PfSense LAN with /48 prefix and home routers

  • Hi

    I have a problem with a home router (D-Link DIR-860L firmware 1.05) that is connected to my pfSense 2.1 router.
    My pfSense router offers a /48 prefix for its LAN with native IPv6.
    I have set up a "managed" (Router Advertisement) network with DHCPv6 and DHCP-PD.
    Normal computers get IPv6 and passes with 10/10.
    The home router however does not seem to like a WAN side with /48 prefix. The home router does not allow its client computers to get outside of its LAN (Only a problem with IPv6). The home router gets however all necessary info provided through DHCP-PD and router advertisements and also provides this info on to its clients.

    When we made a test putting the home router directly on my pfSenses WAN side (meaning temporarily removing Internet access to pfSense) then IPv6 worked. However that WAN side is having a /64 prefix.

    Has anyone had a similar problem or knows how to deal with it?

    Is it a (normal) problem when splitting up a /48 network into /64 subnets regarding home routers?
    Are IPv6 "ready" home routers normally able to figure out such a configuration?
    Should some extra routes be set up or something else?

    Besides that I have also a question about when should "Services - Router Advertisements - RA Subnet(s)" be used?

    I do have the physical paper edition of "pfSense - The definitive guide", but while I wait for the new edition to come out (so I can go buy it) I hope someone have a clue what I might could/should do to get it working if it is not a flaw in the home router.

  • To answer some of my own questions.

    Till now I have not been able to use DHCP-PD on the LAN side of pfSense. Well the client routers (CPEs) get the info but I do not know if the DHCP-PD service of pfSense actually works in creating some dynamic routes, but right now I have kind of given up on trying.
    If any of you know how to utilize DHCP-PD correctly as well as "Services - Router Advertisements - RA Subnet(s)" (from Services - DHCPv6/RA - Router Advertisements) then I will be thrilled to hear about it! :-)

    But in my pursuit in getting the D-LINK DIR-860L to work I have this to report:
    A) I have changed the LAN from a /48 to a /64 network.
    B) I have created an alias for a /56 network (a subnet of the /48 network).
    C) I have created a firewall rule, so that the /56 network can gain access from the LAN of pfSense and out in the world
    as well as a firewall rule on the WAN so traffic can get into that network.
    D) Then I have made a route from the LAN of the pfSense router and onto the /56 network. I have used "System - Routing - Routes".
    E) And then I statically configure the d-link router (meaning no use pfSenses DHCPv6/DHCP-PD).

    You can see me write about it here in some posts:

    So the d-link router works. I have however one outstanding issue:
    That is the d-link router can only gain access to the world (=Internet) and not the LAN of pfSense, which is kind of annoying, because it is then unable to access local services like other servers or computers through IPv6.

    Does anyone of you have some suggestions about how to fix that without using more routers, NICs or VLANs?
    And do you have an idea if the culprit is pfSense, the d-link router or me? ;-)

Log in to reply