1

I would like to use IPv6 on my LAN and would like to be able to go out to the WAN as well. My network is a classic IPv4 environment. It works well.

My ISP provides Global Unicast IPv6 address on the WAN interface of my router (pfsense 2.5.2). I can ping google's IPv6 address from my router:

PING6(56=40+8+8 bytes) <my-global-unicast-iv6-address> --> 2a00:1450:400d:806::200e
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=0 hlim=118 time=17.492 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=1 hlim=118 time=12.482 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=2 hlim=118 time=12.134 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=3 hlim=118 time=11.707 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=4 hlim=118 time=21.414 ms

--- 2a00:1450:400d:806::200e ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 11.707/15.046/21.414/3.814 ms

Behind the router the same thing does not work. I cannot ping google's IPv6 address. I need help to configure the LAN side properly.

May I ask your assistance please ?

EDIT: I had a call with my ISP and confirmed that ping might not work from my LAN. Maybe the the contact was not the right person to answer all my question because he answered that he does not know why but ping should not work but everything else should. Weird.

supi007
  • 56
  • 1
  • 8

2 Answers2

1

Finally I have found the answer. Let's see what I have:

  • pfSense is being used as a router/firewall on my LAN.
  • I got Global Unicast IPv6 address from my ISP on my WAN interface. (GUIPv6 is routable on Internet.)
  • pfSense need to be configured properly to get Global Unicast IPv6 address from the ISP on the LAN interface.
  • Interfaces --> WAN --> DHCP6 Client Configuration --> DHCPv6 Prefix Delegation size="60" --> Save
  • Interfaces --> LAN --> General Configuration --> IPv6 Configuration Type="Track Interface"
  • Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Interface="WAN"
  • Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Prefix ID="0" --> Save
  • Services --> DHCPv6 Server & RA --> Router Advertisements --> Router mode="Managed" --> Save
  • Services --> DHCPv6 Server & RA --> DHCPv6 Server --> "Enable DHCPv6 server on interface LAN"
  • Range from="::1000"
  • Range to="::2000" -- > Save

Abovementioned steps set up pfSense to be able to dynamically assigns GUIPv6 addresses on LAN.

supi007
  • 56
  • 1
  • 8
0

Well, you need to have routable network from your provider for that. If there is no routable network, what router should route then?

George Shuklin
  • 226
  • 2
  • 7
  • What do you mean "routable network" ? My ISP routes the IPv6 traffic. At least I think they do because ping works between my pfsense's interface and google's interface. – supi007 Sep 02 '21 at 07:19
  • routable network is an opposite of 'directly connected'. You provider must have something like `2a00:1450:4006:80d::0/64 via 2a00:1450:4006:80e::feab dev te10/11/12` in their routing table. (where 2a00:1450:4006:80e::feab is your router IP, and 2a00:1450:4006:80d::0/64 is your routable IPv6 network). If you have IP addresses allocated to you with provider IP (gateway) been in the same network, than you can't route it. – George Shuklin Sep 02 '21 at 07:26
  • Fine. You say I need to add a Unique Local IPv6 address to my LAN interface and need to add a record to the route table that points to the Global Unicast address? Is it working like IPv4 routing ? – supi007 Sep 02 '21 at 07:40
  • I have found an article about the IPv6 NAT: https://docs.netgate.com/pfsense/en/latest/nat/npt.html Is this the right way to solve my issue ? Could anybody confirm that ? – supi007 Sep 02 '21 at 08:43
  • 1
    Forget NAT with IPv6. Ask your provider for a suitably sized network, and bear in mind that the smallest subnet you should *ever* deploy outside a PtP-link is a /64. My *home* ISP hands me a /48. – vidarlo Sep 02 '21 at 12:45