Comcast (Xfinity)

CarAnalogy

I've searched but I've never seen this laid out clearly.

I have a brand new installation with no default settings changed. Fully up to date. Static IPv4 on WAN, DHCP6, works fine on WAN.

Default LAN settings unchanged, set to track interface WAN, DHCP6 on, etc.

WAN gets working IPv6 DHCP address, LAN gets no IPv6 DHCP address. IPv6 tests succeed from firewall.

I have seen an old post that says the default /64 won't route on Comcast unless the modem is put in full bridge mode. This doesn't seem right.

Under the DHCP6 server, Spectrum installations show the IPv6 address/64 and everything works fine. Comcast shows 0/64 as the WAN IPv6 address, even though it has a working IPv6 address.

So here's the part where it's laid out clearly: This is only with Comcast (Xfinity). Spectrum routes a /64 just fine. All default settings. Is this just a Comcast thing? I don't understand what the difference is.

In 2024 this cannot still be a problem with a default configuration on Comcast, can it?

Has anyone else experienced this with Comcast (Xfinity)?

pfSense+ 24.3, Netgate hardware.

CarAnalogy

Couple quick clarifications:

Comcast distinguishes between "passthrough" and "bridge" mode.

To use a static IPv4 address, the modem must be placed in passthrough and not bridge. Apparently only dynamic IP addressing works in bridged mode.

This is fine for IPv6, but these installations need static IPv4. Do I need to specifically tell Comcast to put IPv6 in passthrough mode as well?

They have enough trouble with IPv4, that would be a fun conversation.

Other clarification is that the default configuration I was referring to is with Comcast. I'm not implying that the problem is with pfSense, I'm implying that surely by now Comcast would have a working default IPv6 configuration via DHCP. I know pfSense's default configuration works with other cable ISPs.

JonathanLee

Did you configure your dhcp on pfSense to hand out ipv6 to hosts also?

rtorres

Are you using xFinity equipment or your own? If you put the xFinity Modem/router in bridge mode, this applies to both IPv4 and IPv6 - I don't think you can bridge one or the other.

I have both IPv4 and IPv6 working from xFinity.

I had to get my IPv6 LAN interface to track WAN. Then go into the WAN interface and check 'Don't wait for RA' because xFinity doesn't use PPPoE.

If I didn't check that option, my WAN would get an IPv4 and IPv6 from xFinity but I wouldn't be able to get one for my LAN even though it was set to Track WAN.

After that I went ahead and enabled the DHCPv6 server and Router Advertisment to 'Managed'.

I checked on a few IPv6 test websites and was confirmed that my pfSense was getting a 'Native' IPv6 from xFinity.

JKnott

I'm on Rogers and they use the same equipment as Comcast. I have my modem in bridge mode and everything works fine. I get a /56 prefix which I split into individual /64s. The IPTV boxes are connect via Ethernet, though WiFi should also work,

CarAnalogy

@rtorres Thank you! That was it!

I checked the do not wait for RA box and changed RA to managed and right away the LAN got an IPv6 address and IPv6 leases started showing up under the DHCP6 status!

rtorres

@CarAnalogy said in Comcast (Xfinity):

@rtorres Thank you! That was it!

I checked the do not wait for RA box and changed RA to managed and right away the LAN got an IPv6 address and IPv6 leases started showing up under the DHCP6 status!

Awesome! After spending lots of time and many reinstalls of pfSense, I learned it was as simple as a check mark! Haha

Glad you got it going. The only thing that sucks is xFinity only hands out /64.... I wish they did at LEAST /60 so I can get IPv6 for Wireguard...

Oh well, IPv4 only it is for Wireguard clients!

SteveITS

@rtorres said in Comcast (Xfinity):

Then go into the WAN interface and check 'Don't wait for RA'

Interesting, on a home or business account? I don't have to check that at my home. Though, notably, I'm using my own cable modem not theirs.

rtorres

@SteveITS It's a home account with an owned Netgear Nighthawk CM2000.

There were times where it would work AS IS, didn't need to specify the WAN for a /64 and no RA check.

But most of the times, I'd have to specify /64 and Don't wait RA checked or else I'd get no IPv6 on LAN.

Weird...