BT Full Fibre only partially functioning via pfSense Router
-
Hi,
I had been scratching my head for some time with BT Business FTTC and IPv6, my symptoms were similar. I could not access this forum when IPv6 was enabled, but I could ping all IPv6 addresses on the internet.
Through trial and error and a lot more head scratching I found my issue, turned out to be Baby Jumbo Frames on the WAN interface instead of normal MTU of 1492.
My setup is a bit different as I use Proxmox as a hypervisor and Pfsense as a VM, I use vmbr0 interface in Proxmox for vtnet0 LAN in Pfsense and another seperate NIC vmbr1 to use for WAN.
Pfsense is setup for PPPOE and IPv6 set to DHCPV6.
In Proxmox vmbr1 is set to MTU of 1508
In Pfsense the WAN interface MTU is set to 1508
In Pfsense WAN advance options tick Force MTU and enter MTU of 1500 in Link ParametersWith your setup you should just need the last two lines and ignore Proxmox settings.
I dont know why this works or if its the right way to do it but it works.
Everything is now working for me perfectly except my dashboard firewall log does not show source ports anymore.
Strange!
Hope this helps,
fic.
-
Thanks for all the suggestions, finally getting an opportunity to look at this properly again today - wish me luck!
-
OK, so now I have IPv4 working (not 100% sure what setting made that work...) but IPv6 not. If I go to the ipv6test.google site it says I don't have ipv6 and if I go to an IP Checker I get an IPv4 Address showing (the BT 82.X.X.X one) but no IPv6.
In pfSense I do see an IPv6 address from the WAN:
Any ideas what I might be missing?
-
@MattDownes89 So what are your DHCPv6 Server settings? Have you set the IPv6 Prefix ID on the LAN settings under Track IPv6 Interface?
-
@brookheather thanks for continuing to help, I have LAN set to track interface and then this:
But when I go to the DHCPv6 Server it's not enabled...
Guessing this is the issue? Only trouble is... I don't remember ever configuring these before so I don't actually know what should be set in here?
Any help appreciated, apologies for only having a basic level of understanding!
-
That's fine. How do you have the WAN and LAN configured for IPv6 though?
It's probably at least mostly corret since it has pulled a prefix and is using it on the LAN.
Go to Diag Ping in pfSense and try to ping out using IPv6 there. Does that work? If not what error is shown?
-
@MattDownes89 I have my IPv6 Prefix ID set to 1 and you need to set the Prefix Delegation Size to 64 (and select Enable DHCPv6 server on LAN interface). You shouldn't need to change any other options though personally I set the IPv6 DHCP address pool range from ::d:1 to ::d:ffff so it's obvious that the IPv6 address comes from the DHCPv6 server.
-
OK, so here's the WAN Settings:
And the LAN Settings:
And then the DHCPv6 Settings:
I have no doubt I am missing something simple somewhere, I think I have probably caused myself more issues by trying to update what I had rather than starting fresh with the new ISP.
@stephenw10 Not sure what address to Ping to test? But if I ping the ISPs IPv6 address that's successful so it's getting that far!
-
You should be able to set the WAN to pull a /56 prefix so you can have addresses on more than one internal interface.
But if you can ping a v6 address from pfSense itself this is almost certainly an issue with assigning v6 addresses to the clients.
Can we assume that your LAN side clients are not getting an IPv6 address at all currently?
-
Hi, not sure if you managed to get much further but heres what I got for LAN:
This is for WAN:
This is Router Advertisement as I dont use DHCPv6:
PS, I noticed your DHCPv6 is allocating a /56, I only allocate /64, maybe that doesnt help.
PPS, make sure you refresh your clients NIC to get new addresses.
fic.
-
@stephenw10 I have set to /56 as suggested.
I think it is an issue on the LAN side - if I do an 'ipconfig /all' I can see my Laptop has picked up an IPv6 Address and if I look at DHCPv6 Leases I can see it in there as the only IPv6 Device on the list, but it just shows as idle/offline whereas in the normal DHCP list for IPv4 I can see all the devices on my network and the vast majority have a green tick and say they're online.
-
Hmm, what pfSense version is that?
That client still has the IPV6 address.
-
@stephenw10 looks like I'm up to date:
-
You are not. Probably wouldn't make any difference for this but you should upgrade anyway. Try running at the command line :
certctl rehash
Then recheck. You should see 2.7.2 available.
-
@stephenw10 - that did it, will update and see if anything changes!
-
OK, I am now on 2.7.2, looks subtly different and a few more devices seem to have got IPv6 Addresses but all showing as Offline in the list:
-
Hmm, those devices are actually present in the ARP table?
Are they all Windows clients?
-
@stephenw10 so the bottom one in that screenshot was my Win11 Laptop I am on now, not sure what devices the other two were, however, this morning I have a different IPv6 Address if I do IP Config on here and it's not showing up in the leases - my laptop is showing the correct IPv4 & IPv6 addresses for pfSense as the DNS Servers.
If I do arp - a on the pfSense box it doesn't show any IPv6 addresses but I do see the IPv4 for my laptop in the list.
I don't know if any of that helps?
-
They won't show in the ARP table that only ever shows v4 addresses. But do those clients show there at all?
Check Diag > NDP Table to see the current v6 devices.
-
@stephenw10 yes, my laptop is in the ARP Table with it's IPv4 IP.
NDP Table doesn't show the IPv6 address that my laptop is showing under IP Config.