Assistance Needed with Static IPv6 Configuration between AT&T Fiber Gateway and pfSense+ Router

RonRN18 · Jul 24, 2024, 11:17 PM

I've been trying to enable IPv6 on my network, but I'm encountering some difficulties. I am using an AT&T Arris BGW210-700 gateway with IP Passthrough enabled for a static IPv4 setup on pfSense. However, I am struggling to get IPv6 working properly.

Here is the setup and the issues I'm facing:

Current Setup:

Gateway: AT&T Arris BGW210-700
Router: pfSense+ 24.03-RELEASE on a Jetway NF9HG-2930 (Celeron N2930)
IPv4 Configuration: Static, using IP Passthrough on the gateway

IPv6 Configuration Attempts:

When setting the WAN interface on pfSense to DHCP6, it only receives a Link Local Address, not a Global Unicast Address.
The AT&T gateway shows a Global Unicast Address ending in ::1 and a Default IPv6 Gateway Address.

Steps Taken on pfSense:

Set the WAN interface IPv6 Configuration Type to Static IPv6.
Entered the Global Unicast Address from the AT&T gateway.
Initially used a /64 prefix but later realized it should probably be /128.
Did not check "Use IPv4 Connectivity as Parent Interface".
Created a new IPv6 Upstream Gateway using the Default IPv6 Gateway

Address from the AT&T gateway (a Link-Local address).
After making these changes, I could no longer access the Internet via IPv4 or IPv6. The solution to regain Internet access was to set "Default gateway IPv6" to either "Automatic" or "None". This incident took a significant amount of time to resolve and caused some family frustration, which I hope to avoid in the future.

Could someone provide guidance on the correct steps to configure a static IPv6 address in this setup? Your help would be greatly appreciated!

Thank you in advance for your assistance.

JonathanLee · Jul 25, 2024, 2:41 AM

Does your isp support IPv6? Mine doesn’t I had to use HE electric tunnel broker service. My isp flat told me they have no IPv6 support yet for consolidated communications. Did you set up your IPv6 dns resolver yet? You need to add a IPv6 address like Google has 8.8.8.8 you need to also add the IPv6 equivalent.

Also check to make sure you have allow IPv6 enabled in advance settings

As quoted on Netgate docs configuration guides..
“The firewall DNS configuration likely already properly handles DNS queries for AAAA records already. If the firewall is configured to use the DNS Resolver in resolver mode, which is the default, then nothing needs to be done.

If the firewall is configured to use the DNS Resolver in forwarding mode, or it uses the DNS Forwarder, then the best practice is to add the tunnel broker DNS Servers under System > General Setup.

Enter at least one IPv6 DNS server or use a public DNS service such as Google public IPv6 DNS servers (2001:4860:4860::8888, 2001:4860:4860::8844), Quad9, or CloudFlare.”

https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

RonRN18 · Jul 25, 2024, 2:41 AM

@JonathanLee I have set all that part up, in regards to ensuring my firewall is not blocking IPv6, and I have CloudFlare's DNS servers set for both (1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001). Within the Services>DHCPv6 Server, I have left the DNS server lines black, as it says it will default the firewall's DNS server.

I guess one other thing I didn't mention is that I do have pfBlockerNG installed, I'm not sure if that changes anything.

JonathanLee · Jul 25, 2024, 6:54 AM

@RonRN18 do you show in dns status a good connection to the ipv6 servers or ipv4? that would isolate firewall ACLs/ or WAN gateway issues

JonathanLee · Jul 25, 2024, 6:55 AM

@RonRN18 Did you set up DHCPv6 and RA? Are you using SLLAC or are you doing the DHCPv6 on the system itself? Can you see any ipv6 leases?

hadrins · Jul 27, 2024, 5:32 PM

Hi,
Since you are using IP passthrough for IP4 why not do the same with IP6. I do not have static IP and do it this way. I guested at the settings having looked all over for configuration settings with AT&T. Comcast was much easier. I am definitely not an expert with this.

WAN has DHCP for both IP4 and IP6
I have the following DHCP6 Client configuration boxes checked
Send IPv6 prefix hint
Do not wait for a RA.

I get a /128 IP for the WAN.

On the lan side.
I know of 2 settings that work for a LAN network with no VLANS
IPV6 Configuration Track Interface or Type Static IPV6 (Will probably break if IP6 changes on WAN)

With tack interface:
You select the IPV6 Interface (WAN)
You should get an IP6 for the LAN and mine was a /64
At this point I get IP6 addresses for all the devices on the LAN interface.
Problem with this setting is that I have VLANs setup and those VLANs don't get a IP6 address.

This works but probably isn't correct.
You can also change the LAN to static. I did this using the prefix address and selected an IP6 address with a /64 address. I used an IP6 calculator to guess at a correct IP6 address to choose.
Routing and everything works for the LAN.
The IPv6 upstream gateway is None.
I was able to setup DHCP6 on the LAN with a range.
Devices on the LAN can reach the internet via IP6
I have not been successful figuring out how to get IP6 on the VLANs yet.

Hope this helps.