1

My ISP assigns me an IPv4 address via DHCP and an IPv6 subnet through SLAAC.

I set up my pfSense box to use NAT and DHCPv4 for my LAN network which works fine. However, on the IPv6 side, my LAN computers only configure themselves with the standard link-local fe80.. address and don't get any global IPv6 address from the /64 pool my ISP assigned me.

I am fairly new to IPv6, so I tried a few options in pfSense like setting the LAN interface to SLAAC as well or setting it to a static IPv6 in the fc00.. range and enabling DHCPv6. Both of which didn't work for me. Also none of the options in the router advertisement tab helped either.

I'd be happy if someone with experience in setting up pfSense for my scenario could give me a hint to how I need to configure it.

comfreak
  • 1,451
  • 1
  • 21
  • 32
  • SLAAC can't assign a subnet, it can only assign individual addresses from a `/64` link prefix which you must already have assigned to the link through different means. These three older questions should be relevant to you: https://serverfault.com/q/684455/214507 https://serverfault.com/q/714890/214507 https://serverfault.com/q/216602/214507 – kasperd Aug 12 '18 at 16:30
  • @kasperd So basically the ISP side of SLAAC is assigning me an address with a prefix like DHCPv4 (in a way), where you get e.g. 192.168.0.5/24, but not all the addresses in that /24 are routed to 192.168.0.5? In other words, I would need to ask my ISP to give me a routed prefix or else I have to use NAT on IPv6 too? – comfreak Aug 13 '18 at 17:25
  • 1
    You need a routed prefix, otherwise you would need to do NAT which kind of defeats the purpose of using IPv6. The ISP may have a DHCPv6 server that you can request a routed prefix from. I have come across an ISP where routed prefixes are requested using a web interface operated by the ISP. If you can't figure out how that ISP provides routed prefixes you may have to ask them. – kasperd Aug 13 '18 at 19:28
  • Are you sure the ISP is not doing IPv6 Prefix Delegation? That would be normal for a business where you should be getting a `/48` for your business network. – Ron Maupin Aug 12 '20 at 04:26

1 Answers1

1

The pfSense box should be seeing the ICMPv6 Router Advisory packets coming from your ISP's router over IPv6 multicast to ff02::1. If your pfSense should act as an IPv6 bridge, then it should pass these packets on to your local network, as the Router Advisory packets are essential for IPv6 and SLAAC.

If you are setting up your pfSense as an IPv6 router instead, then you should configure pfSense to send its own IPv6 Router Advisory messages to your LAN side.

The ICMPv6 Router Advisory messages are mandatory for IPv6 to work: they also carry information on whether or not DHCPv6 should be used in the network segment, and if so, whether it should be used for IPv6 address allocation or just for additional configuration information. The Router Advisory messages can even carry information on IPv6 DNS servers that the clients should use.

telcoM
  • 4,153
  • 12
  • 23