 NetDogPremium,VIP
join:2002-03-04
Parker, CO
kudos:4 | reply to NetDog
Re: [IPv6] Troubleshooting Comcast IPv6 (Start Here) I added two more sections..
Don't block all ICMPv6 (for the adv users)
You get a v6 address on both your LAN and WAN but no workie |
|
|
|
derekivey
join:2006-03-30
Mechanicsburg, PA
kudos:1 | reply to NetDog
pfSense supports IPv6. I'm currently using it with a HE tunnel. I know it does DHCP-PD too. |
|
 plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | I went ahead and switched my firewall from Smoothwall to pfSense.
However, I'm not sure how to configure it to pull both a IPv4 and an IPv6 IP from Comcast. I have verified that my area is "IPv6 Ready" by connecting my Windows 7 desktop directly to my cable modem (Arris TM722G/CT), and I do a IPv6 IP back (2001:558:xxxx).
However, I don't see that inside the configuration of PFSense. I check the box " Allow IPv6" on the "System: Advanced: Networking" tab. Once I did that, I did reboot both my PFSense box, and my cable modem.
However, I still only get one IP (an IPv4 one). This is from the "Status: Interfaces" screen on the WAN interface.
If more information is needed, just ask! 
Thanks!
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
 whfsdudePremium
join:2003-04-05
Washington, DC
 ·T-Mobile US
| said by plencnerb:However, I'm not sure how to configure it to pull both a IPv4 and an IPv6 IP from Comcast. I have verified that my area is "IPv6 Ready" by connecting my Windows 7 desktop directly to my cable modem (Arris TM722G/CT), and I do a IPv6 IP back (2001:558:xxxx).
Are you running the 2.1 branch?
1. Interfaces > WAN
2. For 'IPv6 Configuration Type' select 'DHCP6'
3. For 'DHCPv6 Prefix Delegation size' select '64', apply
4. Interfaces > LAN
5. For 'IPv6 Configuration Type' select 'Track Interface'
6. For 'IPv6 Interface' select WAN.
7. For 'IPv6 Prefix ID' enter '0', apply
8. Reboot! |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | said by whfsdude:Are you running the 2.1 branch?
Looks like I'm not. I thought I was, but according to the information on my dashboard, I got this
2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6
Where can I download the 2.1 branch from? I did not see it on their download page.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| »snapshots.pfsense.org/
Edit:
32-bit CD:
»snapshots.pfsense.org/FreeBSD_RE···4.iso.gz
64-bit CD: »snapshots.pfsense.org/FreeBSD_RE···4.iso.gz |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | Well alright then! Time to burn another CD and try again!
Unless, there is a way to upgrade from 2.0.1 to 2.1, without doing a full re-install.
--Brian |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by plencnerb:Unless, there is a way to upgrade from 2.0.1 to 2.1, without doing a full re-install.
In theory, yes. But I'd do a full reinstall to avoid any possible problems. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | Sounds like a plan. The initial install did not take long at all. So, I should have no problems doing it again with this version.
Thanks!
--Brian |
|
| reply to NetDog
Don't forget about the Linksys E900, E1200, E4200v1, EA4500, and EA6500 that I've tested and have verified works correctly. |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
·Cingular Wireless
·Comcast
1 edit | reply to plencnerb
said by plencnerb:Sounds like a plan. The initial install did not take long at all. So, I should have no problems doing it again with this version.
Please keep us apprised on your pfSense project. I was tempted to load it on a retired Toshiba notebook, but the need to use a "beta" release made me balk (and I found a D-Link DIR655 on sale instead). Even so, I like to have plenty of options, and I may yet install pfSense on that old Toshiba box.
I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by NetFixer:I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.
Don't think that is necessary. Unless there is a network move (unlikely), or you change your DUID (new router), your IPv6 addresses should not change.
So just add an AAAA record somewhere and forget about it. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
1 edit | said by whfsdude:said by NetFixer:I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.
Don't think that is necessary. Unless there is a network move (unlikely), or you change your DUID (new router), your IPv6 addresses should not change. So just add an AAAA record somewhere and forget about it. It may not happen often on a Comcast DHCP connection, but it does happen. Just a few weeks ago the DHCP address used by my Linux server changed when Comcast did some IP address block shuffling. Unless you have a business class static IP account (and Comcast still does not support IPv6 for those customers), there is no guarantee that your DHCP assigned IPv4 or IPv6 address(es) won't just suddenly change without notice.
One reason that I changed from using the Netgear router as my IPv6 gateway to using the D-Link router was because the Netgear's IPv6 WAN address and its LAN PD prefix was changing every couple of weeks (even though the WAN IPv4 address and the IPv6 prefix did not change). I am hoping that was an anomaly with the Netgear firmware, and/or that the D-Link's IPv6 DDNS client will automatically compensate should that start happening with the D-Link router. So far the LAN PD prefix has not changed in the D-Link router, but it may be too soon to be sure that it won't just arbitrarily change as was happening with the Netgear router.
Here are a few example screen shots of the Netgear router's IPv6 setup/status page showing those unexpected IPv6 address changes:
By using a DynDNS IPv6 client, I can just setup the IPv6 hostnames and forget about it as long as my IPv6 gateway router supports the DynDNS IPv6 client. OTOH, the DIR655 is a new router, and the IPv6 DDNS update is a relatively new feature for both D-Link and DynDNS, so I really don't know yet how reliable that process is.
C:\>dig ipv6.dcs-net.net AAAA
; <<>> DiG 9.9.2 <<>> ipv6.dcs-net.net AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31371
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ipv6.dcs-net.net. IN AAAA
;; ANSWER SECTION:
ipv6.dcs-net.net. 3601 IN CNAME ipv6-webhost.dyndns-ip.com.
ipv6-webhost.dyndns-ip.com. 60 IN AAAA 2601:5:c80:91:e291:f5ff:fe95:a879
;; Query time: 156 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sat Dec 08 17:37:55 2012
;; MSG SIZE rcvd: 113
C:\>dig ipv6.dcsenterprises.net AAAA
; <<>> DiG 9.9.2 <<>> ipv6.dcsenterprises.net AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42201
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ipv6.dcsenterprises.net. IN AAAA
;; ANSWER SECTION:
ipv6.dcsenterprises.net. 1800 IN CNAME ipv6-dcs-srv.dyndns-ip.com.
ipv6-dcs-srv.dyndns-ip.com. 60 IN AAAA 2601:5:c80:91:e291:f5ff:fe95:beac
;; Query time: 140 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sat Dec 08 17:38:11 2012
;; MSG SIZE rcvd: 120
On your new MetroEthernet derived service, you do get static IP addresses, so set it and forget about it is indeed possible. But not all of us can justify that expense, and that service is available in only a few very select locations.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
Reviews:
 ·Speakeasy
| reply to plencnerb
said by plencnerb:said by whfsdude:Are you running the 2.1 branch?
Looks like I'm not. I thought I was, but according to the information on my dashboard, I got this 2.0.1-RELEASE (i386) built on Mon Dec 12 17:53:52 EST 2011 FreeBSD 8.1-RELEASE-p6 Where can I download the 2.1 branch from? I did not see it on their download page. --Brian Just so you know.... pfSense 2.1 is still being developed/sill in beta. I would not run it somewhere important yet.
I am still running 2.0.1 myself, waiting for 2.1 Release. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by PhReE5:Just so you know.... pfSense 2.1 is still being developed/sill in beta. I would not run it somewhere important yet.
I haven't had an issue with it at all and I've been running it since it came out.
Same as running Ubuntu which is essentially Debian unstable. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | I'm not worried about it being in Beta either. I have not had the chance to take the house off-line yet to install 2.1 (already had it down once to go from Smoothwall to Pfsense 2.0.1). I live with my Uncle and my Mom, both of who use the internet a lot during the day. If anything does go south with 2.1, I have many other options • PfSense 2.0.1 (which, I'm currently running) • Smoothwall Express 3.0 (which I ran for 6 months) • Netgear RP 114 Router (which I ran for the last 10 years) Any of which can be up and running in under 15 minutes. So, when I have some time to install 2.1, I'm going to do so. However, before I do, I have a question. whfsdude  posted a link to the main download site (snapshots.pfsense.org) and then he posted links to the 32 bit and 64 bit ISO's for CD install. What is the difference between these two ISO's (the 1st is the one that whfsdude linked to directly? • pfSense-LiveCD-2.1-BETA0-i386-20121204-1604.iso • pfSense-LiveCD-2.1-BETA0-i386-20121208-1306.iso --Brian --
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | said by plencnerb:What is the difference between these two ISO's (the 1st is the one that whfsdude linked to directly?
• pfSense-LiveCD-2.1-BETA0-i386-20121204-1604.iso
• pfSense-LiveCD-2.1-BETA0-i386-20121208-1306.iso
--Brian
The first one was built on December 4, 2021 at 16:04 (4:04PM)
The second one was built on December 8, 2012 at 13:06 (1:06PM) |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | Besides that!  |
|
mojo1
join:2006-12-05
Atlanta, GA | reply to NetDog
I finally had some had some time to try to get IPv6 up and running. It looks like I was mostly successful. Here is what I have.
Running a Netgear WNDR3700v3 with original firmware ver. V1.0.0.22_1.0.17. Enabling DHCP IPv6, the router would receive a valid address in the 2001: range and enabled 2601: addresses on the LAN side, but connectivity was very poor. None of the IPv6 tests would show the WAN IPv6 address.
After digging a little, and re-reading Netdog's original post, I tried to enable ICMP6 traffic. There is no setting in my router for this. After trial and error, I determined that there is a "NAT Filtering" option in the WAN settings under the advanced tab. After setting this to OPEN instead of SECURED, I was surfing IPv6 addresses and passing all of the readiness tests. Not sure if I should be worried about this or not. There is no documentation for this router that tells me what the preconfigured security options do.
So far, so good. The only issue I am experiencing right now is on the Netalyzr test. Everything passes except the IPv6 MTU. I get a warning that my system cannot process fragmented packets. The test indicates that the MTU should be 1496. But, when I change MTU in my router from 1500 to 1496, I still get the same error. It appears changing the value in the router has no effect on IPv6 traffic.
Other than that issue, everything seems to be working well. Thanks Netdog for all your valuable info! |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| reply to plencnerb
When I upgrade or do a new install, I always opt the previous beta release because if there is a problem, it's likely to pop up on the forums.
The builds are done automatically fwiw. |
|
