Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internet routing from static /64 LAN subnet

    Scheduled Pinned Locked Moved IPv6
    5 Posts 4 Posters 593 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      korin
      last edited by

      I have a pfSense VM running on ESXi hosted in a datacenter. The hosting provider has assigned me two /64 prefixes. I've assigned one /64 to a WAN interface and verified that it can ping its gateway and hosts on the internet.

      I assigned an address from the second /64 to the LAN interface, but although the LAN interface can ping the WAN interface, it can't reach the default gateway or anything beyond.

      When I try to traceroute from the LAN interface address it doesn't even appear to reach the WAN interface. It seems like something is not routing correctly, but I don't know ipv6 enough to understand the problem.

      Can anyone help me understand what I'm doing wrong?

      654615d3-eba6-4bcb-ab68-c4b603d1423b-image.png
      1f927a96-6f48-4fa2-b73e-f83c4978755c-image.png
      e9be7ea2-ad40-4165-b6d0-2c2771ece631-image.png
      8260aa85-93f1-49da-ac51-d34fe506d741-image.png
      Successful ping from WANv6 to google.com:
      61684923-c679-4b59-a045-add98d1832ae-image.png
      Successful ping from LAN to WANv6:
      43cf5d13-48eb-4275-bf25-2c3fb4735241-image.png
      Unsuccessful ping from LAN to google.com:
      ac6600fc-5f65-4927-8a26-24425ac7691e-image.png
      Unsuccessful ping from LAN to WANv6 gateway:
      42654db7-95d2-4883-a8d2-e7d540bc499c-image.png
      Traceroute from WANv6 to google.com
      c94f2617-5229-4005-9128-507e2c10844f-image.png
      Traceroute from LAN to google.com
      af4dc447-2d38-4488-8832-a41d8c7fb2ac-image.png

      T S 2 Replies Last reply Reply Quote 0
      • T
        theit8514 @korin
        last edited by

        @korin said in Internet routing from static /64 LAN subnet:

        The hosting provider has assigned me two /64 prefixes.

        Did they assign you the two prefixes to the same link-local segment? If you swap the prefixes around is prefix B usable on the WAN? Typically in this scenario where you're getting additional prefixes the provider would use Prefix Delegation which would allow you to request prefix B to assign to the LAN interface. If that's not an option with your provider, you may need to tell them to route prefix B to the router's IPv6 address (either the link-local fe80 or the assigned IPv6 address) on prefix A.

        1 Reply Last reply Reply Quote 0
        • S
          supernoob @korin
          last edited by

          @korin

          Did you ever figure this out? I have literally the same problem. The internet is awash with endless threads of failure regarding what you would think is such a simple a common problem.

          K 1 Reply Last reply Reply Quote 0
          • K
            korin @supernoob
            last edited by

            @supernoob No, I never got it to work, unfortunately. @theit8514 provided really helpful information but I've had a difficult time communicating to my hosting provider what I need from them. I think they are accustomed to hosting single physical servers and not virtual hosts with routed subnets. I struggled with them for several hours but finally gave up.

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @korin
              last edited by

              Our data center set up a /125 IIRC for our IPv6 WAN and routes our LAN subnet to a specific IP. (We have a HA setup so two IPs plus the shared IP)

              Like this but IPv6: https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html#ip-assignments

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.