
                                        • M
                                          matthewgcampbell @abuttino
                                          last edited by Mar 21, 2021, 2:21 AM

                                          @abuttino yeah you need to setup a DHCPv6 server on pfsense as that is the only *current implementation that the UDM Pro supports without hacking around. Other than that the specifics would need to be tuned to your environment, ie how big of a IPv6 block is delegated to you from your isp, how often it changes, mine hasn’t changed for 5 years, etc.

                                          A 1 Reply Last reply Mar 21, 2021, 2:44 AM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received