Is it me or verizon?
-
Yes, I also suspect it's Verizon's problem, but I was just trying to help you prove it. Since it fails without pfSense, it's definitely their problem.
-
@jknott totally appreciate ya. Guess we will see what the tech says :)
-
@jknott maybe b/c my laptop doesn't get an ipv6 address (when directly connected), I should figure out how to make that work. Do you know if there is some /etc/network/interfaces configuration I should use to match what I was doing in pfsense? I'll try to research this evening as well.
-
I think it would be best for the Verizon tech to make it work. Since it's not your problem, they should fix it. Once you get it going with the modem, then you can worry about pfSense.
-
Tech arrives and says they don't support ipv6 and that I wouldn't have an ipv6 address. I show him my ipv6 address and then he looks up in the system and it shows ipv6 is supported where I am provisioned. He then remotes to his home and I help him with his ipv6 settings. The settings work for him and he can get out to the internet just fine. He directly connects to my ont with a router and ipv6 is picked up but can't get anywhere. I then show him the traceroute and he confirms the route is broken in the regional office (hop 2 like mike stated). The tech then says no one will fix the route because it isn't official that ipv6 is out.
So basically I am SOL until they happen to fix it.
Anyway, thought I'd share my tech experience and final result. I am going to leave the dhcp6 server disabled on my network and disable RA. This way I can occasionally check on pfsense if it can get out and my local clients won't pickup any global addresses.
Thanks again for everyone's input!
-
Isn't it fun having to show the techs how to do their job. I have five decades of experience in telecom, computers and networks. If I have a problem, I don't waste my time with first level support and immediately escalate to 2nd level.
Also, that attitude sucks. If it's a routing problem, it will affect more than just you. Maybe a complaint higher up might help.
-
@jknott Yeah it is a bummer. Quick question... Lets say the route is fixed. Since now my lan has a ipv6 address that is globally routable, does this mean outsiders from my home network can now attempt to login to my pfsense web configurator?
Thanks Again!
-
Only if you allow it in your firewall rules. Your WAN rules should be configured to drop connections, so that it appears as though nothing is there. That combined with the huge address space means it's unlikely anyone will even find anything on your LAN, let alone log in. Also, you shouldn't have the webConfigurator enabled on the WAN. Use a VPN if you want to access it from elsewhere.
-
@cyth I did a clean installation of pFSense out of the box provided IPV6, without changing any settings. Looks like they just started rolling dual stack so it will be some issues until they figure it out and finish the implementation. So far my pFSense is working, no issues with internet IPV6 traffic. From Verizon Automatic provide to pFSense address size.
Then I upgraded to pFSense plus, no issues working our of the box.
I spend a lot of time tried to figure it out, and looks like all this time was Verizon implementation issues.
I found out I started getting IPV6 because, some of my devices stop working, the reason was because those devices tried to communicate only using IPV6, they were giving priority over IPv4.
