Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY
-
@jknott What's interesting is that the WAN segment doesn't get an IPv6 assignment so that there's an external gateway address.
-
This post is deleted! -
The setting is in System > Advanced > Networking in 22.05... so it could apply to all interfaces on the system (and I think I need to update my original config post to note that)...
However, I don't believe it helps any, as I recently reloaded my pfSense box (had package installer issues) and reused the configuration, and every time I rebooted, a new prefix was received. So I think Verizon is doing something else. And I have a static DUID set in System > Advanced > Networking too.
-
@mikev7896 said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
The setting is in System > Advanced > Networking in 22.05... so it could apply to all interfaces on the system
Thanks for pointing that out! Didn't know that it is there now.
I don't use it for myself though.
-
@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
@jknott What's interesting is that the WAN segment doesn't get an IPv6 assignment so that there's an external gateway address.
Some ISPs don't provide a global WAN address, as it's not needed. Routing is often done with link local addresses. If you need a global address for VPN, etc., you can use the address on the LAN interface. I have a global WAN address, but it plays no part in routing to my network.
-
@jknott Well I'm left with the residual problem that I can't enter in a specific monitoring address in the WAN_DHCP6 gateway config.
Currently it's just monitoring the link-local address but having link doesn't mean you have transit if there's a fault in the CPE (Verizon ONT).
I can't even enter in the next hop as a monitoring address.
This is a change of behavior between Spectrum and Verizon. Both offer IPv6 natively, and I could use any valid IPv6 address for the Monitoring host with Spectrum.
I shall continue to play with it...
-
It shouldn't matter who your ISP is, an address is an address. Maybe someone who has your version can help. I have the CE version here.
-
@jknott I think he meant that he can not have gateway-monitoring to a public IPv6-address because WAN has no public IPv6-address with this ISP, which is a bummer.
-
I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott Interesting.
Or it is maybe this:
Static route
Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior. -
I suspect the problem is with a link local WAN address, there is no usable subnet and the non local gateway may be a way around that. I don't think removing a static route would fix that.
-
@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.
About that. I'm using the WAN i/f in the ping and it works fine. That's what's really confusing me.
Update: Aha!
I tried the ping from the WAN and LAN and noticed that ping is using the LAN interface even though WAN is selected -- so that may explain why the monitor IP is failing as it doesn't know to use the LAN interface instead.
-
@bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
@jknott Interesting.
Or it is maybe this:
Static route
Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.Just tried this. Didn't work.
-
Have you tried what I suggested about the non-local gateway?
-
@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
Have you tried what I suggested about the non-local gateway?
Yes. No joy -- didn't work.
-
Well, I guess you'll have to rely on the IPv4 monitor then. I have no idea why some ISPs don't provide a WAN address. It's not as though there's an address shortage.
-
@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
Just tried this. Didn't work.
What happens if you uncheck that and then create your own static route to that same external IP...
-
@bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:
What happens if you uncheck that and then create your own static route to that same external IP...
Will try that shortly.
Related question: Why doesn't the WAN config for Ipv6 offer a place to assign a Prefix ID like the other i/f configs do since they're tracking the WAN IPv6 config delegation?
It seems that the WAN config should be able to assign the external WAN i/f an address. Or is that controlled by the ISP's RA?
Perhaps I can ask Verizon to have their side assign one...
-
That would really mess up routing. You'd have your internal prefix on the WAN interface.
-
@jknott How would it mess up routing?? The whole prefix is being routed to the router by the ISP anyway... For a while I had a virtual IP set up on my WAN interface using the "ff" prefix ID... I just had to manually change the VIP every time the prefix changed, which got old (and is part of why I'm not doing it anymore). But the IP worked just fine and could be pinged from the internet (since I allow pinging "WAN address" in my rules).
Verizon even does it in their own routers... taking the "ff" prefix ID and using the ::1 address for the WAN interface on the router.
The S in IOT stands for Security
