xfinity, netgear cm1000 and ipv6 problems.
-
I have a netgear cm1000 modem and for some reason with pfsense I cannot get an IPV6 allocation. I have plugged in my laptop directly into the modem and i get ipv6 perfectly fine. I had an arris 6141 but i keep loosing connectivity..everything is fine and then it goes to a 192.168.x.x address..waits a copule of minutes and goes back)..the cm1000 ipv4 works fine but i cnanot get an ipv6 behind pfsense. Any ideas? The machine is a home brew:
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
Intel(R) Core(TM) i3-2120T CPU
4 gigs of ram. the only packages i use is ntopng. Ram usage hovers around 50%. The nics are intels. I am curious why PFSense is not getting along with the cm1000. Any ideas or pointers would be highly appreciated. -
@hescominsoon i filed this as a bug since I have tried two different modems with the same problem:
https://redmine.pfsense.org/issues/11255 -
It's definitely not a bug... I personally used pfSense with Comcast and had no issues with IPv6 over 5+ years. What are your WAN IPv6 settings?
For Comcast, they should be something like...
- IPv6 Configuration Type: DHCPv6
- Use IPv4 connectivity as parent interface: Pretty sure this can be set either way. If checked, IPv4 must be up and running before IPv6 is attempted.
- Request only an IPv6 prefix: Unchecked recommended; will work either way. If checked, WAN will only have a link-local IPv6 address.
- DHCPv6 Prefix Delegation size: 60 if residential service, 56 if business
- Send IPv6 prefix hint: Checked
- Do not wait for a RA: Checked
And then for your LAN(s), IPv6 Configuration Type would be "Track Interface", and the IPv6 settings would be "WAN", and pick a prefix ID.
-
@virgiliomi said in xfinity, netgear cm1000 and ipv6 problems.:
It's definitely not a bug... I personally used pfSense with Comcast and had no issues with IPv6 over 5+ years. What are your WAN IPv6 settings?
For Comcast, they should be something like...
- IPv6 Configuration Type: DHCPv6
- Use IPv4 connectivity as parent interface: Pretty sure this can be set either way. If checked, IPv4 must be up and running before IPv6 is attempted.
- Request only an IPv6 prefix: Unchecked recommended; will work either way. If checked, WAN will only have a link-local IPv6 address.
- DHCPv6 Prefix Delegation size: 60 if residential service, 56 if business
- Send IPv6 prefix hint: Checked
- Do not wait for a RA: Checked
And then for your LAN(s), IPv6 Configuration Type would be "Track Interface", and the IPv6 settings would be "WAN", and pick a prefix ID.
Some background on myself: I am a comcast partner and, in my area at least, comcast is not giving out larger than a /64. i've been able to confirm this at multiple residential clients of mine. yes i know it's a ipv6 standard thing..but who says isp's always follow the rules?
As for the settings...that's what i had them at when things stopped working. I turned ipv6 totally off in all areas until I could get a response. I'll rebuild them back to the above configuration and try it again.
-
@virgiliomi
ok here's what i have now:
IPv4 Address
76.100.142.xxx
Subnet mask IPv4
255.255.252.0
Gateway IPv4
76.100.140.xxx
IPv6 Link Local
fe80::217:54ff:fe02:69b5%em0
IPv6 Address
2001:558:6003:8:51ce:81db:6dce:xxxx
Subnet mask IPv6
128
Gateway IPv6
fe80::201:5cff:fe86:a446
DNS servers
127.0.0.1
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
I have enabled track interface on one internal interface. tried both id 0 and id 1. Neither of them have gotten me an ipv6 allocation:
-
@virgiliomi
right now i am going to disable ipv6 again. i will hook up my laptop and post what i get there. I have some packet captures i can let you see as well. If you'd like to see them I'll pm you the link to where i have them stored..:) -
Keeping in mind that most people have a gateway (modem + router in one) rather than a separate modem and router, they will probably only ever see a /64. That's what needs to be used on a LAN, and those gateways don't usually support more than one LAN. But pfSense connected to a modem (not a gateway, unless it's in bridge mode) should be able to request a prefix that gets you multiple /64's, so you can set up multiple networks, each with their own /64.
Clearly you have a WAN address... so DHCPv6 is working. Requesting a /60 prefix on your WAN will work regardless of your service. If you have business service and need more than 16 /64's, you could request a /56. Your internal networks should be Track Interface > WAN, and each should use a different prefix ID.
-
@virgiliomi yes i have all of those setup in the interfaces. i do NOT have an ipv6 wan address...it only get one when i plug a laptop directly into the cm1000..the pfsense box is NOT pulling an ipv6 address at all.
-
@virgiliomi so i tried re-enabling ipv6 and i got an ipv6 address on wan..the instant i enabled track interface it dropped the ipv6 on the wan and refuses to pull ipv6 again.
-
@hescominsoon Make sure your LAN is set to Track Interface, then go to Status > Interfaces and do a Release then Renew on your WAN interface and see if IPv6 returns.
-
@virgiliomi they are..and tried this more than once..nothing. If i plug a laptop into the modem ipv6 works perfectly.
-
I'm not sure what to say other than maybe try Comcast's forums or other ISP community sites on the internet for settings that will work. It's been over a year since I had Comcast service, but I used pfSense with IPv6 and had no issues for over four years using the settings I provided earlier.
If you have a gateway (modem+router) in gateway mode, pfSense won't work for IPv6 because the gateway will acquire a single /64 for its own use. I don't know if their gateways will sub-delegate additional /64's or not.
If you have a gateway that is in bridge mode, or have just a regular modem (I used both Motorola/Zoom and Arris modems over my time on Comcast), you should be able to request a /60 unless they've changed things since I left.
