Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 not working on LAN

    Scheduled Pinned Locked Moved IPv6
    7 Posts 4 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hutnik
      last edited by

      Hello,
      I've been playing with pfsense this week and love it and everything, but can't get IPv6 to work.

      No matter what I set in DHCP6 client configuration in WAN interface configuration, this is what I get from my ISP (local fibre one) after router solicitation or regularly every minute.

      pfsense succesfully gets public address on WAN, create IPv6 gateway, and everything is good here. I can ping facebook.com over IPv6 from WAN interface.

      The problem in on the LAN side. pfsense does not get IPv6 address except fe80::1:1.
      In the LAN interface settings, I tried this:

      Track Inferface:
      Interface: WAN
      IPv6 Prefix ID: 0, e anything, doesnt make a difference.

      RA starts coming from the pfsense to LAN, announcing only gateway (fe80::1:1), no subnet or prefix). Clients get that gateway, but no public address and nothing works (except pinging gateway fe80::1:1)
      Static IPv6
      IPv6 address: 2a01:5e0:14:200::1/64

      LAN gets address and I can ping between WAN<->LAN side of pfsense. WAN can still access the world, but LAN can't. (I thing here is the problem)

      After starting the RA and announcing 2a01:5e0:14:200::/64, clients get public IP and fe80::1:1 gateway
      Clients can still ping the gateway on link-local address, but no WAN or LAN side public address of pfsense. (That's another problem I think)
      –--------------
      In firewall>rules>LAN I have "Default allow LAN IPv6 to any rule".
      In firewall>rules>WAN I have a rule to allow ICMPv6 from any to any. (just to test, one remote testing site was able to ping WAN side of pfsense)

      I've ran out of ideas what might be wrong and hope some of you might know what's going on or have some idea :-)

      I've used HE tunnel on my previous router, but now I'd like to use this, since it's more "native" than tunnel :-)

      1 Reply Last reply Reply Quote 0
      • H
        hda
        last edited by

        If you say you have native IPv6, then it is usually more than one /64 net.

        Take the native prefix delegation (> /64) on the WAN and peel of a /64 static-with-other-subnet-value for your LAN.

        1 Reply Last reply Reply Quote 0
        • G
          gilberto667
          last edited by

          For your problem you might try here. I think this might be helpful for you http://www.bestvpnproviders.net/provider/ipvanish-com/

          1 Reply Last reply Reply Quote 0
          • H
            hutnik
            last edited by

            @hda:

            If you say you have native IPv6, then it is usually more than one /64 net.

            Take the native prefix delegation (> /64) on the WAN and peel of a /64 static-with-other-subnet-value for your LAN.

            Thanks for answering, I quess you mean something like http://serverfault.com/a/714923?
            I tried that, but got same results. WAN side can ping world, LAN still can't :-(

            @gilberto667:

            For your problem you might try here. I think this might be helpful for you http://www.bestvpnproviders.net/provider/ipvanish-com/

            Looks like you don't understand my problem at all. I don't want VPN, I can use HE tunnel just fine.

            1 Reply Last reply Reply Quote 0
            • H
              hda
              last edited by

              Yeah, one IPv6 /64 is immature crap for use with pfSense. Maybe doktornotor will tell you about the CZ reality.

              But if your pfSense-WAN gets 2a01:5e0:14:200::1 (at least a /63), then your LAN-net could have that necessary other value for the :200: , Let's say the 2a01:5e0:14:201::1/64.

              Do you have an ISP-Router in front that is not bridgeing to pfSense-WAN but supplying? Then pfSense-WAN has to ask that Router for IPv6 delegation…

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                not sure you expect pfsense to work if all you get is one /64..  Most likely your ISP ipv6 is not yet ready for primetime.. Just go back to HE tunnel - stable, WORKS and nobrainer to setup.  And you don't have to worry about your isp giving you a different prefix all the time, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • G
                  gilberto667
                  last edited by

                  May be @ hutnik. However, thanks!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.