Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup IPv6 dual stack with ISP Deutsche Telekom

    Scheduled Pinned Locked Moved IPv6
    6 Posts 5 Posters 10.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -flo- 0-
      -flo- 0
      last edited by

      Hi Everybody,

      today I tried to get IPv6 to work. I have a working IPv4 setup. My pfSense is connected to a DSL Modem and connects via PPPoE.

      Additionally to IPv4 my ISP (Deutsche Telekom) assigns an IPv6 /64 prefix via Router Advertisement (RA). As far as I found out the router should also get an additional /56 prefix which is meant for assigment to clients for example via DHCPv6. Both these prefixes are assigned dynamically and can change. So these cannot be configured statically.

      Unfortunately the pfSense documentation on IPv6 is rather sparse yet. I hope I can get some help here.

      What I did:

      • System: Advanced: Networking / Allow IPv6: checked and IPv6 over IPv4 Tunneling: unchecked

      • IPv6 is allowed in the firewall.

      • Interfaces: WAN / IPv6 Configuration Type / selected "SLAAC"

      • Interfaces: LAN/ IPv6 Configuration Type / set to "Track Interface". In the dropdown for "IPv6 interface" further down in this page I can only select a checkmark, not a specific interface. The "IPv6 prefix ID" was set to 0. (Under the field it says: "Enter a hexadecimal value between 0 and 0 here, default value is 0.")

      • I enabled IPv6 on my Mac. I set this to automatic.

      I expected that my pfSense would get an IPv6 prefix by my ISP and would then assign an IPv6 address to itself. Next I expected that my Mac would get an IPv6 address possibly with the same /64 prefix as my pfSense with whatever Mac OS X would select as 64-bit-remainder.

      This happened:

      • My pfSense got an IPv6 address as expected. So using SLAAC seems to be the right choice.

      • However my pfSense did not get an IPv4 address anymore! I have no clue why this happened.

      • My Mac did not get an IPv6 address (even after disabling and reenabling the interface on the Mac). This means that I actually lost my internet connectivity.

      My Questions:

      • What should I do so my pfSense gets both IPv4 and IPv6 connectivity?

      • Can anybody explain to me how pfSense handles IPv6 in detail. Does it make Router Advertisements to clients in the LAN? Does it run a DHCPv6 server? Does it at all get another prefix from the ISP for clients (see above)

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        try this
        Interfaces: WAN / IPv6 Configuration Type / selected "DHCP6"
        Under DHCP6 client configuration
        DHCPv6 Prefix Delegation size  Select 64 or 56 (If you plan to have different LANs then select 56… If you're only going to have to 1 LAN then 64)
        Check Send IPv6 prefix hint checkbox

        Your LAN config sounds correct. Once all your settings are saved, reboot your router. Once it is up... restart your Mac's interface or reboot it

        1 Reply Last reply Reply Quote 0
        • -flo- 0-
          -flo- 0
          last edited by

          Thank you Cino,

          I followed your suggestions but this was not successful yet. pfSense gets an IPv4 address as before but there is no IPv6 address (just a link local address which it already had before so no difference).

          How can I debug this?

          I read an article (http://www.ericamberg.de/wie-die-telekom-ihren-dual-stack-anschluss-betreiben-wird/ in German only).

          It says the customer's router (CPE, Customer Premise Equipment) must send router solicitation messages and will receive router advertisements in return. This contains the /64 prefix for the router's own global unicast address.

          Further the router gets another /56 prefix via Prefix Delegation which apparently is part of DHCPv6.

          According to the article all of this happens as part of a dual stack PPPoE session.

          Because of the router advertisements I chose SLAAC at first. at least this results in an IPv6 global unicast address (but as I said without IPv4 address).

          1 Reply Last reply Reply Quote 0
          • E
            eweri
            last edited by

            Hello!

            Any new solution for the dual stack of "Deutsche Telekom"?

            Running pfsense 2.1.5 - as far as I can tell, the WAN interface got an IPv6 address (not a link local address) but It does not reach the LAN.

            Someone out there that knows how to get this going.

            Bye,
            eweri

            1 Reply Last reply Reply Quote 0
            • H
              hda
              last edited by

              @eweri:

              Someone out there that knows how to get this going.

              Experiment. Try this:

              Put the pfSensebox WAN PPPoE directly on the public(Telekom) outside interface of your house. So no CPE box in between (i.e. a Speedport W724V)

              For IPv6 do DHCP6 (PD) and request the /56 (not /64). Set LAN(s) Tracking Interface.

              1 Reply Last reply Reply Quote 0
              • M
                mkirbst
                last edited by

                This is working for me: https://moerbst.wordpress.com/2016/07/31/ipv6mit-pfsense-an-dsl-der-telekom/ It's in german language but with screenshots for every step, so it should be no problem :-)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.