IPv6 not working on LAN - Comcast tele-worker



  • I recently upgraded my old Dell PC running PFsense to 2.2-RELEASE (amd64)
    Ran into some trouble when setting up a new wi-fi access point and chose Reset to Factory Defaults from the console.
    Now I am unable to get IPv6 back up and running properly.
    I saw the recent bug report about disabling "Block Bogon Networks" https://redmine.pfsense.org/issues/3395 and this enabled me to get an IPv6 address on the WAN and on the LAN. I can ping ipv6.google.com and Comcast DNS from the PfSense box itself, but none of my Mac OS X clients on the LAN are even picking up an IPv6 address. Been working on this all day and come across many suggestions but none of them seemed to work:
    https://forum.pfsense.org/index.php?topic=87623.0, https://forum.pfsense.org/index.php?topic=75795.0, https://forum.pfsense.org/index.php?topic=78808.0, https://forum.pfsense.org/index.php?topic=88646.0, http://www.reddit.com/r/PFSENSE/comments/2unjvv/comcast_22_cannot_get_an_ipv6_dhcp_address/
    Perhaps these screenshots will help


    Any assistance or tips would be greatly appreciated. I have Comcast business class (tele-worker) and a Motorola SB6121 modem.



  • Perhaps this is useful info. Just noticed these messages from radvd[91102]: in Status: System logs: Routing

     version 1.9.1 started
     IPv6 forwarding setting is: 0, should be 1
     IPv6 forwarding seems to be disabled, but continuing anyway.
     no auto-selected prefix on interface em0, disabling advertisements
     sendmsg: Can't assign requested address
     attempting to reread config file
     prefix length should be 64 for em0
     resuming normal operation
    


  • Seems like I heard something about blocking bogons causing an issue with ipv6 on on some ISPs.



  • Thanks for your reply. That was one of the first things I ran across (on Reddit of all places) and it DID help me get pfSense to acquire IPv6 addresses. However none of my machines on the LAN are getting any IPv6 info.



  • First question… are you using a Comcast gateway (modem + router in one unit), or do you have a modem-only device connected to pfSense? This can have a significant impact on what the next step might be.



  • I have a self purchased Motorola SB6121 cable modem and an old Dell PC with two ethernet NICs. I'm just trying to get ethernet connected Macs on my LAN to acquire IPv6 addresses.



  • Sounds good… in your WAN settings, check the box Send IPV6 prefix hint. That way Comcast's DHCP server will not only send an IP address for the WAN interface, it will also send a prefix to use for your LAN.

    You might need to release/renew your WAN interface after making that change. If all goes well, you should see both IPv4 and IPv6 addresses for both WAN and LAN on the pfSense dashboard (assuming you have the Interfaces widget on your dashboard).



  • I've got IPv4 and IPv6 addresses on both LAN & WAN on my pfSense box.

    Seems like when I had Send IPv6 prefix hint checked I wasn't getting them.



  • Here's the output of ifconfig from my pfSense machine

    em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:23:ae:9c:e1:2d
    	inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255 
    	inet6 2601:4:700:4400:223:aeff:fe9c:e12d prefixlen 56 
    	inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:02:b3:1d:9c:16
    	inet6 fe80::202:b3ff:fe1d:9c16%fxp0 prefixlen 64 scopeid 0x2 
    	inet 68.43.182.xxx netmask 0xfffffc00 broadcast 255.255.255.255 
    	inet6 2001:558:6007:14:d07:2769:ac33:ec31 prefixlen 128 
    	nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
    	status: active</full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast>
    


  • For teleworker and I think any business class Internet from comcast, you have to set the DHCPv6 Prefix Delegation size to 56 and check the Send IPv6 prefix hint box. You may need to power cycle things to get it all working again.



  • Follow exactly.  Don't get creative and don't try the /56 option first.

    Get it working this way then save your config.

    After it works and you have saved your setup, play with the subnet ranges all you like.

    http://theosquest.com/2014/08/28/ipv6-with-comcast-and-pfsense/

    I erroneously typed this in the incorrect thread earlier.



  • @racecarr:

    Here's the output of ifconfig from my pfSense machine

    That ifconfig output looks good to me. Make sure you have a firewall rule on LAN to allow IPv6 traffic. Also make sure on your Macs that IPv6 is set to automatic (not manual or link-local only)… not sure what else to recommend if it's still not working after that.



  • That ifconfig output does not look good. Having a prefixlen of 56 on a LAN will break every SLAAC device out there because RADVD will advertise a /56. RADVD can become confused, as in your case, because there is a mismatch between what comcast is offering and what DHCPv6 Prefix Delegation size has been set to. You must set DHCPv6 Prefix Delegation size to 56 to match what comcast provides. This in turn will cause RADVD to offer a /64 to LAN.

    If you check /etc/var/radvd.conf and the prefix line is anything other than /64 at the end, LAN connectivity will not work for IPv6. I already went through this a while back: https://forum.pfsense.org/index.php?topic=83524.0

    The link provided by kejianshi even mentions the possible need for setting it to 56.


Log in to reply