JoelC707Premium
join:2002-07-09
West Point, GA
kudos:5 | reply to plencnerb
Re: [IPv6] Issues with IPv6 and pfsense [SOLVED] Yeah that was my thought as well. I'm actually here with my system today (I actually moved on the 1st and haven't really had a chance to mess with this) and thought "great, I'll do an update while I'm here, wait what day is today, damn only the 5th?" I'm heading out of town in the morning so it'll be at least a week before I can get to it now. I'm liking what I'm seeing though, looks promising.  |
|
 plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | reply to plencnerb
Well, I went and downloaded the file indicated by the arrow in the above picture.
Later today I'll burn that to CD, and install clean and see how things go.
I do have my notes about what I changed before to get things working. I'll make any new notes if those same changes need to be made, or if they are already configured by default.
Once everything is working (crosses fingers! ), I'll post back here with all the information.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
1 edit | reply to plencnerb
Dashboard Prior to upgrade | 
Interfaces Prior to upgrade | 
Dashboard After upgrade | 
Interfaces After upgrade |
2.1-BETA1 (i386)
built on Sun Jan 6 05:42:27 EST 2013
FreeBSD 8.3-RELEASE-p5
Good news is that everything is now working!
I also want to point out the difference in the WAN Interface screens. If you look at the one before the upgrade, the WAN Interface showed a Subnet mask IPv6 of "64". After moving to the new version, that value is now showing as "128", as indicated by the red arrows.
At this point, I have made ZERO changes to the configuration of pfSense (outside of changing the default admin password). Both IPv6 test sites now return 10/10, and the Comcast IPv6 Speed test site is working as well. I did some ping tests to known IPv6 sites, and they work. I also did a nslookup to that site, and returned both the IP and the name (depending on how I did the lookup) and that also worked without issue.
For reference, the changes that I made in the last version are below.
Add a WAN Rule for IPv6
Firewall --> Rules --> WAN
Action: Pass
Disabled: unchecked
Interface: WAN
TCP/IP Version: IPv6
Protocol: TCP
Source: No changes
Destination: No changes
Destination port range: No changes
Log: Unchecked
Description: Added to allow IPv6
Modify the IPv6 Configuration Type
Interfaces --> WAN
IPv6 Configuration Type: DHCP6
Again, I did not have to do either change. In regards to the IPv6 configuration type, it was already set as DHCP6. I also did not add the firewall rule on the WAN side as noted above, as things "appear" to be working without it.
If anyone has any questions, or needs to see any additional screens, let me know and I'll be happy to post them.
Interesting I just noticed that I "lost" the following two ISP DNS Servers
2001:558:feed::1
2001:558:feed::2
They were present under the WAN Interface prior to the install, and now they do not show up.
As I said, things "appear" to work without them, so I don't know if they are needed or not. However, I did want to point that out just in case I need to modify something to get them to show up again on the WAN Interface screen.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
|
|
 whfsdudePremium
join:2003-04-05
Washington, DC
 ·T-Mobile US
| reply to plencnerb
There are some GUI issues with quickly back-porting to WIDE from ISC's DHCP6 client.
FWIW, I always shove the v6 DNS servers under System > General Setup.
2001:558:feed::1
2001:558:feed::2
I'd rather push v6 traffic over Comcast's network than v4 (but that's just me being a v6 nerd). |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to plencnerb
This now agrees with what I have here on working m0n0wall 1.8b, including the /128 WAN netmask and having a local link address for the IPv6 gateway. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | Good deal.
I also went ahead and added the two IPv6 DNS's under the General Setup so they now show up as well.
--Brian |
|
Reviews:
 ·Comcast
| reply to plencnerb
Glad to hear.
Oddly enough, the SAME settings work with some routers *known* to support IPv6 (WNR1000v2 and WNDR37xx v3 and later - this may apply to Netgear's WNDR4xxx as well), because of issues with Auto-Detect/Auto-Config vs. explicit DHCP; I don't know whether it's a bug on Netgear's end or possibly the router is, in fact, doing what it's supposed to.
I have a WNDR3700 v4 (which replaced a Comcast-supplied WNR3500v1) due to router timeouts (on the WIRED side - utterly inexcusable) which I initially setup with Auto-Detect (first for IPv4, then for IPv6) - for IPv6, I got the 6to4 tunnel that is the default for routers that don't support either DHCP6-PD or 6RD (neither of which is listed on the WNDR3700's spec sheet or documentation). However, there IS a setting for DHCP under Advanced Setup->IPv6 - just for grinz/lulz, I used it. *Bang.* I now have the *correct* IPv6 range, and I'm no longer using a tunnel.
Add this router to the explicit support list with the following note: DHCPv6 must be turned on via Advanced Setup->IPv6 - this is disabled by default. |
|
