IPv6 support for Captive Portal planned?



  • Since 2011 Pfsense startet with IPv6 support. Already then some early movers recognized that CP doesn't support IPv6. In the meantime IPv6 begins to become standard mostly as dual stack. Concerning the statistics Germany, Switzerland have 25%, Begium 48% and USA 19% IPv6 traffic already.

    By what release is IPv6 support planned?

    In a first step it's enough to search DNS and derive to the login page with IPv4. But after successful login IPv6 should be supported as soon as possible. In a further step IPv4+IPv6 must be supported fully (DNS request, internal web server for login page).

    Thank you for your answer.



  • first of: i have no clue about the plans for ipv6 support for CP

    for me, ipv6 has too many downsides to even consider allowing it on my networks. (no, security is not one of those downsides)
    the biggest issue for me is, that it doesn't solve anything (for me) & i have no issue's with v4:

    • every cheap multi-wan environment will still need todo NAT, but instead of nat44, you'll do nat66.

    • there is a lot of crappy v6 "firmware' in numerous devices on the lan side: printers/voip phones/cell phones. officially almost all recent devices support v6; reality differs greatly

    so the few "upsides" of v6, from an end-user/smallbusiness perspective isn't there. (atleast not for me)


  • Rebel Alliance Developer Netgate

    It's not something that's on our immediate radar.

    @heper:

    • every cheap multi-wan environment will still need todo NAT, but instead of nat44, you'll do nat66.

    That's not quite true in the way you imply. One WAN will work without NAT, additional WANs can use NPt (not an overload style) – yes, it's NAT, but 1:1 for the whole prefix, so a large number of traditional overload PAT-type NAT issues would not be a problem there. While it's not ideal, it's not anything I'd consider being a blocker or an impedance to its use.



  • Not related to the Captive portal, but very IPv6:
    Natting to the Captive Portal ? That's seems a very rare thing to me. The people (clients, probably strangers) want to get 'out' - not hosting servers etc behind a Captive Portal connection …
    The BIG advantage of IPv6 that NAT will be pretty unneeded. I'm using IPv6 and with the help of some precise firewall rules, I can address my devices from the Internet right into my LAN.

    A simple rule like (see image) will allow my server (on the Internet, using rsync and its IPv6 only) to address my diskstation (NAS Synology) using also an IPv6 (only) on my LAN.
    NO NAT rule involved !!




  • Thanks for your replies, but I didn't want to have general discussion about IPv6 sense and non-sense. Fact is that IPv6 is upcoming more and more and Pfsense should be ready in all areas. We have a hotel with captive portal for our guests. CP isn't ready and it doesn't support for IPv6 traffic. In this year we will get a full dual stack (IPv4/IPv6) from our provider. Sometime in the future our guest will ask about IPv6 support. IPv4 addresses will by more and more rare so that some day a part of the internet won't support IPv4 anymore.

    The question is still: Is planned that CP will support IPv6 in the future?