PfSense 2.3 - IPv6 - Comcast
-
Need help setting up IPv6 on pfSense 2.3 and using Comcast Gateway (Arris TG862G).
Interfaces > LAN + WAN > IPv6 Configuration Type = DHCP6.
I can ping ipv6.google.com, Diagnostics > Ping > Source address = Default, but not when Source address = LAN.Thank you.
-
Ok… so for Comcast, your WAN should be DHCP (IPv4) and DHCP6 (IPv6).
Under the IPv6 DHCP settings...- Change the prefix size, if you so desire. Leaving it at /64 will give you one IPv6 network address block for your LAN. Reducing the number to /60 will give you 16 /64 networks to use as you see fit (i.e. LAN, Guest, DMZ, etc.). Comcast residential customers can only go as low as /60. Business customers can go down to /56 (256 /64 networks).
- Check the box for Send IPv6 Prefix Hint.
- Check the box for Use IPv4 connectivity as parent interface. This allows IPv6 to recover more gracefully if your modem reboots due to Comcast maintenance work.
At the bottom of the page, it would also be recommended to make sure that bogon networks are NOT being blocked, as the IPv6 bogon list tends to find itself out of date pretty quickly these days, since that's just about all that the RIR's are handing out now.
On the LAN side… IPv6 should be Track Interface.
Under Track IPv6 Interface, you should select the WAN interface, then pick a prefix ID. If you left the prefix size at /64, your prefix ID choice will only be 0. Otherwise, the prefix ID will be the last one (/60) or two (/56) characters of the network portion of the IPv6 address. For example, if you pick prefix ID 3, your IPv6 address might look something like: 2601:aaaa:bbbb:ccc3:…Those settings alone should get you basic IPv6 connectivity from your LAN network. If you were already requesting a /64 on your WAN and you now want to request a /60, there's a file you'll need to delete using an SSH connection to your pfSense box, then release/renew your WAN interface in order to get your new prefix size.
There's more to cover if you want to go on... Router advertisements and DHCPv6 are things that can change how IPv6 works on your network... but let's get you online with basic connectivity first. :)
-
Ok. I did exactly as you instructed but I still don't have IPv6 connectivity.
I can now ping ipv6.google.com, Diagnostics > Ping > Source address = Default, LAN & WAN.IP issued are not Global, fdfa:…
Your instructions was applied to a fresh install that has had no issues with IPv4 connectivity!Attempt to ping -6 google.com > Pinging google.com [2607:f8b0:4008:807::200e] with 32 bytes of data:
Request timed out. -
Good to see that you can now ping from pfSense via the LAN interface address! That's a step in the right direction.
Not sure why pfSense would be handing out ULA addresses if your LAN is configured for Track Interface… you might need to reboot pfSense, and either reboot or disconnect/reconnect other devices to try and force interfaces to pick up new addresses.
Did you change your prefix size requested in the WAN settings, or leave it at /64? If you changed it, then you'll need to delete the DUID file (/var/db/dhcp6c_duid), then release/renew your WAN interface, causing it to generate a new DUID and use that to get a prefix of the new size from Comcast.
-
I have tested in both a standalone and ESXI/virtual machine, and still no IPv6 connectivity.
Does the cable modem need to be in bridged mode?
-
I have tested in both a standalone and ESXI/virtual machine, and still no IPv6 connectivity.
Does the cable modem need to be in bridged mode?
That would likely help quite a bit. If your cable modem/residential gateway device is in front of your pfSense box, then it's likely the device doing the DHCPv6 request for a IPv6 address and my bet is that the RG asks for a /64 instead of a /60.
-
Yeah, if you have a gateway device (modem + router in one box), then yes, you should put it in bridge mode. That will make it function just like a modem only, allowing pfSense to request whatever size prefix you want.
-
Thanks to everyone that helped.
I purchased an Arris modem TM822G, and I'm happy to say it works!virgiliomi. How about more, Router advertisements and DHCPv6.
