How To: Setup IPv6 with Comcast - Full Internet connectivity
-
Sounds like you're only getting the stateless autoconfig (SLAAC) addresses for the pfSense WAN. If you want IPv6 connectivity for your LAN you'll also need a routed /64 prefix from your ISP that is a distinct subnet from this 2601:AAAA:BBBB:CCCC::/64 subnet that is now on the WAN side of your pfSense system. You then use addresses from the routed /64 prefix on your LAN.
-
He was saying that he has a 2601:: address on the LAN side (both pfSense and devices), so clearly address assignment works.
-
My WAN shows an address beginning with 2001:, my LAN and devices show addresses beginning with 2601:, and I have DNS servers of 2001:558:feed::1 and 2001:558:feed::2. From my laptop, an ifconfig en1 | grep inet6 yields the following:
inet6 2601:AAAA:BBBB:CCCC:XXXX:XXXX:XXXX:XXXX prefixlen 64 autoconf
inet6 2601:AAAA:BBBB:CCCC:YYYY:YYYY:YYYY:YYYY prefixlen 64 autoconf temporary
(in addition to the link-local address) where the "AAAA:BBBB:CCCC" parts are the same across the two (but not those literal hexadecimal digits) and the rest differs between them.All of that looks correct. What do your LAN clients show as gateway? (Should be fe80::1:1 on the respective interface.) Anything in the firewall logs on the pfSense box?
-
Ok I re-read the question and it should work with those addresses. However, how are your LAN rules for IPv6 traffic?
-
The only block activity I'm seeing w/r/t IPv6 is the following:
WLANINT / [fe80::5e96:9dff:fe95:8781]:5353 / [ff02::fb]:5353 / UDP
which appears to be multicast DNS, and this is right after attempting a ping6. Of note, that does seem to be my laptop's link-local IPv6 address, but I'm not seeing any other IPv6 traffic getting blocked.
As far as rules go, I have a "IPv6 from WLANINT to any" rule set up; do I need anything beyond this?
-
For IPv6 connectivity with Comcast DHCP-PD, this no need to add any rules whatsoever. It will work "out of the box".
You do NOT need that udp 546/547 rule. (see: https://forum.pfsense.org/index.php?topic=75795.msg413493#msg413493 )
I would recommend getting ride of that rule and any other IPv6 rule you have configured and get back to a basic "plain vanilla" configuration.
 -
Okay, I don't know if removing the UDP 546/547 rule fixed it, or if the problem is specifically with my wireless interface and/or Macbook; right now I'm at work and tunneled into my home network, and my Windows desktop (which is on a wired connection) has full IPv6 connectivity. I will report back tonight when I get home with more results. Specifically, I'll test with my Macbook on wireless, then on wired, and see if I get different results.
If it matters, my pfSense box has an Atheros ar9280 wireless card in it.
-
It looks like my Macbook has full IPv6 connectivity now :)
I've also changed my "DHCPv6 Prefix Delegation size" on the WAN interface to a /60 and enabled "Send IPv6 prefix hint", and set each of my three internal networks to a separate "IPv6 Prefix ID". Now my private WiFi systems are getting IPv6 addresses in one /64, LAN systems are getting IPv6 addresses in another, and my public WiFi systems are getting IPv6 addresses in a third.
Thanks!
-
This post is deleted! -
This post is deleted! -
This post is deleted! -
This post is deleted!
