 plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
2 edits | [IPv6] Issues with IPv6 and pfsense [SOLVED] I figured it was time to start a new thread on the issues I'm having with getting pfsense configured to work with Comcast in regards to IPv6.
So, this post will be short, as it is just the introduction.
The next few posts will go into more detail. I've done it this way to help break up the different sections, and hopefully, help troubleshoot the issue at hand.
Basic information about my setup
1) Cable Modem:
Vendor: Arris
Model: TM722G/CT
Firmware Name: TS070463A_011312_MODEL_7_8_SIP_PC20
Firmware Build Time: Fri Jan 13 19:51:18 EST 2012
2) Computer
Self-Built desktop running Windows 7 x64 Enterprise
3) Location
Carpentersville, IL.
EDIT 12/11/2012 @ 9:19 AM
Turns out I had to modify the default WAN Configuration setting from for IPv6 Configuration Type from "Track Interface" to "DHCP6".
Everything is now working as it should be.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
1 edit | Re: [IPv6] Issues with IPv6 and pfsense
Picture #1 | 
Picture #2 | 
Picture #3 |
For these tests, I connected my desktop directly to my cable modem, after doing a reset on both (desktop was powered off, cable modem was reset using the little pin hole in the back).
Once that was complete, I ran an "ipconfig/all". Those results are below
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Brian A. Plencner>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : BRIAN-DESKTOP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.il.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-F0-32-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:558:6033:ad:18b2:dcdb:2418:a1ad(Preferred)
Lease Obtained. . . . . . . . . . : Monday, December 10, 2012 6:34:58 AM
Lease Expires . . . . . . . . . . : Friday, December 14, 2012 6:34:57 AM
Link-local IPv6 Address . . . . . : fe80::34c8:339c:31d4:729b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 67.184.208.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Monday, December 10, 2012 6:34:55 AM
Lease Expires . . . . . . . . . . : Monday, December 10, 2012 7:31:16 AM
Default Gateway . . . . . . . . . : fe80::201:5cff:fe3d:4e41%11
67.184.208.1
DHCP Server . . . . . . . . . . . : 69.252.202.7
DHCPv6 IAID . . . . . . . . . . . : 250899716
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-26-E4-53-F4-6D-04-F0-32-43
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.hsd1.il.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.il.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:4b:3355:bc47:2ff4(Preferred)
Link-local IPv6 Address . . . . . : fe80::4b:3355:bc47:2ff4%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\Brian A. Plencner>
Next, I ran the following command: "netsh int ipv6 show addr". I did this just to verify the information I was seeing from the ipconfig command.
C:\Users\Brian A. Plencner>netsh int ipv6 show addr
Interface 1: Loopback Pseudo-Interface 1
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite ::1
Interface 12: isatap.hsd1.il.comcast.net.
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::200:5efe:67.184.208.11%12
Interface 13: Teredo Tunneling Pseudo-Interface
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Public Preferred infinite infinite 2001:0:9d38:953c:4b:3355:bc47:2ff4
Other Preferred infinite infinite fe80::4b:3355:bc47:2ff4%13
Interface 11: Local Area Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Dhcp Preferred 3d23h59m 3d23h59m 2001:558:6033:ad:18b2:dcdb:2418:a1ad
Other Preferred infinite infinite fe80::34c8:339c:31d4:729b%11
C:\Users\Brian A. Plencner>
So far, things were looking good.
Then, using Waterfox I went to the following three web pages
• »test-ipv6.com/
• »test-ipv6.comcast.net/
• »ipv6.speedtest.comcast.net/
The results of these are shown above as Picture #1, #2, and #3, respectively.
As a final verification, I ran some more tests from the command prompt.
nslookup commands
C:\Users\Brian A. Plencner>nslookup www.comcast.net
Server: cdns01.comcast.net
Address: 2001:558:feed::1
Non-authoritative answer:
Name: a1526.dscg.akamai.net
Addresses: 2001:559:0:5d::1743:3d3b
2001:559:0:5d::1743:3d39
96.17.77.66
96.17.77.42
Aliases: www.comcast.net
www.comcast.net.edgesuite.net
C:\Users\Brian A. Plencner>nslookup -type=AAAA www.comcast.net
Server: cdns01.comcast.net
Address: 2001:558:feed::1
Non-authoritative answer:
Name: a1526.dscg.akamai.net
Addresses: 2001:559:0:5d::1743:3d39
2001:559:0:5d::1743:3d3b
Aliases: www.comcast.net
www.comcast.net.edgesuite.net
C:\Users\Brian A. Plencner>nslookup www.google.com
Server: cdns01.comcast.net
Address: 2001:558:feed::1
Non-authoritative answer:
Name: www.google.com
Addresses: 2607:f8b0:400f:801::1011
74.125.225.208
74.125.225.211
74.125.225.209
74.125.225.210
74.125.225.212
C:\Users\Brian A. Plencner>nslookup -type=AAAA www.google.com
Server: cdns01.comcast.net
Address: 2001:558:feed::1
Non-authoritative answer:
Name: www.google.com
Address: 2607:f8b0:400f:801::1012
C:\Users\Brian A. Plencner>
ping commands
C:\Users\Brian A. Plencner>ping ipv6.dcsenterprises.net
Pinging ipv6-dcs-srv.dyndns-ip.com [2601:5:c80:91:e291:f5ff:fe95:beac] with 32 bytes of data:
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=41ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=37ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=35ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=36ms
Ping statistics for 2601:5:c80:91:e291:f5ff:fe95:beac:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 41ms, Average = 37ms
C:\Users\Brian A. Plencner>ping 2601:5:c80:91:e291:f5ff:fe95:beac
Pinging 2601:5:c80:91:e291:f5ff:fe95:beac with 32 bytes of data:
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=34ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=35ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=36ms
Reply from 2601:5:c80:91:e291:f5ff:fe95:beac: time=36ms
Ping statistics for 2601:5:c80:91:e291:f5ff:fe95:beac:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 36ms, Average = 35ms
And then finally, a few trace commands. I did mix both IPv4 and IPv6 sites in this, just to be complete.
C:\Users\Brian A. Plencner>tracert 2601:5:c80:91:e291:f5ff:fe95:beac
Tracing route to 2601:5:c80:91:e291:f5ff:fe95:beac over a maximum of 30 hops
1 37 ms 30 ms 29 ms 2001:558:6033:ad::1
2 9 ms 8 ms 9 ms te-9-1-ur04.algonquin.il.chicago.comcast.net [2001:558:322:26f::1]
3 15 ms 15 ms 15 ms te-0-3-0-0-ar01.area4.il.chicago.comcast.net [2001:558:300:1e::1]
4 19 ms 23 ms 23 ms he-3-5-0-0-cr01.350ecermak.il.ibone.comcast.net [2001:558:0:f7fb::1]
5 25 ms 25 ms 26 ms so-7-1-0-0-ar03.nashville.tn.nash.comcast.net [2001:558:0:f7f4::2]
6 27 ms 26 ms 28 ms xe-0-1-0-0-sur01.murfreesboro.tn.nash.comcast.net [2001:558:160:57::2]
7 39 ms 34 ms 27 ms 2001:558:162:32::2
8 36 ms 35 ms 37 ms 2001:558:6016:19:39d6:46d1:4004:e738
9 37 ms 35 ms 38 ms 2601:5:c80:91:e291:f5ff:fe95:beac
Trace complete.
C:\Users\Brian A. Plencner>tracert www.google.com
Tracing route to www.google.com [2607:f8b0:400f:801::1013]
over a maximum of 30 hops:
1 27 ms 29 ms 29 ms 2001:558:6033:ad::1
2 9 ms 9 ms 10 ms te-9-1-ur04.algonquin.il.chicago.comcast.net [2001:558:322:26f::1]
3 16 ms 16 ms 14 ms te-0-3-0-3-ar01.area4.il.chicago.comcast.net [2001:558:300:286::1]
4 22 ms 23 ms 17 ms he-3-7-0-0-cr01.350ecermak.il.ibone.comcast.net [2001:558:0:f68d::1]
5 14 ms 13 ms 13 ms pos-1-2-0-0-pe01.350ecermak.il.ibone.comcast.net [2001:558:0:f593::2]
6 59 ms 13 ms 12 ms 2001:559::44a
7 13 ms 13 ms 13 ms 2001:4860::1:0:92e
8 14 ms 13 ms 13 ms 2001:4860::8:0:2fe9
9 35 ms 37 ms 36 ms 2001:4860::8:0:281d
10 36 ms 33 ms 33 ms 2001:4860::8:0:3426
11 34 ms 34 ms 43 ms 2001:4860::1:0:7a4
12 35 ms 38 ms 36 ms 2001:4860:0:1::593
13 34 ms 35 ms 35 ms den03s06-in-x13.1e100.net [2607:f8b0:400f:801::1013]
Trace complete.
C:\Users\Brian A. Plencner>tracert www.dslreports.com
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
1 31 ms 22 ms 27 ms 67.184.208.1
2 29 ms 15 ms 16 ms te-9-1-ur04.algonquin.il.chicago.comcast.net [68.87.229.189]
3 15 ms 15 ms 15 ms te-0-3-0-2-ar01.area4.il.chicago.comcast.net [68.86.189.229]
4 14 ms 23 ms 11 ms he-3-8-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.90.49]
5 40 ms 35 ms 35 ms he-4-6-0-0-cr01.newyork.ny.ibone.comcast.net [68.86.88.153]
6 41 ms 33 ms 40 ms 173.167.58.26
7 34 ms 33 ms 32 ms 0.e1-4.tbr1.oct.nac.net [209.123.10.122]
8 35 ms 34 ms 32 ms vlan804.esd1.oct.nac.net [209.123.10.2]
9 34 ms 32 ms 32 ms www.dslreports.com [209.123.109.175]
Trace complete.
C:\Users\Brian A. Plencner>
So, my final observation here is that IPv6 is working (as best as I can tell) exactly the way it should be when I am directly connected to my cable modem.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | reply to plencnerb
Picture #1 | 
Picture #2 | 
Picture #3 |
So, I will run though the same set of tests I did above, and show you my results.
Below are the results of running the command "ipconfig/all"
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Brian A. Plencner>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : BRIAN-DESKTOP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-F0-32-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:d:4c00:67:34c8:339c:31d4:729b(Preferred)
Temporary IPv6 Address. . . . . . : 2601:d:4c00:67:1952:1b74:c511:8be4(Preferred)
Link-local IPv6 Address . . . . . : fe80::34c8:339c:31d4:729b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, December 10, 2012 3:40:21 PM
Lease Expires . . . . . . . . . . : Monday, December 10, 2012 7:40:21 PM
Default Gateway . . . . . . . . . : fe80::250:4ff:fe21:713d%11
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 250899716
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-26-E4-53-F4-6D-04-F0-32-43
DNS Servers . . . . . . . . . . . : 2601:d:4c00:67::1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2058:2218:e7f2:eed8(Preferred)
Link-local IPv6 Address . . . . . : fe80::2058:2218:e7f2:eed8%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Brian A. Plencner>
Next, I ran the following command: "netsh int ipv6 show addr". I did this just to verify the information I was seeing from the ipconfig command.
C:\Users\Brian A. Plencner>netsh int ipv6 show addr
Interface 1: Loopback Pseudo-Interface 1
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite ::1
Interface 13: Teredo Tunneling Pseudo-Interface
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Public Preferred infinite infinite 2001:0:9d38:953c:2058:2218:e7f2:eed8
Other Preferred infinite infinite fe80::2058:2218:e7f2:eed8%13
Interface 11: Local Area Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Temporary Preferred 23h59m59s 3h59m59s 2601:d:4c00:67:1952:1b74:c511:8be4
Public Preferred 23h59m59s 3h59m59s 2601:d:4c00:67:34c8:339c:31d4:729b
Other Preferred infinite infinite fe80::34c8:339c:31d4:729b%11
Interface 14: isatap.localdomain
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::5efe:192.168.1.100%14
C:\Users\Brian A. Plencner>
So far, things appear to be working, in regards to pfsense giving my desktop a "proper" IPv6 IP, as well as a "proper" IPv4" IP.
So, I then went ahead and tested the same three sites
• »test-ipv6.com/
• »test-ipv6.comcast.net/
• »ipv6.speedtest.comcast.net/
The results of these are shown above as Picture #1, #2, and #3, respectively.
Of note now is that my results went from 10/10 to 0/10 for both test sites, and the IPv6 speedtest site failed to load.
This tells me that something is not configured correctly in regards to pfsense.
To confirm this, I went ahead and ran the same commands from the command prompt.
nslookup commands
C:\Users\Brian A. Plencner>nslookup www.comcast.net
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 2601:d:4c00:67::1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\Brian A. Plencner>nslookup -type=AAAA www.comcast.net
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 2601:d:4c00:67::1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\Brian A. Plencner>nslookup www.google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 2601:d:4c00:67::1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\Brian A. Plencner>nslookup -type=AAAA www.google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 2601:d:4c00:67::1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\Brian A. Plencner>
ping commands
C:\Users\Brian A. Plencner>ping ipv6.dcsenterprises.net
Pinging ipv6-dcs-srv.dyndns-ip.com [2601:5:c80:91:e291:f5ff:fe95:beac] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2601:5:c80:91:e291:f5ff:fe95:beac:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\Brian A. Plencner>ping 2601:5:c80:91:e291:f5ff:fe95:beac
Pinging 2601:5:c80:91:e291:f5ff:fe95:beac with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2601:5:c80:91:e291:f5ff:fe95:beac:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\Brian A. Plencner>
And then finally, a few trace commands. I did mix both IPv4 and IPv6 sites in this, just to be complete.
C:\Users\Brian A. Plencner>tracert 2601:5:c80:91:e291:f5ff:fe95:beac
Tracing route to 2601:5:c80:91:e291:f5ff:fe95:beac over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
C:\Users\Brian A. Plencner>tracert www.google.com
Tracing route to www.google.com [74.125.225.211]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms pfSense.localdomain [192.168.1.1]
2 30 ms 28 ms 19 ms 24.13.16.1
3 11 ms 14 ms 10 ms te-9-1-ur04.algonquin.il.chicago.comcast.net [68.87.229.189]
4 16 ms 19 ms 15 ms te-0-3-0-2-ar01.area4.il.chicago.comcast.net [68.86.189.229]
5 21 ms 23 ms 24 ms he-3-11-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.90.13]
6 29 ms 13 ms 15 ms pos-1-1-0-0-pe01.350ecermak.il.ibone.comcast.net [68.86.86.38]
7 37 ms 37 ms * 66.208.228.202
8 14 ms 12 ms 14 ms 209.85.254.120
9 13 ms 13 ms 14 ms 72.14.237.133
10 25 ms 26 ms 39 ms 72.14.232.141
11 58 ms 34 ms 35 ms 72.14.239.51
12 40 ms 34 ms 38 ms 216.239.46.151
13 49 ms 50 ms 35 ms 209.85.251.111
14 36 ms 36 ms 35 ms den03s06-in-f19.1e100.net [74.125.225.211]
Trace complete.
C:\Users\Brian A. Plencner>tracert www.dslreports.com
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms pfSense.localdomain [192.168.1.1]
2 27 ms 29 ms 29 ms 24.13.16.1
3 10 ms 11 ms 9 ms te-9-1-ur04.algonquin.il.chicago.comcast.net [68.87.229.189]
4 14 ms 15 ms 15 ms te-0-3-0-2-ar01.area4.il.chicago.comcast.net [68.86.189.229]
5 18 ms 23 ms 24 ms he-3-5-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.95.237]
6 39 ms 36 ms 35 ms he-4-4-0-0-cr01.newyork.ny.ibone.comcast.net [68.86.88.145]
7 36 ms 34 ms 33 ms 173.167.58.26
8 34 ms 36 ms 34 ms 0.e1-4.tbr1.oct.nac.net [209.123.10.122]
9 39 ms 34 ms 35 ms vlan804.esd1.oct.nac.net [209.123.10.2]
10 36 ms 34 ms 36 ms www.dslreports.com [209.123.109.175]
Trace complete.
C:\Users\Brian A. Plencner>
So, from what I can figure out, the issue appears to not be a DNS one, as I am able to resolve an IPv6 IP for its proper DNS name. However, I am not able to reach (or ping) to an IPv6 IP, or a IPv6 only site. So, there has to be something that is mis-configured inside of pfsense that is causing this. What I don't know.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
1 edit | reply to plencnerb
Picture #1 | | 
Picture #2 | | 
Picture #3 | | 
Picture #4 |
In Picture #1, I am showing the System Information. This should answer any questions about what version I'm running and all of that.
Picture #2 shows everything on the WAN side of things.
Picture #3 shows everything on the LAN side of things.
Finally, Picture #4 shows the only modification I have made. I added a WAN firewall rule to for IPv6. This was per the suggestion by whfsdude  .
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
 joakoPremium
join:2000-09-07
/dev/null
kudos:5 | reply to plencnerb
1) What is the version of pfsense (Status > Dashboard)
2) What IPv6 info do you see under Status > Interfaces?
--
PRescott7-2097 |
|
| reply to plencnerb
PFSense currently doesnt support ipv6. The next release (v2.1) will support ipv6. You can download and run a beta of it if you want, but the current release 2.0x versions do not support ipv6. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | reply to joako
said by joako:1) What is the version of pfsense (Status > Dashboard)
2) What IPv6 info do you see under Status > Interfaces?
said by PhReE5:PFSense currently doesnt support ipv6. The next release (v2.1) will support ipv6. You can download and run a beta of it if you want, but the current release 2.0x versions do not support ipv6.
The answers to both of your questions should now be visible in the posts above. I have edited them all at this point.
If you need further information, just ask.
Thanks,
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to plencnerb
Your WAN IPv6 netmask is 64 bits. Mine is 128 bits.
Your LAN IPv6 address looks more like it was statically assigned, not by DHCP-PD.
You still haven't said how you are configuring for IPv6. Post those screens as well. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | 
WAN Interface Configuration | 
LAN Interface Configuration |
said by graysonf:Your WAN IPv6 netmask is 64 bits. Mine is 128 bits.
Your LAN IPv6 address looks more like it was statically assigned, not by DHCP-PD.
You still haven't said how you are configuring for IPv6. Post those screens as well.
Above are how I currently have things configured in regards to the LAN and WAN interfaces.
By default, when I installed pfsense, I did not need to make any changes to this, per what whfsdude said in the other post.
His comment is below
said by whfsdude:Are you running the 2.1 branch?
1. Interfaces > WAN
2. For 'IPv6 Configuration Type' select 'DHCP6'
3. For 'DHCPv6 Prefix Delegation size' select '64', apply
4. Interfaces > LAN
5. For 'IPv6 Configuration Type' select 'Track Interface'
6. For 'IPv6 Interface' select WAN.
7. For 'IPv6 Prefix ID' enter '0', apply
8. Reboot!
What you are suggesting is a bit different then what he has said. But, since we are in troubleshooting mode, I'm willing to make any changes to see what I can do to figure this out.
So, on the LAN Interface configuration page, I modified the IPv6 Configuration Type from the value "Track Interface" to "DHCP6".
Once that was done, I did an ipconfig /release and then an ipconfig /renew.
The issue now is solved! The IPv6 Test pages now come back with a score of 10/10. On the Comcast IPv6 Speedtest side, it now loads, and shows my IPv6 IP at the top.
That was an easy fix!
Of course, it makes me wonder then, what is different between my setup and whfsdude 's, as he is also running pfsense, with that one value different then what I have, and he apparently does not have any issues.
Thoughts?
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Glad you have it sorted out. You might want to change the Subject of the root post for this to include [SOLVED]. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | said by graysonf:Glad you have it sorted out. You might want to change the Subject of the root post for this to include [SOLVED].
Went ahead and did that, and modified my OP post as well to indicate what I had to do to fix it.
I am curious though to hear whfsdude 's thoughts on this, as he is the one that said what he uses for that value, and apparently it is working fine for him.
Now the next step I think is to work with the mods to modify NetDog 's thread to put a post that shows the configuration steps / changes that need to be made in this version of pfsense to get it to work. Once that is done, then delete all of the posts and troubleshooting steps from my case, as that configuration has now been confirmed to be working. Thoughts? Kind of like a cleanup / reset on the thread, and get it ready for the next user who comes along with configuration issues for a different piece of hardware.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | I doubt they will delete posts or threads, which is why I suggested editing the Subject to include [SOLVED]. |
|
|
|
 whfsdudePremium
join:2003-04-05
Washington, DC
 ·T-Mobile US
| reply to plencnerb
said by plencnerb:I am curious though to hear whfsdude 's thoughts on this, as he is the one that said what he uses for that value, and apparently it is working fine for him.
Sorry I've been swamped since Monday and haven't had much time to look at threads. Glad you figured it out.
I was using DHCP6 w/track interface up until two weeks ago when I moved to all static configurations.
I wonder if it's a regression in their code. »lists.pfsense.org/pipermail/list···831.html |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | reply to graysonf
They probably won't, it was just a suggestion.
Maybe what I am thinking of is more along the lines of a FAQ for IPv6. NetDog's thread could be the "work area" so to speak for the FAQ. We take the first first post as kind of the starting point for the FAQ, and then as people post their different routers and configurations, and we all work together to get them up and running, the FAQ then is modified to include a section for a specific hardware.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | FAQ, good idea. Feel free to get started anytime |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | You know, I would if I knew how to start!
If anything, I would have no problems putting together the section on configuration for pfsense.
--Brian |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Go to the Comcast FAQ page here: »Comcast High Speed Internet FAQ
Contact one of the Editors on the upper right side via Instant Message. I'm sure they will point you in the right direction. |
|
 NetDogPremium,VIP
join:2002-03-04
Parker, CO
kudos:4
 ·Comcast
| reply to plencnerb
said by plencnerb:Now the next step I think is to work with the mods to modify NetDog 's thread to put a post that shows the configuration steps / changes that need to be made in this version of pfsense to get it to work. Once that is done, then delete all of the posts and troubleshooting steps from my case, as that configuration has now been confirmed to be working. Thoughts? Kind of like a cleanup / reset on the thread, and get it ready for the next user who comes along with configuration issues for a different piece of hardware.
--Brian
how about a thread that just has the how-to? I have been thinking about writing a How-to for each of the routers and devices that I know about.. Thinking and on paper are two different things .. I have been working on a Juniper router\switch as of late so it has been taking my spare time. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | reply to plencnerb
Re: [IPv6] Issues with IPv6 and pfsense [SOLVED] Ok I don't get it.
Yes, I'm replying to my own thread.
Why would I do something?
Answer: Things are not working now with IPv6.
Both IPv6 test sites that used to return 10/10 now return 0/10. I cannot get to »ipv6.speedtest.comcast.net/ anymore.
System Uptime on my modem is 11 d: 8 h: 37 m.
System Update for PFSense is just behind that, at 11 Days 08 Hours 29 Minutes 21 Seconds.
The last configuration change that I made to PFsense was on Wed Dec 12 12:36:08 CST 2012, which, is just after the last edit I made to the first post of this thread to indicate that it was working.
So, my question is, What Broke! And, probably more important, how do I get it working again?
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
| My Comcast supplied Netgear WNR1000v2-VC also randomly loses IPv6 connectivity. It sometimes will stay in sync for several weeks, and sometimes only for a few days. IPv6 connectivity always comes back if I reboot the router and remake the connections with the attached PCs.
The problem with the Netgear router seems to be that its WAN is randomly assigned a new IPv6 address (but the 2001:558:xxxx:xx: prefix does does not change, nor does the IPv4 address). That new IP address triggers a new PD prefix for the LAN, but the old PD prefix is also still active. The only fix I have found is to reboot the router.
Have you tried rebooting your pFsense box and reconnecting the attached PC(s)? |
|
