PFSense behind Fiberrouter with IPv6

A Former User

Hi there,

my pfsense is hooked behind my Fiberrouter and gets a IP4 and IP6 adress from it.

Fiberrouter:
WAN:
IP Address 100.64.128.2
Netmask 255.255.0.0
Gateway 100.64.0.1
DNS Server 1 127.0.0.1
DNS Server 2 185.22.44.50
DNS Server 3 185.22.45.50
IPv6 Address 2a00:XXXX:XXXX:200::1/64
IPv6 Address ::100.64.128.2/128

LAN:
IP Address 192.168.1.254
Netmask 255.255.255.0
IPv6 Address 2a00:XXXX:XXXX:201:XXX:94ff:XXXX:1421/64
IPv6 Address fe80::XXX:94ff:XXXX:1421/64

Setup of PFSense:
WAN
DHCP & DHCP6
Nothing else checked

LAN
static IP4
Track Interface
IPv6 Interface: Wan
IPv6 Prefix ID: 0

vlan_999=WAN
vlan_10=LAN

$ ifconfig
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:e0:c5:33:4f:3d
	inet6 fe80::2e0:c5ff:fe33:4f3d%re0 prefixlen 64 scopeid 0x1 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
enc0: flags=0<> metric 0 mtu 1536
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33144
re0_vlan999: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=3 <rxcsum,txcsum>ether 00:e0:c5:33:4f:3d
	inet 192.168.1.245 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::2e0:XXXX:fe33:4f3d%re0_vlan999 prefixlen 64 scopeid 0x6 
	inet6 2a00:XXXX:XXXX:201:2e0:XXXX:fe33:4f3d prefixlen 64 autoconf 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 999 vlanpcp: 0 parent interface: re0
re0_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=3 <rxcsum,txcsum>ether 00:e0:c5:33:4f:3d
	inet 10.0.0.9 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::1:1%re0_vlan10 prefixlen 64 scopeid 0x7 
	nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 10 vlanpcp: 0 parent interface: re0</full-duplex></performnud></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

On my windows 8.1 Client i get the following IPConfig

Ethernet-Adapter Ethernet:
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2a00:XXXX:XXXX:201:XXXX:907e:XXXX:b134(Bevorzugt) 
   IPv6-Adresse. . . . . . . . . . . : fd00::68bb:907e:XXXX:b134(Bevorzugt) 
   Tempor„re IPv6-Adresse. . . . . . : 2a00:XXXX:XXXX:201:XXXX:3f82:XXXX:9905(Bevorzugt) 
   Tempor„re IPv6-Adresse. . . . . . : fd00::4c88:3f82:2fc9:9905(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::68bb:907e:3f38:b134%3(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 10.0.0.201(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Montag, 9\. Juni 2014 18:10:26
   Lease l„uft ab. . . . . . . . . . : Montag, 9\. Juni 2014 20:10:25
   Standardgateway . . . . . . . . . : fe80::XXX:94ff:XXXX:1421%3
                                       fe80::1:1%3
                                       10.0.0.9
   DHCP-Server . . . . . . . . . . . : 10.0.0.9
   DHCPv6-IAID . . . . . . . . . . . : 65860795
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1A-F2-9F-46-EC-F4-BB-2B-1D-1D
   DNS-Server  . . . . . . . . . . . : 10.0.0.9
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

so the client gets fe80::1:1 as Gateway, which I can ping from my client.
But a ping or a tracert to an IPV6 Adress does not work. test-ipv6.com also fails.

Due to my lack of IPV6 knowlegde i am not even sure if this might work at all.

Any help appreciated.

THX
  Chaos

Cybdex

More or less exactly the same problem i have. Any solutions for you?

I see this is posted a few days ago.. And would be nice to figure this out :)

C

PS. If i connect my Windows computer directly to the fibre modem, i get ipv6 address and can use it without problems, so i know that it works.

Cybdex

If i set the WAN interface to DHCP6 and delegation size to 48 (according to my ISP), and LAN interface to "Track Interface:WAN", my WAN gets a address like this:

IPv6 Link Local 	fe80::202:1eff:fef2:8981%xl0  
IPv6 address 	2001:4610:a:b::xxx  
Subnet mask IPv6 	128
Gateway IPv6 	fe80::2a0:a50f:fc7a:8b00 

And my LAN gets:

IPv6 Link Local 	fe80::1:1%bge0  
IPv6 address 	2001:4641:7766:0:21a:a0ff:xxxx:xxxx  
Subnet mask IPv6 	64 

And internal clients also gets a IPV6 address..

However, im unable to ping anything related to IPV6.

ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:4641:7766::34cf:6c49:85df:9bb8 --> 2a00:1450:400f:803::1001
^C
--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Ive added a WAN firewall rule to allow IPV6 UDP Source Port:547 Destination Port: 546. I also added WAN rule to allow IPV6 ICMP.

What am i doing wrong? :)

C