Ipv6 not working on comcast



  • I am pretty sure this is just because I set it up wrong but…

    On my computer under ipv6 connecitonity it says no network access(Windows 8 )


    Under System -> advanced networking, I have checked allow ipv6

    Under firewall rules, I made an ipv6 allowed rule. Source is LAN, destination is any, any protocal, any port.

    I was following this tutorial

    http://www.tiven.org/articles/networking/native-ipv6-networking-with-pfsense

    any ideas?


  • Banned

    Do NOT configure link-local IPs as static IPv6. Completely broken.



  • @doktornotor:

    Do NOT configure link-local IPs as static IPv6. Completely broken.

    Pardon my ignorance, but what is the right way to set it up?


  • Banned

    Depends on the WAN setup and your ISP. Probably something along the line of:

    • DHCPv6 on the WAN
    • prefix delegation size - 64
    • on LAN interface, for IPv6 select "Track Interface", set to interface "WAN"


  • Just tried that, but still no go.

    Under LAN:
    IPv6 Link Local fe80::1:1%re0

    shows up in status->interfaces

    I'm not sure if this is supported though.
    It says my CMTS is supposed at http://www.comcast6.net/
    but my modem isn't supported, I have the zoom5341. On comcast's approved modems, it's not approved for ipv6 and under the status section for ipv6 on my modem it's blanked out.

    I was just curious because under my WAN interface it shows an ipv6 address.


  • Banned

    Not familiar with Comcast and their modems at all.



  • The only way to get a IPv6 address from Comcast is to have a D.O.C.S.I.S 3 cable modem. I know that our gateways are dual stack however I have seen issues where if you are using IPv6 then the IPv4 will not work. I will have to check on it when I get to work today but I'm not sure if we are providing IPv6 service to the residential markets yet. You are correct our CMTSs are capable of IPv6. Seems to me you may want to put your interface to DHCP and see if you pull a address. PfSense treats interfaces that are DHCP enabled as WAN interfaces. I'm not a IPv6 engineer so the information that I provide is from my own research.

    Just as a disclaimer I am in no way speaking on behalf of Comcast. I am just a PfSense fan that happens to work at Comcast.



  • zoom 5341 is docsis 3.0 and supports ipv6, but Comcast doesn't seem to officially support it.

    I am just confused how I am getting an ipv6 address on my WAN interface in pfsense.


  • LAYER 8 Global Moderator

    I am comcast in the Chicago area…  And not sure if pfsense completely, or partly comcast.. But yeah the ipv6 native stuff is not very stable..  Sometimes you get an address, sometimes it goes away on renewal..  There is has been a long running thread about ipv6 issues here
    http://forum.pfsense.org/index.php/topic,59996.0.html

    If you want to help pfsense with ipv6 the report your issues for sure, maybe the above thread would be a good place?

    But yeah all you should need to do is

    • DHCPv6 on the WAN
    • prefix delegation size - 64
    • on LAN interface, for IPv6 select "Track Interface", set to interface "WAN"

    This use to work no issues, then it went all blooie..  Now what is odd, is if you fire up m0n0wall I got an ivp6 working bing bang zoom..  But I like pfsense better..  So for the time being until I have time to play more with it, if you want stable IPv6 -- I suggest get a tunnel from hurricane electric..  Not quite as fast as native (depends how close you are to pop)  But very stable, and your ipv6 address is not always changing.

    Even when ipv6 was working with pfsense - you reboot and you would have different lan segment.  Doesn't play nice when your wanting to use static ipv6 on the couple of boxes your playing with it on, etc.



  • that doesn't just happen to comcast I think, because I am seeing the same thing over here, I am in New Zealand and on a vDSL2 connection.
    and I did manage to get ipv6 on LAN interface working but ipv4 would be broken like Mike said in above post.

    I did this by tick "Request a IPv6 prefix/information through the IPv4 connectivity link" in WAN setting page -> Save -> untick "Request a IPv6 prefix/information through the IPv4 connectivity link" -> Save
    after that my LAN gets ipv6 address but pppoe or ipv4 will not work anymore no matter what I do and I will need to rollback everything to the old setting (working config backup file) to get it back up again, which means no more IPv6 and back to square one.



  • Okay I did some research and found some good information from www.comcast6.net I was correct in the fact that if you want to use IPv6 right now you will have to have a gateway; our telephony gateway which we in house call a "Dorey".

    Quoting from www.comcast6.net:

    IPv6 support launched for the Arris Touchstone Telephony Wireless Gateways
    Details
    Published on Sunday, August 04, 2013
    Comcast is pleased to announce that on on July 26th, 2013 we launched IPv6 support for two device models that are widely used by our customers, specifically the Arris Touchstone Telephony Wireless Gateway Modem TG852G (NCS) and the Arris Touchstone Telephony Wireless Gateway Modem TG862G (NCS).  Comcast's customers who live in areas where we have deployed support for IPv6 across our broadband network and that are using one of the devices above will seamlessly be enabled with dual stack support.  We have worked closely with the ARRIS Group, Inc. to develop the support for IPv6 that will be used by millions of Comcast customers nationwide.

    The only problem is who wants their PfSense router behind a NAT? I guess with IPv6 it wouldn't matter since there is no such thing as a private IP but a majority of the web is still IPv4 and you might have some issues with VPN and VoIP. If you turn IPv6 on PfSense today and you don't have one of these gateways you will likely get a link local address which will start with fe80: think about this like the same thing as a AAPIPA (Automatically Assigned Private IP Address) or in other words 169.254.X.X which will not allow you to surf the internet.

    Again I'm no IPv6 engineer so I'm talking from the point of view with no actual experience so take this part for what it's worth (Everything that I'm going to state is just book knowledge). To use IPv6 you will need:

    1. Operating system that can do IPv6 (Windows 7/8 +; FreeBSD not sure which versions; Linux not sure which version)
    2. Dual Stack (Meaning a IPv6 and IPv4 address on your machine)
    or
    3. Some type of IPv4 to IPv6 Tunnel Service or vise versa like Hurricane Electric

    I know that in Windows it will use IPv6 address before it will use IPv4 and if the site you are going to visit has a quad-A record for it, it will take you there no issues. If not then you will probably get a page can not be displayed. Or atleast I'm think this is what's happening. I have a Dorey here in my office so I will do some testing and report back to you all.


  • LAYER 8 Global Moderator

    That info is clearly not fully transparent from comcast..  I can tell you for a fact!  Since I am on comcast in chicago area that have had native ipv6 working on pfsense where I got a /64 on the lan via the instructions given above.

    It use to work with pfsense without any issues, then like I said it went a bit strange hit or miss, issues, etc.  Now a month? or so ago fired up m0n0wall, click bang zoom – got a /64 to use on my lan side..  And I do not have their gateway nonsense.  I have a simple Motorola SB6120 docsis 3 modem.

    I don't know who puts up the info on that site - but think it is lacking at best to be honest.



  • I think that's simply a misunderstanding of what that blurb is intended to say. From how i read it, all it says is that IPv6 support is now also available on these gateways. It's been working on my DOCSIS3 modem for a while now.



  • casoah, what does IPv6 address on your WAN look like?


  • LAYER 8 Global Moderator

    Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.

    What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices.  Is it only in certain markets, major?  Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.



  • Yes to be clear I'm not saying that if you don't have a gateway you will not get IPv6 support but if you have a Gateway you will get dual stack IPv4 and IPv6 in areas where available.

    Okay here are my findings:

    I hooked up a gateway and I did indeed pull a IPv4 and IPv6 address. I then tried to surf IPv6 only websites like ipv6.google.com and whatismyipv6.com (I think it will do IPv4 too) and both sites worked. I then tried to go to ipv6.google.com through my PfSense setup (which is not connected to the gateway currently) and the page timed out.

    When I when into the gateway my IPv6 prefix was 2001: on my computer my prefix was 2601:

    I then tried to go to some IPv4 sites and I had no issues. It seemed a little slow for the first page to load up but then going from page to page was no issue. The Gateway has 50 Mbps down/ 20 Mbps Up service.

    So I have confirmed that I am getting IPv4 and IPv6 Service out of the gateway. The next logical step is to connect it to the PfSense that I have here at my office to see if I can get it to pull an IP. I have a WAN2 that I use to use but currently have it disabled (Perfect).

    So I connected the "Dorey" to WAN2 enabled the interface and disabled IPv4 and Enabled DHCP6 on the WAN2 interface but  I only got a link Local (fe80:) address. I was using an old snapshot of the 2.1 RC from May I think so I updated it and now I'm stuck at the packages are currently being installed screen. However I'm not pulling an IP. I don't know what kind of NIC I'm using but I think it has Ralink chipset. The NIC shouldn't matter right? I will report back with more info as I get it.



  • @razzfazz:

    casoah, what does IPv6 address on your WAN look like?

    2001:558:6047:101:3d4d:16a:52c:510

    i changed a few numbers here and there



  • OK, that looks good (i.e., not 6to4 or something like that). Should have a prefix length of 128. As was pointed out earlier, the following configuration should give you a 2601::/64 prefix on the LAN side:

    • On the WAN interface page, set "IPv6 Configuration Type" to "DHCP6" and "DHCPv6 Prefix Delegation size" to 64.
    • On the LAN interface page, set "IPv6 Configuration Type" to "Track Interface," set "IPv6 Interface" to "WAN," and set "IPv6 Prefix ID" to "0"
    • I would also uncheck the "Block bogon networks" box on both the WAN and the LAN, as there have been issues with these being overly broad for IPv6 and blocking legitimate (and required) traffic.
    • After everything is set up, I'd go ahead and just restart the router to make sure everything comes up right.

    That configuration works for me, anyway.



  • Oh, hehe. It is actually working with the track interface. My desktop just was not getting an ipv6 address. I checked my laptop and ipv6 is working perfectly.

    I saw this http://www.techunboxed.com/2012/08/how-to-disable-ipv6-in-windows-8.html and for some reason my registry already had ipv6 disabled… weird



  • @johnpoz:

    Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.

    What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices.  Is it only in certain markets, major?  Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.

    Heres a list of Comcast Officially supported cable modems.  The next to last column has "IPv6" support check mark next to it. 
    http://mydeviceinfo.comcast.net/

    For the record.  I have comcast in virginia, usa using a Motorola SB6141.

    Comcast -> SB6141 -> Pfsense -> Smart Switch -> Glorious Home Gigabit Network



  • @CamelCase:

    @johnpoz:

    Good point razzfazz, the way I read the quote is they added those models - doesn't mean other models are not supported.

    What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices.  Is it only in certain markets, major?  Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.

    Heres a list of Comcast Officially supported cable modems.  The next to last column has "IPv6" support check mark next to it. 
    http://mydeviceinfo.comcast.net/

    For the record.  I have comcast in virginia, usa using a Motorola SB6141.

    Comcast -> SB6141 -> Pfsense -> Smart Switch -> Glorious Home Gigabit Network

    That list shouldn't be taken too seriously. My zoom5341 isn't supported under the ipv6 checkbox and it works perfectly.



  • @johnpoz:

    What would be nice a is clear post that says what regions of the country comcast has enabled native ipv6 and on what devices.  Is it only in certain markets, major?  Full transparency should should show you in an easy to read table or document if the area of the country your in as a comcast customer if you have ipv6 only for single device - they like to hand out those /128 addresses.. Or if you can get your /64 behind your router or not, etc.

    Want to know if Comcast has deployed IPv6 in your area?
    http://comcast6.net/index.php/8-ipv6-trial-news-and-information/108-want-to-know-if-comcast-ipv6-is-available

    Disregard the references to "IPv6 trial".



  • After a kernel panic, ipv6 stopped working for me.

    in my logs it says

    Aug 26 18:51:52 	radvd[35678]: version 1.9.1 started
    Aug 26 18:51:52 	radvd[35678]: IPv6 forwarding setting is: 0, should be 1
    Aug 26 18:51:52 	radvd[35678]: IPv6 forwarding seems to be disabled, but continuing anyway.
    Aug 26 18:51:57 	radvd[35936]: attempting to reread config file
    Aug 26 18:51:57 	radvd[35936]: resuming normal operation
    

    if I ssh into pfsense and do ping6 google.com it works fine

    however on my computers if I try to connect to an ivp6 address it just times out, even though I am assigned ipv6 ips.

    Nothing has changed in the firewall rules.

    For a release candidate this feels a bit buggy ;x

    Also if I disable ipv6 on the  LAN interface and under advanced ->allow ipv6 is unchecked

    computers still get an ivp6 address and under status ->interfaces LAN still has an ipv6 addresss

    Only way to get rid of it is with a reboot



  • I was able to get IPv6 to work on a Arris EMTA  TM822G following the instructions by razzfazz. I just wanted to share some things that I have learned trying to wrap my head around this IPv6. If you connect your computer to a a Docsis 3 modem that supports IPv6 and it's available in your area you will get an IP with a /128 netmask however if you connect it to a router that supports prefix Designation then your WAN IP will be /128 and your LAN IP will be /64. If you have multiple subnets then your router will need to support IA_PD which is Identity Association for Prefix Designation which Comcast will allow you to have up to a /60 which would give you 32 subnets by my count (5 bits) according to this site http://forums.comcast.com/t5/Home-Networking-Router-WiFi/ipv6-64/td-p/1780034. which should make the IA_PD (which PfSense calls IPv6 Prefix ID) go from 0 - 1f but PfSense has it from 0-f which would indicate only 16 subnets. (If you only see 0-0 its because your prefix is 64 if you lower it your values will change) Have I counted wrong? I am currently testing IPv6 on multiple subnets and I will report back on my findings tomorrow, as of yet it is not working.

    I hope I have cleared somethings up for anyone that was confused like me. Not really sure how I feel about having all my devices having public IPs but I'm glad I have PfSense protecting me. Also something that I have noticed is that I'm missing /61 in my prefix drop down on WAN Interface. I am currently using 2.1-RC1 (amd64) built on Mon Aug 26 01:13:05 EDT 2013.

    On a side note I had installed tinc but never used it so I uninstalled it but it stilled remained on the menu. IPv6 didn't start working until I installed that package back. I do not have it enabled and not really sure why it would have affected IPv6. Could have been coincidental but just wanted to put that information out there.



  • /60 is only 16 /64 subnets:
    /64 = 1 /64 subnet
    /63 = 2 /64 subnets
    /62 = 4 /64 subnets
    /61 = 8 /64 subnets
    /60 = 16 /64 subnets



  • Correct I'm borrowing 4 bits from the /64 which would only be 16 subnets (It was late last night when I was working on this). I am still missing the /61 subnet under WAN is anyone else seeing this? Is this by design? Also I have not been able to an IPv6 address working on more than one interface. Right now I am only trying to get a IPv6 working on my LAN and WiFi subnets but when I change the WAN PD to /63 and set the LAN prefix to 1 and the WiFi prefix to 0 I can not pull a IP on those interfaces. Has anyone else tried to get IPv6 working on more than one interface. Not sure if the problem is on the PfSense side or my ISP's side. I'm running 2.1-RC1 (amd64) built on Mon Aug 26 16:50:31 EDT 2013 FreeBSD 8.3-RELEASE-p10


  • Banned

    @mikeisfly:

    Has anyone else tried to get IPv6 working on more than one interface.

    Works just fine, though never tried with any similar weird subnets… /48 on WAN, /64 on LAN, WLAN etc.



  • Just checked with Engineering at Comcast and IA_PD is not supported in the NJ Philadelphia area yet. :'(  They hope to bring the larger prefixes in the up coming months. I will update everyone when I find out more. (I guess this only effects you if you have Comcast and live in the NJ / Eastern PA area).



  • @doktornotor:

    Works just fine, though never tried with any similar weird subnets… /48 on WAN, /64 on LAN, WLAN etc.

    With Comcast?



  • They had rolled out support for /60 prefixes a while back, then apparently ran into issues with some CMTSs and removed that support again, supposedly to be re-enabled after some testing. That is the last I've been able to find online about this, so I was assuming the testing was still ongoing and /64 is still all we get for now.


  • Banned

    @razzfazz:

    @doktornotor:

    Works just fine, though never tried with any similar weird subnets… /48 on WAN, /64 on LAN, WLAN etc.

    With Comcast?

    No, no Comcast… As suggested above, ISP issue most likely, nothing to do with pfsense.



  • It looks like Comcast has support for /60 most areas except for two major one which I can't tell you what they are. Philadelphia / Eastern PA and New Jersey is one major area and not sure what the other is. You can follow http://forums.comcast.com/t5/Home-Networking-Router-WiFi/IPv6-prefix-size-and-home-routing/td-p/1495933 There is a engineer there if you post on the main forum he may be able to help you out if you want to see if there is support in your area. He/she is very quick with their responses.



  • I finally managed to get a /60 delegated from Comcast and delegate parts of it to different subnets. Out of the box, this currently does not work, as Comcast will delegate a /64 by default unless a shorter prefix is explicitly requested via a prefix hint, and pfSense currently does not send such a hint.

    I've added a switch to enable such hints; see pull request 792.



  • razzfazz what area of the Country do you live? I'm in the Northeast (Philly,NJ,NY). I would like to keep track of which areas are working for others who might be having issues.

    Thanks,



  • SF Bay Area.



  • Also, pull request has been accepted, so the switch should turn up in the next snapshot.


Log in to reply