Enabling IPv6 on Comcast home network

lenhuppe

I am trying to get IPv6 running on my SG-3100 with no success. I bought a Netgate because it was recommended to me. So far the default settings have worked fine for my home network. When I bypass the Netgate I can surf the net using IPv6 so I know that its supported by my ISP which is Comcast. According to ipv6-test.com the only IPv6 feature not enabled is a hostname. Also ICMP is filtered if that makes any difference.

I have been searching the net looking for information and its hard to find. The pfSense docs say to check one box to enable IPv6 but its checked by default. There are a multitude of IPv6 settings and so far I have not found the right combination. Any help would be appreciated.

johnpoz

@lenhuppe said in Enabling IPv6 on Comcast home network:

When I bypass the Netgate I can surf the net using IPv6

And how exactly are you doing that? Is there some isp router in front of pfsense? Or just a cable modem - what is the device your plugging pfsense into?

For pfsense to provide ipv6 to devices behind it will want request a prefix.. I had comcast back a few years ago - and always hated their ipv6 deployment.. Nothing but issues with it - I just run a HE tunnel for all my ipv6 wants.

Guy you want for ipv6 stuff around here is @JKnott - can't believe he hasn't chimed in already.. Its been 10 minutes since you mentioned IPv6 ;) heheheh

lenhuppe

@johnpoz said in Enabling IPv6 on Comcast home network:

@lenhuppe said in Enabling IPv6 on Comcast home network:

When I bypass the Netgate I can surf the net using IPv6

And how exactly are you doing that? Is there some isp router in front of pfsense? Or just a cable modem - what is the device your plugging pfsense into?

For pfsense to provide ipv6 to devices behind it will want request a prefix.. I had comcast back a few years ago - and always hated their ipv6 deployment.. Nothing but issues with it - I just run a HE tunnel for all my ipv6 wants.

Guy you want for ipv6 stuff around here is @JKnott - can't believe he hasn't chimed in already.. Its been 10 minutes since you mentioned IPv6 ;) heheheh

I have Comcast and a rented cable modem. If I remove the Netgate I get an IPv6 address. If I run the cable modem into the Netgate it will get an IPv6 address on the WAN but the LAN devices do not.

johnpoz

@lenhuppe said in Enabling IPv6 on Comcast home network:

but the LAN devices do not.

Did you request a IPv6 via track interface? With pfsense you will request a prefix via delegation, and then track interface tells which prefix out of the delegation to assign to your lan interface.

https://docs.netgate.com/pfsense/en/latest/interfaces/configure-ipv6.html#track-interface

lenhuppe

@johnpoz said in Enabling IPv6 on Comcast home network:

@lenhuppe said in Enabling IPv6 on Comcast home network:

but the LAN devices do not.

Did you request a IPv6 via track interface? With pfsense you will request a prefix via delegation, and then track interface tells which prefix out of the delegation to assign to your lan interface.

https://docs.netgate.com/pfsense/en/latest/interfaces/configure-ipv6.html#track-interface

Yes. Interfaces > LAN > IPv6 Configuration Type = Track Interface

johnpoz

But did you actually get a prefix that you requested? There are some threads around here talking about how to troubleshoot that.. @JKnott prob the guy you want to help with this.. He loves IPv6 ;) My advice would be to just turn it off.. Or just run a HE tunnel.

They will give you a free /48 and you can take it with you if you change ISPs.. They allow for PTR settings on the IPv6 addresses, etc. Many reasons why its just easier than dealing with some lack luster isp IPv6 deployments.

JKnott

@johnpoz said in Enabling IPv6 on Comcast home network:

Guy you want for ipv6 stuff around here is @JKnott - can't believe he hasn't chimed in already.. Its been 10 minutes since you mentioned IPv6 ;) heheheh

I just got here. It took me a while to find a phone booth, so I could change into my uniform. Phone booths are getting scarce these days.

While I am good with IPv6, I have no experience with Comcast. However, I assume they use DHCPv6-PD, like many other providers.

As for getting IPv6, it's entirely possible to plug a computer directly into a modem in bridge mode and get an address for that computer. I've done that here many times and it's how pfsense would get it's WAN address.

@lenhuppe Can you show your configuation, so I know what you've done? I'll need both WAN and LAN configurations.

JKnott

@lenhuppe said in Enabling IPv6 on Comcast home network:

I have Comcast and a rented cable modem.

Is the modem in bridge or gateway mode? You want bridge mode.

lenhuppe

@johnpoz said in Enabling IPv6 on Comcast home network:

HE tunnel

There are at least two places where I can enter a prefix. The "DHCPv6 Prefix Delegation size" defaults to 64 on the WAN side and the "IPv6 Prefix ID" defaults to 0 on the LAN side.

JKnott

@johnpoz said in Enabling IPv6 on Comcast home network:

But did you actually get a prefix that you requested?

One thing that can be done is run a packet capture on boot up, to see what's being provided. To do that:

Shut down pfsense and disconnect the WAN cable
Reboot pfsense and start Packet Capture, filtering on port 546
Reconnect the WAN cable
Post the capture file here.

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe said in Enabling IPv6 on Comcast home network:

I have Comcast and a rented cable modem.

Is the modem in bridge or gateway mode? You want bridge mode.

I should contact Comcast and tell them I need to access the cable modem. The last time I tried that they gave me hard time. Comcast is a terrible company and even worse ISP.

JKnott

@lenhuppe said in Enabling IPv6 on Comcast home network:

The "DHCPv6 Prefix Delegation size" defaults to 64 on the WAN side and the "IPv6 Prefix ID" defaults to 0 on the LAN side.

The proper value depends on what prefix size they provide. For example, I get a /56 from my provider. The prefix ID is used to select which /64 from your prefix you want to use on an interface.

JKnott

@lenhuppe

You might be able to do that yourself. Post the make and model here and perhaps someone knows. Otherwise, a search on the net may provide the info.

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe

You might be able to do that yourself. Post the make and model here and perhaps someone knows. Otherwise, a search on the net may provide the info.

I have accessed the cable modem and found the "Delegated prefix" number. Its an Xfinity CGM4140COM if that helps at all. I just need to know where to enter the prefix.

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe said in Enabling IPv6 on Comcast home network:

I have Comcast and a rented cable modem.

Is the modem in bridge or gateway mode? You want bridge mode.

If I try to enable bridge mode it warns that wifi will not work in bridge mode. I need wifi so I can't switch to bridge.

lenhuppe

@johnpoz said in Enabling IPv6 on Comcast home network:

But did you actually get a prefix that you requested? There are some threads around here talking about how to troubleshoot that.. @JKnott prob the guy you want to help with this.. He loves IPv6 ;) My advice would be to just turn it off.. Or just run a HE tunnel.

They will give you a free /48 and you can take it with you if you change ISPs.. They allow for PTR settings on the IPv6 addresses, etc. Many reasons why its just easier than dealing with some lack luster isp IPv6 deployments.

On the WAN side DHCPv6 Prefix Delegation size is set to 64 and the the router has a delegation prefix ending in ::64 so I think that I am getting the /64 prefix as requested.

JKnott

@lenhuppe

If you're not in bridge mode, you will only be able to get a single /64, which pfsense cannot split among your LAN interfaces. Here I have a modem that includes home phone and I also have IPTV. Instead of using the built in WiFi, I have a separate access point, which is mounted roughly in the middle of my condo. Bridge mode had no effect on my home phone or IPTV.

johnpoz

So NOT a modem - but a gateway... Which is why I asked for model...

Yeah its not going to work with one of their shitty gateways. I should of known that as soon as you said rent - they don't rent modems any more, only gateway.. Back in the day they just gave you a modem..

Get yourself a MODEM.. and then an AP and save yourself some money in the long vs paying them rent for the hardware.

Or - just use HE for ipv6... But you still going to have issues with your wifi stuff off their gateway and then stuff behind pfsense.

If your going to use pfsense - all you want is modem.. Get a docsis 3.1, maybe even one the new ones with 2.5gbps interfaces to future proof yourself when you want over 1gig internet.

How much are they raping you on rent? $10 a month.. Depending on what you get you could break even on the rent in a year or so and then anything after that is just saved money..

JKnott

@johnpoz said in Enabling IPv6 on Comcast home network:

So NOT a modem - but a gateway... Which is why I asked for model...

Well, the box I got from my ISP can be configured as a modem (in bridged mode) or gateway. What would you call it. It's been a long time since my ISP provided a plain modem. Even back around 2008 or so, it was difficult to get the local phone company to provide a basic ADSL modem. You had to get their gateway and configure it for bridge mode. And that was for business customers.

johnpoz

While yes some gateways can be put into bridge mode - but as he mentioned that kills his wifi. But as soon as he said rent I should of know why it wasn't working is because he was already behind a nat, etc.

If he had just actual modem - would of worked right out of the box pretty much.

I specifically asked right up front

Is there some isp router in front of pfsense? Or just a cable modem - what is the device your plugging pfsense into?