4. Setup IPv6 dual stack with ISP Deutsche Telekom

Setup IPv6 dual stack with ISP Deutsche Telekom


  • Hi Everybody,

    today I tried to get IPv6 to work. I have a working IPv4 setup. My pfSense is connected to a DSL Modem and connects via PPPoE.

    Additionally to IPv4 my ISP (Deutsche Telekom) assigns an IPv6 /64 prefix via Router Advertisement (RA). As far as I found out the router should also get an additional /56 prefix which is meant for assigment to clients for example via DHCPv6. Both these prefixes are assigned dynamically and can change. So these cannot be configured statically.

    Unfortunately the pfSense documentation on IPv6 is rather sparse yet. I hope I can get some help here.

    What I did:

    • System: Advanced: Networking / Allow IPv6: checked and IPv6 over IPv4 Tunneling: unchecked

    • IPv6 is allowed in the firewall.

    • Interfaces: WAN / IPv6 Configuration Type / selected "SLAAC"

    • Interfaces: LAN/ IPv6 Configuration Type / set to "Track Interface". In the dropdown for "IPv6 interface" further down in this page I can only select a checkmark, not a specific interface. The "IPv6 prefix ID" was set to 0. (Under the field it says: "Enter a hexadecimal value between 0 and 0 here, default value is 0.")

    • I enabled IPv6 on my Mac. I set this to automatic.

    I expected that my pfSense would get an IPv6 prefix by my ISP and would then assign an IPv6 address to itself. Next I expected that my Mac would get an IPv6 address possibly with the same /64 prefix as my pfSense with whatever Mac OS X would select as 64-bit-remainder.

    This happened:

    • My pfSense got an IPv6 address as expected. So using SLAAC seems to be the right choice.

    • However my pfSense did not get an IPv4 address anymore! I have no clue why this happened.

    • My Mac did not get an IPv6 address (even after disabling and reenabling the interface on the Mac). This means that I actually lost my internet connectivity.

    My Questions:

    • What should I do so my pfSense gets both IPv4 and IPv6 connectivity?

    • Can anybody explain to me how pfSense handles IPv6 in detail. Does it make Router Advertisements to clients in the LAN? Does it run a DHCPv6 server? Does it at all get another prefix from the ISP for clients (see above)

    0
  • C

    try this
    Interfaces: WAN / IPv6 Configuration Type / selected "DHCP6"
    Under DHCP6 client configuration
    DHCPv6 Prefix Delegation size  Select 64 or 56 (If you plan to have different LANs then select 56… If you're only going to have to 1 LAN then 64)
    Check Send IPv6 prefix hint checkbox

    Your LAN config sounds correct. Once all your settings are saved, reboot your router. Once it is up... restart your Mac's interface or reboot it

    0

  • Thank you Cino,

    I followed your suggestions but this was not successful yet. pfSense gets an IPv4 address as before but there is no IPv6 address (just a link local address which it already had before so no difference).

    How can I debug this?

    I read an article (http://www.ericamberg.de/wie-die-telekom-ihren-dual-stack-anschluss-betreiben-wird/ in German only).

    It says the customer's router (CPE, Customer Premise Equipment) must send router solicitation messages and will receive router advertisements in return. This contains the /64 prefix for the router's own global unicast address.

    Further the router gets another /56 prefix via Prefix Delegation which apparently is part of DHCPv6.

    According to the article all of this happens as part of a dual stack PPPoE session.

    Because of the router advertisements I chose SLAAC at first. at least this results in an IPv6 global unicast address (but as I said without IPv4 address).

    0
  • E

    Hello!

    Any new solution for the dual stack of "Deutsche Telekom"?

    Running pfsense 2.1.5 - as far as I can tell, the WAN interface got an IPv6 address (not a link local address) but It does not reach the LAN.

    Someone out there that knows how to get this going.

    Bye,
    eweri

    0
  • H

    @eweri:

    Someone out there that knows how to get this going.

    Experiment. Try this:

    Put the pfSensebox WAN PPPoE directly on the public(Telekom) outside interface of your house. So no CPE box in between (i.e. a Speedport W724V)

    For IPv6 do DHCP6 (PD) and request the /56 (not /64). Set LAN(s) Tracking Interface.

    0
  • M

    This is working for me: https://moerbst.wordpress.com/2016/07/31/ipv6mit-pfsense-an-dsl-der-telekom/ It's in german language but with screenshots for every step, so it should be no problem :-)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy