dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
1325
pyrodex1980
join:2010-03-17
Suwanee, GA

3 recommendations

pyrodex1980 to Anonc978f

Member

to Anonc978f

Re: [AT&T Fiber] RG Bypass & pfSense IPv6

Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
I got this working but I can't remember fully all the steps.

My screenshots are provided and here is the configuration file referenced in one of the screenshots.

interface igb0 {
        send ia-na 1;   # request stateful address
        send ia-pd 1;   # request prefix delegation - LAN
        request domain-name-servers;
        script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh"; # we'd like nameservers and RTSOLD to do all the work
};
id-assoc na 1 { };
id-assoc pd 1 {
        prefix ::/60 infinity;
        prefix-interface lagg0.20 {
                sla-id 0;
                sla-len 4;
        };
        prefix-interface lagg0.30 {
                sla-id 1;
                sla-len 4;
        };
        prefix-interface lagg0.40 {
                sla-id 2;
                sla-len 4;
        };
        prefix-interface lagg0.50 {
                sla-id 3;
                sla-len 4;
        };
};
 

This gives me a /60 prefix and then I have a LAN (lagg0.20), DMZ (lagg0.30), IoT (lagg0.40), and GUEST (lagg0.50) interfaces and of course my WAN is igb0.

You also have to configure each interface in pfSense with IPv6 as a Track interface pointed to the WAN and for each SLA-ID you give it to that corresponding interface. So LAN has WAN as track interface and it's ID is 0.

I also had to configured DHCPv6 Server & RA for each LAN in pfSense as well as reflected in my screenshots. I didn't change much but ensured each was configured for a /64, I put in a range (not used for stateless), and then on the RA side set it for Stateless as shown.

What I do not remember is how to generate the DUID-EN but I know its based on the BGW-210 something and my device's serial number turned into HEX. If someone can figure that out again I will document it on github somewhere.

Anonc978f
@sbcglobal.net

1 recommendation

Anonc978f

Anon

Thanks for the details.

I'm not sure how important the DUID part is because I had an Netgear R7800 I used in bypass and it got an IPv6 address and wouldn't have had a way to generate the same as the RG. I think once the lease expires it's not as important but not sure still if something else specific need to do since my pf wont grab one or if it just hasn't been enough days maybe I guess.
pyrodex1980
join:2010-03-17
Suwanee, GA

1 recommendation

pyrodex1980

Member

said by Anonc978f :

Thanks for the details.

I'm not sure how important the DUID part is because I had an Netgear R7800 I used in bypass and it got an IPv6 address and wouldn't have had a way to generate the same as the RG. I think once the lease expires it's not as important but not sure still if something else specific need to do since my pf wont grab one or if it just hasn't been enough days maybe I guess.

Well feel free to try out my setup minus the DUID and see if it works. Right now I have full bypass working with IPv6.

Anonc978f
@sbcglobal.net

1 recommendation

Anonc978f

Anon

Bummer something else must be broken in the newer version.

It has most of this built in now (the util.inc file and gui edits) so I just used part of the script to make my DUID (though I know it honestly shouldn't matter since how does my Netgear router get IPv6 lol). I know it's now also been enough days for my old lease to be up. I suspect the original point of this was because people couldn't get IPv6 since the lease hadn't ended on the RG yet so this just spoofs it like the mac.

If anyone with v6 working on pfSense is willing to upgrade to 2.4.4 RC and test (just make a snapshot or backup before if worried) please let me know if you can get it working.

I started off on this version so never had it working to know what is actually broken.
aus
join:2018-09-22
united state

1 edit

1 recommendation

aus to pyrodex1980

Member

to pyrodex1980
Thanks pyrodex. I was able to get IPv6 working with your notes. Fully bypassed now as well! Added my notes here: »github.com/aus/pfatt

Anonc978f
@sbcglobal.net

1 recommendation

Anonc978f

Anon

I am still unable to with pfSense but can confirm AT&T doesn't use the serial number or DUID-EN really. It's just because most people switching already had an active lease and don't want to wait for it to expire.

That said, pfSense 2.4.4 seems to have some issues (it is on final release FWIW, not beta). Some people have issues and some don't. They can't reproduce it enough to fix. »forum.netgate.com/topic/ ··· snapshot
aus
join:2018-09-22
united state

1 recommendation

aus

Member

Hmm... That's interesting. Did you give my IPv6 notes a shot? Are you able to pull any IPv6 addresses? I don't think I had an active lease before. Before trying to configure in pfSense, IPv6 had been disabled for over a week.