Community Forum

IPv6 Addresses and Prefix Request with pfSense

Frequent Visitor

IPv6 Addresses and Prefix Request with pfSense

I currently pay for Gigabit service from Comcast Residential.  This is handled by a pfSense appliance.

 

There are two problems:

 

(1) I am not getting an IPv6 address from Comcast.

 

(2) I am not getting a /64 prefix

 

From everything I have found, I should be able to get a /64 prefix to assign IPv6 addresses to individual devices behind my pfSense.  However, I am unable to do so, nor am I able to get an IPv6 address on my WAN port just for my pfSense box even  (NAT6 therefore isn't an option either).

 

Is there anything I can do to troubleshoot this on my end, or do I have to go through chat with a tech to solve this problem?

Expert

Re: IPv6 Addresses and Prefix Request with pfSense

See if anything here helps;

 

https://content.pivotal.io/blog/a-barebones-pf-ipv6-firewall-ruleset



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: IPv6 Addresses and Prefix Request with pfSense

I'm not paying for gigabit but I do have Comcast and pfsense. I tried /64 and never got it to work. I had to switch to /60 and then everything started working just fine. Below are the settings I have on WAN and a guest network. You can use the guest network settings on your LAN, just make the prefix ID different for each interface.

 

You mentioned NAT6, I dont think pfsense supports that but I'm no expert and havent looked into it.

 

Screen Shot 2019-01-11 at 8.01.14 AM.pngScreen Shot 2019-01-11 at 8.01.28 AM.pngScreen Shot 2019-01-11 at 8.01.44 AM.pngScreen Shot 2019-01-11 at 8.01.55 AM.png

Highlighted
Frequent Visitor

Re: IPv6 Addresses and Prefix Request with pfSense

I did manage to get NAT6 working on Sense, but not with the GUI, it was a nasty piece of work, but isn't good long-term.

 

I'll emulate your v6 settings when I'm home after work and see if I can get it working.  If I can then I can enjoy v6 connectivity, if not, I"ll be back.

 

I also have a ruleset permitting all v6 at the moment so there's nothing *blocking* v6 currently...

 

Will report back; sorry for the slow response times, I was travelling a bit.

Frequent Visitor

Re: IPv6 Addresses and Prefix Request with pfSense

This worked.  Turns out however I had an errant rule in my system blocking v6 ICMP on the WAN interface.

 

I fixed that by opening WAN ICMPv6 inbound to the WAN and it seemed to work.

Expert

Re: IPv6 Addresses and Prefix Request with pfSense

Glad you got it figured out !



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!