NPt will not route any traffic - second post

codym

I have been trying to learn ipv6 for the last couple of days and I got to the point where I was able to get a static routing mulitrouter setup with ipv6 public routed servers and ipv6 only with nat64 and dns64. Its safe to say I am a little bit familiar with the basics of ipv6. My provider gives me what I believe to be a /56 with 256 something /64 subnets. The only problem with these subnets is that they are 6rd so they correspond to my ipv4 which is not static. I want to have publicly routable servers and clients with direct public ipv6 addresses, as ipv6 designed for. I went to NPt for this so that I can have a constant lan that is mapped to my dynamic WAN which can change to whatever prefix it wants leaving my internal networks bee. I have stared ever so incredibly hard at everything I can find on the internet and replicated what they did but with no results. I also spent a lot of time seeing if chatGPT could help with no luck.

My setup goes as follows (simplified for basics)

WanV6 xxxx:xxxx:xxxx:xxyy::/56 GUA network from ISP
default gateway for ipv6
has many working v6 /64 subnets tested to function on it

Test network dual stack: fd00:db8:d6a:2d03::/64
DHCP and RA setup how I normally do with the same settings as working networks

NPt: source subnet/CDIR fd00:db8:d6a:2d03::/64
Destination: xxxx:xxxx:xxxx:xxyy::/64
interface: I have tried both wanV6 and test network, one at a time and both at same time.

All ping fail, and only local addresses within the scope of the "local" router and its Vlans, but proving that the network can handle V6. It almost seems like either NPt isn't listening how I think it is, or somehow the internal ipv6 network isn't getting to the NPt/the NPt isn't routing to the WAN

Any help much appreciated!

Bob.Dig

@codym said in NPt will not route any traffic - second post:

My provider gives me what I believe to be a /56 with 256 something /64 subnets. The only problem with these subnets is that they are 6rd so they correspond to my ipv4 which is not static

What ISP? Can you share a screenshot of those addresses?

codym

@Bob-Dig centurylink-/quantum fiber is my isp, its 6rd prefix [2608::<ipv4>] then the rest is mine. It works out to ffff:ffff:ffff:ff00:0000:0000:0000:0000. You can nslookup www.peckservers.com to find exact addresses, but i wont paste them directly here!

The internal ones are a /56 in the fd00:: range

Hope that helps!

Bob.Dig

@codym said in NPt will not route any traffic - second post:

I was able to get a static routing mulitrouter setup with ipv6 public routed servers and ipv6 only with nat64 and dns64.

What does this mean? It is not related to your pfSense at home I guess? So you have no experience with regular IPv6?

From what you say so far I guess you can't run IPv6 via Track Interface at home but this is needed for NPt with dynamic IPv6. My advice, try tunnelbroker.net and their free service. Those servers have constant packet loss in central Europe but maybe they are running well in your place.

codym

@Bob-Dig said in NPt will not route any traffic - second post:

What does this mean? It is not related to your pfSense at home I guess? So you have no experience with regular IPv6?

What I mean when I say that is that I have a couple PFsense routers with static routes between them, and I'm able to publicly route traffic both ways on them, and I am hosting servers on the IPv6 as well. Basically everything works right now, my static routes are set to route what is essentially the dynamic block that my ISP gives me, but that will eventually change to a different block.

I am able to do track interface on interfaces that are directly on the first firewall connected to the ISP, however that doesn't really help me for getting those dynamic prefixes to any other router on the network. My end goal is to learn how to do dynamic path and multipath routing with IPv6, things like ospf, bgp, and some other fun stuff. All of those require statically entered routes however and so I was hoping that there was a way to just translate an internal subnetting prefix scheme directly to the public dynamic addressing scheme so that I can have all my static stuff but still have one to one public IP addressing. That way I can live test stuff and not have to worry about my public prefix changing, which would require me to change every single DHCP, ra, static route, and Network prefixes for the other router. Hopefully that makes some more sense, I was pretty tired when I wrote this post and definitely could have portrayed what I was saying better.

Bob.Dig

@codym said in NPt will not route any traffic - second post:

however that doesn't really help me for getting those dynamic prefixes to any other router on the network.

These are very advanced topics IMO and I can't help you with those, but I am pretty sure, that it is not doable with dynamic IPv6, so I hope, tunnelbroker is working well in your region. But even if not, you can test and learn with it for sure.

codym

@Bob-Dig I will definitely take a peek at that, thank you bringing it to my attention