T-Mobile Home Internet IPV6
-
I just got T-Mobile home internet and have been struggling to get ipv6 working. Although the pfSense WAN interface gets an ipv6 address, T-Mobile does not do prefix delegation so I have not been able to get LAN Track Interface to work. Now, I have been able to get an openwrt router to work with the following config. Is there an equivalent config in pfSense?
config dhcp 'lan' option interface 'lan' option dhcpv6 'relay' option ra 'relay' option ndp 'relay' option ndproxy_slave '1' config dhcp 'wan6' option dhcpv6 'relay' option ra 'relay' option ndp 'relay' option master '1' option interface 'wan6' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4' -
Perhaps you can configure pfSense to be a firewall only, not a router. I haven't tried that, so someone else will have to help.
-
There’s always NAT. Treat IPv6 like IPv4.
Still, sometimes pfSense can fail to notice when the IPv6 address changes.
-
@dem said in T-Mobile Home Internet IPV6:
here’s always NAT. Treat IPv6 like IPv4.
NO!!!!
NAT is a hack to get around the IPv4 address shortage and breaks things in the process.
-
@JKnott What is your solution to using T-Mobile Home Internet IPv6 with pfSense?
-
@dem Thanks for the suggestion. Pending another solution, so far it looks like outbound NAT does work as a fallback.
-
@dem said in T-Mobile Home Internet IPV6:
@JKnott What is your solution to using T-Mobile Home Internet IPv6 with pfSense?
As I mentioned above, use pfSense as a firewall only. Here's some info on that. I haven't done this myself, so someone else may be able to advise.
-
Bear in mind that the gateways that T-Mobile provides for Home Internet have no settings for opening firewall ports, forwarding ports, changing DNS, DHCP, or pretty much anything. IPv4 uses CGNAT and the IPv6 prefix can change several times a day. So it's not like you lose the ability to directly access a client on your LAN by using NAT for IPv6; you never had that ability anyway. Tailscale to the rescue.
One advantage of IPv6 NAT over bridging is retaining support for Multi-WAN, which will be important to some (like me).
Also it seems very inconvenient to hand off DHCP to the provided simple-minded gateway since you then can no longer specify your own DNS or NTP servers, and you lose the ability to statically assign LAN addresses through DHCP. Perhaps there's some way to continue to route IPv4 while bridging IPv6 but it's not obvious to me how that would work.
By using NAT for IPv6 you keep the ability to use all of the same pfSense services you use with IPv4. As a bonus your LAN clients don't keep having their IPv6 addresses changed, perhaps interrupting services for a bit.
-
Since cell carriers are promoting themselves for LAN backup and even primary Internet connection, they should start properly providing services. This means supporting multiple prefixes on IPv6, just as on wired connections. They could provide a different service level for this, compared to cell phones.
Using NAT is still a bad idea as it's a curse from the network gods! The proper way to set up a back up connection is to use a routing protocol, such as OSPF. This is commonly done for larger business customers.
Cell networks use APNs to connect a device to the appropriate service. Maybe they need to add a new one or two, to provide a proper IPv6 connections for network use.
