dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7904
share rss forum feed

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to plencnerb

Re: [IPv6] Issues with IPv6 and pfsense [SOLVED]

Yeah that was my thought as well. I'm actually here with my system today (I actually moved on the 1st and haven't really had a chance to mess with this) and thought "great, I'll do an update while I'm here, wait what day is today, damn only the 5th?" I'm heading out of town in the morning so it'll be at least a week before I can get to it now. I'm liking what I'm seeing though, looks promising.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2
reply to plencnerb

Click for full size
Well, I went and downloaded the file indicated by the arrow in the above picture.

Later today I'll burn that to CD, and install clean and see how things go.

I do have my notes about what I changed before to get things working. I'll make any new notes if those same changes need to be made, or if they are already configured by default.

Once everything is working (crosses fingers! ), I'll post back here with all the information.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

1 edit
reply to plencnerb

Click for full size
Dashboard Prior to upgrade
Click for full size
Interfaces Prior to upgrade
Click for full size
Dashboard After upgrade
Click for full size
Interfaces After upgrade
I went ahead and did a clean install of pfsense. The version information is below

2.1-BETA1 (i386)
built on Sun Jan 6 05:42:27 EST 2013
FreeBSD 8.3-RELEASE-p5

Good news is that everything is now working!

I also want to point out the difference in the WAN Interface screens. If you look at the one before the upgrade, the WAN Interface showed a Subnet mask IPv6 of "64". After moving to the new version, that value is now showing as "128", as indicated by the red arrows.

At this point, I have made ZERO changes to the configuration of pfSense (outside of changing the default admin password). Both IPv6 test sites now return 10/10, and the Comcast IPv6 Speed test site is working as well. I did some ping tests to known IPv6 sites, and they work. I also did a nslookup to that site, and returned both the IP and the name (depending on how I did the lookup) and that also worked without issue.

For reference, the changes that I made in the last version are below.

Add a WAN Rule for IPv6
Firewall --> Rules --> WAN
Action: Pass
Disabled: unchecked
Interface: WAN
TCP/IP Version: IPv6
Protocol: TCP
Source: No changes
Destination: No changes
Destination port range: No changes
Log: Unchecked
Description: Added to allow IPv6

Modify the IPv6 Configuration Type
Interfaces --> WAN
IPv6 Configuration Type: DHCP6

Again, I did not have to do either change. In regards to the IPv6 configuration type, it was already set as DHCP6. I also did not add the firewall rule on the WAN side as noted above, as things "appear" to be working without it.

If anyone has any questions, or needs to see any additional screens, let me know and I'll be happy to post them.

Interesting I just noticed that I "lost" the following two ISP DNS Servers
2001:558:feed::1
2001:558:feed::2

They were present under the WAN Interface prior to the install, and now they do not show up.

As I said, things "appear" to work without them, so I don't know if they are needed or not. However, I did want to point that out just in case I need to modify something to get them to show up again on the WAN Interface screen.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to plencnerb

There are some GUI issues with quickly back-porting to WIDE from ISC's DHCP6 client.

FWIW, I always shove the v6 DNS servers under System > General Setup.

2001:558:feed::1
2001:558:feed::2

I'd rather push v6 traffic over Comcast's network than v4 (but that's just me being a v6 nerd).



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1
reply to plencnerb

This now agrees with what I have here on working m0n0wall 1.8b, including the /128 WAN netmask and having a local link address for the IPv6 gateway.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

Good deal.

I also went ahead and added the two IPv6 DNS's under the General Setup so they now show up as well.

--Brian



PGHammer

join:2003-06-09
Accokeek, MD

1 recommendation

reply to plencnerb

Glad to hear.

Oddly enough, the SAME settings work with some routers *known* to support IPv6 (WNR1000v2 and WNDR37xx v3 and later - this may apply to Netgear's WNDR4xxx as well), because of issues with Auto-Detect/Auto-Config vs. explicit DHCP; I don't know whether it's a bug on Netgear's end or possibly the router is, in fact, doing what it's supposed to.

I have a WNDR3700 v4 (which replaced a Comcast-supplied WNR3500v1) due to router timeouts (on the WIRED side - utterly inexcusable) which I initially setup with Auto-Detect (first for IPv4, then for IPv6) - for IPv6, I got the 6to4 tunnel that is the default for routers that don't support either DHCP6-PD or 6RD (neither of which is listed on the WNDR3700's spec sheet or documentation). However, there IS a setting for DHCP under Advanced Setup->IPv6 - just for grinz/lulz, I used it. *Bang.* I now have the *correct* IPv6 range, and I'm no longer using a tunnel.

Add this router to the explicit support list with the following note: DHCPv6 must be turned on via Advanced Setup->IPv6 - this is disabled by default.