Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Assistance Needed with Static IPv6 Configuration between AT&T Fiber Gateway and pfSense+ Router

    Scheduled Pinned Locked Moved
    IPv6
    3
    6
    472
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RonRN18
      last edited by

      I've been trying to enable IPv6 on my network, but I'm encountering some difficulties. I am using an AT&T Arris BGW210-700 gateway with IP Passthrough enabled for a static IPv4 setup on pfSense. However, I am struggling to get IPv6 working properly.

      Here is the setup and the issues I'm facing:

      1. Current Setup:
      • Gateway: AT&T Arris BGW210-700
      • Router: pfSense+ 24.03-RELEASE on a Jetway NF9HG-2930 (Celeron N2930)
      • IPv4 Configuration: Static, using IP Passthrough on the gateway
      1. IPv6 Configuration Attempts:
      • When setting the WAN interface on pfSense to DHCP6, it only receives a Link Local Address, not a Global Unicast Address.
      • The AT&T gateway shows a Global Unicast Address ending in ::1 and a Default IPv6 Gateway Address.
      1. Steps Taken on pfSense:
      • Set the WAN interface IPv6 Configuration Type to Static IPv6.
      • Entered the Global Unicast Address from the AT&T gateway.
      • Initially used a /64 prefix but later realized it should probably be /128.
      • Did not check "Use IPv4 Connectivity as Parent Interface".
      • Created a new IPv6 Upstream Gateway using the Default IPv6 Gateway

      Address from the AT&T gateway (a Link-Local address).
      After making these changes, I could no longer access the Internet via IPv4 or IPv6. The solution to regain Internet access was to set "Default gateway IPv6" to either "Automatic" or "None". This incident took a significant amount of time to resolve and caused some family frustration, which I hope to avoid in the future.

      Could someone provide guidance on the correct steps to configure a static IPv6 address in this setup? Your help would be greatly appreciated!

      Thank you in advance for your assistance.

      1 Reply Last reply Reply Quote 0
      • JonathanLeeJ
        JonathanLee
        last edited by JonathanLee

        Does your isp support IPv6? Mine doesn’t I had to use HE electric tunnel broker service. My isp flat told me they have no IPv6 support yet for consolidated communications. Did you set up your IPv6 dns resolver yet? You need to add a IPv6 address like Google has 8.8.8.8 you need to also add the IPv6 equivalent.

        Also check to make sure you have allow IPv6 enabled in advance settings

        As quoted on Netgate docs configuration guides..
        “The firewall DNS configuration likely already properly handles DNS queries for AAAA records already. If the firewall is configured to use the DNS Resolver in resolver mode, which is the default, then nothing needs to be done.

        If the firewall is configured to use the DNS Resolver in forwarding mode, or it uses the DNS Forwarder, then the best practice is to add the tunnel broker DNS Servers under System > General Setup.

        Enter at least one IPv6 DNS server or use a public DNS service such as Google public IPv6 DNS servers (2001:4860:4860::8888, 2001:4860:4860::8844), Quad9, or CloudFlare.”

        https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

        Make sure to upvote

        R 1 Reply Last reply Reply Quote 0
        • R
          RonRN18 @JonathanLee
          last edited by

          @JonathanLee I have set all that part up, in regards to ensuring my firewall is not blocking IPv6, and I have CloudFlare's DNS servers set for both (1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001). Within the Services>DHCPv6 Server, I have left the DNS server lines black, as it says it will default the firewall's DNS server.

          I guess one other thing I didn't mention is that I do have pfBlockerNG installed, I'm not sure if that changes anything.

          JonathanLeeJ 2 Replies Last reply Reply Quote 0
          • JonathanLeeJ
            JonathanLee @RonRN18
            last edited by

            @RonRN18 do you show in dns status a good connection to the ipv6 servers or ipv4? that would isolate firewall ACLs/ or WAN gateway issues

            Make sure to upvote

            1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee @RonRN18
              last edited by

              @RonRN18 Did you set up DHCPv6 and RA? Are you using SLLAC or are you doing the DHCPv6 on the system itself? Can you see any ipv6 leases?

              Make sure to upvote

              1 Reply Last reply Reply Quote 0
              • H
                hadrins
                last edited by

                Hi,
                Since you are using IP passthrough for IP4 why not do the same with IP6. I do not have static IP and do it this way. I guested at the settings having looked all over for configuration settings with AT&T. Comcast was much easier. I am definitely not an expert with this.

                WAN has DHCP for both IP4 and IP6
                I have the following DHCP6 Client configuration boxes checked
                Send IPv6 prefix hint
                Do not wait for a RA.

                I get a /128 IP for the WAN.

                On the lan side.
                I know of 2 settings that work for a LAN network with no VLANS
                IPV6 Configuration Track Interface or Type Static IPV6 (Will probably break if IP6 changes on WAN)

                With tack interface:
                You select the IPV6 Interface (WAN)
                You should get an IP6 for the LAN and mine was a /64
                At this point I get IP6 addresses for all the devices on the LAN interface.
                Problem with this setting is that I have VLANs setup and those VLANs don't get a IP6 address.

                This works but probably isn't correct.
                You can also change the LAN to static. I did this using the prefix address and selected an IP6 address with a /64 address. I used an IP6 calculator to guess at a correct IP6 address to choose.
                Routing and everything works for the LAN.
                The IPv6 upstream gateway is None.
                I was able to setup DHCP6 on the LAN with a range.
                Devices on the LAN can reach the internet via IP6
                I have not been successful figuring out how to get IP6 on the VLANs yet.

                Hope this helps.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post