[howto] Getting native IPv6 to work.

rbressers

Hi. I recently dug into IPv6 on pfSense, because we needed it on our office LAN. We are operating a dutch ISP and are in the process of providing native IPv6. For people who would like to know how to do it on the pfSense, i wrote a blog at http://remcobressers.nl/2009/08/configuring-native-ipv6-pfsense/

Maybe there are better methods out there, but this one definitely works.

jigpe

rbressers:

Great work :)

But i have some few issues.. I am not an CLI guy of course..So this is my story..

1st i cd /usr/local/etc/rc.d and vi 00_config-ipv6-if.sh and then i paste this:
#!/bin/sh

IFOUT = outside interface

IFIN = inside interface

DFGW = default gateway

IFOUT="vr0"
IFIN="dc0"
DFGW="2001:4cb8:a95:1::1"

####### Configure the stuff

Configure the interfaces

ifconfig $IFOUT inet6 alias 2001:4cb8:a95:1::2 prefixlen 64
ifconfig $IFIN inet6 alias 2001:4cb8:b95:1::1 prefixlen 64

Set the default route

route -n add -inet6 default $DFGW

Configure IPv6 forwarding

sysctl net.inet6.ip6.forwarding=1

My /etc/rtadvd.conf looks like this

bce1:\

:addrs#1:addr="2001:4cb8:b95:1::":prefixlen#64:tc=ether:

Startup rtadvd

/usr/sbin/rtadvd -d -D -c /etc/rtadvd.conf $IFIN

then i save..I type this after saving :

chmod 755 /usr/local/etc/rc.d/00_config-ipv6-if.sh

and reboot…

I type this command:
cd /usr/local/etc/rc.d
vi 10_config-ipv6-pf.shI

and paste this:

#!/bin/sh

IFOUT = outside interface

IFIN = inside interface

DFGW = default gateway

IFOUT="vr0"
IFIN="dc0"

####### Configure the stuff

Configure PF

pfSense puts it's rules in /tmp/rules.debug for debugging purposes after boot

We will use these rules, add IPv6 additions, read the config with pfctl and

disable and enable PF

cat /tmp/rules.debug | sed "/User-defined rules follow/{
p;s/.*/
pass in quick on $IFIN inet6 from any to any\
pass out quick on $IFIN inet6 from any to any\
pass out quick on $IFOUT inet6 from any to any\
pass quick proto ipv6-icmp from any to any\
pass in on $IFOUT inet6 proto tcp from any to any port 22\
/;}" > /tmp/rules.config-ipv6.txt

Read the new PF configuration file

pfctl -f /tmp/rules.config-ipv6.txt
pfctl -d; pfctl -e

Save the code and i type this: chmod 755 /usr/local/etc/rc.d/10_config-ipv6-pf.sh

Then i type this : vi /etc/rtadvd.conf

and paste the code:

bce1:
 :addrs#1:addr="2001:4cb8:b95:1::":prefixlen#64:tc=ether:

then save and reboot...

After reboot i type this: ln -s /usr/local/etc/rc.d/10_config-ipv6-pf.sh /usr/local/pkg/pf/

then reboot again..

I go to workstation and do "ifconfig" linux or "ipconfig" for windows..

Nothing happen really.. All i see is 192.168.4.245 ip address when i do "ipconfig".. I dont see ip like this:

2001:4cb8:b95:1

...

My config is:

192.168.4.0/24
subnet mask: 255.255.255.0
Gateway: 192.168.4.1
WAN: isp

pls help..thnx

jigp
1.2.2 Davao

jigpe

I tried to change the number 64 into 24 but no luck..

Configure the interfaces

ifconfig $IFOUT inet6 alias 2001:4cb8:a95:1::2 prefixlen 64 changed to 24
ifconfig $IFIN inet6 alias 2001:4cb8:b95:1::1 prefixlen 64 changed to 24
….

I use "ipconfig on windows workstations but i dont see this kind of ipv6 ips..

jigp
1.2.2