• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trying to set up ipv6 with only a /64 range

Scheduled Pinned Locked Moved IPv6
5 Posts 4 Posters 666 Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    danielspa
    last edited by Sep 25, 2024, 9:28 AM

    So, i am trying to set up ipv6, but i have only been asigned a single /64 range from the ISP
    I tried setting up LAN and WAN as static IPV6 configs, where i assigned the ISP range to the WAN interface and an ULA to the LAN interface, with DHCPv6 enabled on LAN and RA set as managed

    Then, created a NPt rule to translate the lan range to the wan range

    But this is not working

    Has anyone gotten ipv6 working only with an /64 range

    B G 2 Replies Last reply Sep 25, 2024, 9:45 AM Reply Quote 0
    • B Offline
      Bob.Dig LAYER 8 @danielspa
      last edited by Sep 25, 2024, 9:45 AM

      @danielspa said in Trying to set up ipv6 with only a /64 range:

      So, i am trying to set up ipv6, but i have only been asigned a single /64 range from the ISP

      Who and where is your ISP exactly?

      1 Reply Last reply Reply Quote 0
      • G Offline
        Gertjan @danielspa
        last edited by Gertjan Sep 25, 2024, 10:03 AM Sep 25, 2024, 10:00 AM

        @danielspa said in Trying to set up ipv6 with only a /64 range:

        Has anyone gotten ipv6 working only with an /64 range

        The ISP gives you a /64 so the ISQP router can 'map' that (prefix) onto the LAN, so every ISP LAN device can have its own IPv6.
        pfSense is just like any other ISP LAN device, it needs an IPv6 for its WAN port, and the ISP router will give an IPv6 out of the ISP /64.

        The WAN side of pfSense is set up like any other ISP LAN device :
        DHCP rules as always :
        a3ec080e-8111-478e-837c-a765ff33a8ab-image.png

        and if all goes well :

        9327865f-3eca-448b-8942-094ed9816536-image.png

        This is the moment things don't look like IPv4 anymore.
        On the LAN(s) of pfSense, you would be using some /24 out the the available RFC1918, and pfSEnse will happlily route between your LAN(s) and WAN.
        But not so for IPv6.
        You'll be needing another /64 from your ISP - known as the 'prefix', so pfSense can use it for a (one) LAN :

        6b040f33-b831-4bc1-870d-7248f5a4f463-image.png

        Whne set the LAN IPv6 setting to tracking, pfSEnse will try to obtain a prefix, often an entire /56 or 256 prefixes, and you assign one prefix out of the [0..255] to your LAN :

        f9830bb3-0d00-4977-9f7c-65a826a01f61-image.png

        Here I assigned prefix number '0' to my pfSense LAN.

        And here you can see how 'broken' my ISP is. My ISP routers tells me : I have & /56 for you.
        But then the ISP router only gives ONE (1) prefix on any device connected to it's LAN, in my case, I've only pfSense connected to my ISP router LAN.
        Long story short : I receive just 1 prefix, so my LAN can use IPv6, but other pfSense LAN interface can't, as no other prefix are available.

        My ISP router says this :

        5acd3682-1702-4047-841f-d393be76d276-image.png

        That is a /56.

        In your case, its even worse.
        That is, if you were using only your ISP router, and its LAN, you would be fine. IPv6 will (probably) work for all connected devices. Even for pfSense, as a ISP LAN device. But not on the pfSEnse LAN(s).
        You did something, not per se forbidden but also not supported by your ISP : you've added a router (pfSense) behind your ISP router. That's fine and ok and all that, but you're on your own to 'support' it.

        What you can do :
        Check up with your ISP - their support pages.
        Check up with other ISP users.
        Worst case : wait it out - your ISP will fully support IPv6, or they will bust ....
        Another solution : when shopping for an ISP, add to the list : does it support IPv6 like I want to sue it ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Sep 25, 2024, 12:08 PM Reply Quote 1
        • J Offline
          johnpoz LAYER 8 Global Moderator @Gertjan
          last edited by johnpoz Sep 25, 2024, 12:17 PM Sep 25, 2024, 12:08 PM

          @Gertjan said in Trying to set up ipv6 with only a /64 range:

          Worst case : wait it out

          Or just go with a tunnel from Hurricane Electric, its FREE and they give you a /48, now you can use whatever /64s you want on your lan side networks.. You have 65K of them to work with.

          This prefix doesn't change, and they allow you to set PTR on any of the IPs in that whole /48

          They have lots of pops all over
          https://tunnelbroker.net/status.php

          So you can pick one closest to you.

          Been using a tunnel from them for over 13 years.. Back when first started playing with IPv6 my isp rollout of it was very lacking.. Sucked would prob be the correct technical term ;)

          Moved to HE and everything just worked, and didn't have to play with tracking and delegation, etc. My current ISP doesn't even have IPv6, and nothing I see from them points to it even being on their radar to deploy.. But I would bet a large some of money if/when they do roll it out - it will prob suck too ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07 | Lab VMs 2.8, 25.07

          G 1 Reply Last reply Sep 25, 2024, 12:40 PM Reply Quote 1
          • G Offline
            Gertjan @johnpoz
            last edited by Sep 25, 2024, 12:40 PM

            @johnpoz

            Somewhat thought that I already made some publicity for he.net here .. but it was somewhere else.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received