IPv6 not working on LAN

hutnik

Hello,
I've been playing with pfsense this week and love it and everything, but can't get IPv6 to work.

No matter what I set in DHCP6 client configuration in WAN interface configuration, this is what I get from my ISP (local fibre one) after router solicitation or regularly every minute.

pfsense succesfully gets public address on WAN, create IPv6 gateway, and everything is good here. I can ping facebook.com over IPv6 from WAN interface.

The problem in on the LAN side. pfsense does not get IPv6 address except fe80::1:1.
In the LAN interface settings, I tried this:

Track Inferface:
Interface: WAN
IPv6 Prefix ID: 0, e anything, doesnt make a difference.

RA starts coming from the pfsense to LAN, announcing only gateway (fe80::1:1), no subnet or prefix). Clients get that gateway, but no public address and nothing works (except pinging gateway fe80::1:1)
Static IPv6
IPv6 address: 2a01:5e0:14:200::1/64

LAN gets address and I can ping between WAN<->LAN side of pfsense. WAN can still access the world, but LAN can't. (I thing here is the problem)

After starting the RA and announcing 2a01:5e0:14:200::/64, clients get public IP and fe80::1:1 gateway
Clients can still ping the gateway on link-local address, but no WAN or LAN side public address of pfsense. (That's another problem I think)
–--------------
In firewall>rules>LAN I have "Default allow LAN IPv6 to any rule".
In firewall>rules>WAN I have a rule to allow ICMPv6 from any to any. (just to test, one remote testing site was able to ping WAN side of pfsense)

I've ran out of ideas what might be wrong and hope some of you might know what's going on or have some idea :-)

I've used HE tunnel on my previous router, but now I'd like to use this, since it's more "native" than tunnel :-)

hda

If you say you have native IPv6, then it is usually more than one /64 net.

Take the native prefix delegation (> /64) on the WAN and peel of a /64 static-with-other-subnet-value for your LAN.

gilberto667

For your problem you might try here. I think this might be helpful for you http://www.bestvpnproviders.net/provider/ipvanish-com/

hutnik

@hda:

If you say you have native IPv6, then it is usually more than one /64 net.

Take the native prefix delegation (> /64) on the WAN and peel of a /64 static-with-other-subnet-value for your LAN.

Thanks for answering, I quess you mean something like http://serverfault.com/a/714923?
I tried that, but got same results. WAN side can ping world, LAN still can't :-(

@gilberto667:

For your problem you might try here. I think this might be helpful for you http://www.bestvpnproviders.net/provider/ipvanish-com/

Looks like you don't understand my problem at all. I don't want VPN, I can use HE tunnel just fine.

hda

Yeah, one IPv6 /64 is immature crap for use with pfSense. Maybe doktornotor will tell you about the CZ reality.

But if your pfSense-WAN gets 2a01:5e0:14:200::1 (at least a /63), then your LAN-net could have that necessary other value for the :200: , Let's say the 2a01:5e0:14:201::1/64.

Do you have an ISP-Router in front that is not bridgeing to pfSense-WAN but supplying? Then pfSense-WAN has to ask that Router for IPv6 delegation…

johnpoz

not sure you expect pfsense to work if all you get is one /64..  Most likely your ISP ipv6 is not yet ready for primetime.. Just go back to HE tunnel - stable, WORKS and nobrainer to setup.  And you don't have to worry about your isp giving you a different prefix all the time, etc.

gilberto667

May be @ hutnik. However, thanks!