Score:1

Server

How should I configure properly my LAN to use IPv6 for communication on LAN and WAN?

supi007

1/2/23, 6:46 AM

I would like to use IPv6 on my LAN and would like to be able to go out to the WAN as well. My network is a classic IPv4 environment. It works well.

My ISP provides Global Unicast IPv6 address on the WAN interface of my router (pfsense 2.5.2). I can ping google's IPv6 address from my router:

PING6(56=40+8+8 bytes) <my-global-unicast-iv6-address> --> 2a00:1450:400d:806::200e
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=0 hlim=118 time=17.492 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=1 hlim=118 time=12.482 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=2 hlim=118 time=12.134 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=3 hlim=118 time=11.707 ms
16 bytes from 2a00:1450:400d:806::200e, icmp_seq=4 hlim=118 time=21.414 ms

--- 2a00:1450:400d:806::200e ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 11.707/15.046/21.414/3.814 ms

Behind the router the same thing does not work. I cannot ping google's IPv6 address. I need help to configure the LAN side properly.

May I ask your assistance please ?

EDIT: I had a call with my ISP and confirmed that ping might not work from my LAN. Maybe the the contact was not the right person to answer all my question because he answered that he does not know why but ping should not work but everything else should. Weird.

1502

1 + 2

networking

local-area-network

ipv6

wide-area-network

unicast

Michael Hampton

1/2/23, 12:58 PM

Did you forget to enable prefix delegation? I think pfSense has it off by default.

supi007

1/2/23, 3:01 PM

I forgot really. It is now enabled. Thx. Problem is not solved yet though. I am still working on it.

Score:1

Server

supi007

1/25/23, 7:07 AM

Finally I have found the answer. Let's see what I have:

pfSense is being used as a router/firewall on my LAN.
I got Global Unicast IPv6 address from my ISP on my WAN interface. (GUIPv6 is routable on Internet.)
pfSense need to be configured properly to get Global Unicast IPv6 address from the ISP on the LAN interface.
Interfaces --> WAN --> DHCP6 Client Configuration --> DHCPv6 Prefix Delegation size="60" --> Save
Interfaces --> LAN --> General Configuration --> IPv6 Configuration Type="Track Interface"
Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Interface="WAN"
Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Prefix ID="0" --> Save
Services --> DHCPv6 Server & RA --> Router Advertisements --> Router mode="Managed" --> Save
Services --> DHCPv6 Server & RA --> DHCPv6 Server --> "Enable DHCPv6 server on interface LAN"
Range from="::1000"
Range to="::2000" -- > Save

Abovementioned steps set up pfSense to be able to dynamically assigns GUIPv6 addresses on LAN.

0 + 0

Score:0

Server

George Shuklin

1/2/23, 7:11 AM

Well, you need to have routable network from your provider for that. If there is no routable network, what router should route then?

0 + 5

supi007

1/2/23, 7:19 AM

What do you mean "routable network" ? My ISP routes the IPv6 traffic. At least I think they do because ping works between my pfsense's interface and google's interface.

George Shuklin

1/2/23, 7:26 AM

routable network is an opposite of 'directly connected'. You provider must have something like `2a00:1450:4006:80d::0/64 via 2a00:1450:4006:80e::feab dev te10/11/12` in their routing table. (where 2a00:1450:4006:80e::feab is your router IP, and 2a00:1450:4006:80d::0/64 is your routable IPv6 network). If you have IP addresses allocated to you with provider IP (gateway) been in the same network, than you can't route it.

supi007

1/2/23, 7:40 AM

Fine. You say I need to add a Unique Local IPv6 address to my LAN interface and need to add a record to the route table that points to the Global Unicast address? Is it working like IPv4 routing ?

supi007

1/2/23, 8:43 AM

I have found an article about the IPv6 NAT: https://docs.netgate.com/pfsense/en/latest/nat/npt.html Is this the right way to solve my issue ? Could anybody confirm that ?

vidarlo

1/2/23, 12:45 PM

Forget NAT with IPv6. Ask your provider for a suitably sized network, and bear in mind that the smallest subnet you should *ever* deploy outside a PtP-link is a /64. My *home* ISP hands me a /48.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How should I configure properly my LAN to use IPv6 for communication on LAN and WAN?

TH: ฉันควรกำหนดค่า LAN ของฉันอย่างถูกต้องเพื่อใช้ IPv6 สำหรับการสื่อสารบน LAN และ WAN อย่างไร

RO: Cum ar trebui să configurez corect LAN-ul meu pentru a utiliza IPv6 pentru comunicarea pe LAN și WAN?

RU: Как правильно настроить локальную сеть для использования IPv6 для связи в локальной и глобальной сети?

VI: Tôi nên định cấu hình mạng LAN của mình như thế nào để sử dụng IPv6 để liên lạc trên mạng LAN và WAN?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.