IPv6 working on LAN, but not off-site..
I've been banging my head against the wall for several days now, trying to get IPv6 working. Hope someone can assist me.
First of all, I'm a Telenor customer, using a Zyxel P8702N ADSL router. As a start, I enabled IPv6 on the router and it worked as expected. However, I want to enable bridge mode on the router to avoid nasty IPv4 double NAT'ing. So I enabled bridge mode and set up pfSense to use IPv6.
- IPv6 Configuration Type: DHCP6
- DHCPv6 Prefix Delegation Size: 48
The WAN interface is assigned an IPv6 address and /48 prefix is delegated. I've also set up RA to advertise a /64 subnet on the LAN. Everything looks correct, all clients gets an IPv6 address and I can communicate over IPv6 between the clients. However, I'm not able to communicate to external hosts. Trying to ping6 an external host from pfSense doesn't seem to work either. The only host I seem to be able to ping is the default GW (link local address: fe80::2a0:a50f:fc70:d002). ping time is about 25ms, which is about what I expect for external pings.
I thought it could be firewall related so I opened the firewall completely for IPv6, but that didn't make any difference.
I've tried to compare the settings/status between the Zyxel router running as router with the settings/status in pfSense when running the Zyxel router as bridge. The only thing I found that might cause this is the fact that the WAN ip prefix size is different. On the Zyxel router the prefix size was /64, while pfSense claims it's /128. I got a slightly different IPv6 address on the Zyxel router compared to the address I got in pfSense, but they are both within the same /64 range. I don't remember seeing anything related to this during setup, so I assume this is something pfSense set.
I really need some assistance here. A solution, a hint on what to do for further debugging.. Anything.. I can provide logs if I know what you need.
System: Advanced: Networking
Attached screenshots of the items you asked for.
EDIT: I was looking around this forum when I read this post: https://forum.pfsense.org/index.php?topic=104540.msg585668#msg585668
This guy, which also is a Telenor customer, tells that he gets issues when requesting an IPv6 address for the WAN interface. So I ticked off "Interfaces:WAN->Request only a IPv6 Prefix" and suddenly IPv6 starts working both from pfSense and also for the clients on the LAN.
Thanks anyway for looking into this.
(I removed the attachments as they are not useful for future reference and they contained too many IPv6 addresses)
OK. The idea is you want to get the /48 as a prefix delegated, so ask for it in Interfaces-WAN.
Then you should pick prefix & subnet number for LAN , which is within your /48 (as a /64 LAN).
Yes, so I request a /48 prefix, which I can delegate to my subnets as /64 subnets. This is working as expected.
I edited my second post, as I found the solution. (It usually does when I start asking for help.. :P ).
Great ! no less than 65,535 LAN's ;). Basically you don't need a WAN public address because you do not want communications with the pfSense WAN, but with a public LAN-client which is part of a public LAN. So therefore just in a scenario for one host/PC (no router), you could utilize a /128 address…