Static ipv6 and ipv6 neighbour

strumf666

Jr. Member

Offline

Posts: 45

Static ipv6 and ipv6 neighbour

« on: December 19, 2011, 11:53:42 am »

Hi everyone,

does pfsense 2.1 support the above and is there a guide how to set it up? My ISP uses this and I got ipv6 enabled, now I don't know how to set it up :-/


	Logged

databeestje

Administrator
Hero Member

Offline

Posts: 1048

It just might be your luck day, if you only knew.

Re: Static ipv6 and ipv6 neighbour

« Reply #1 on: December 19, 2011, 01:07:49 pm »

Not quite sure what that is, I have not run into such a install in the wild yet.

We don't have a slaac option for IPv6 yet either.

I'll have to read the documentation on that, so don't expect support soon.


	Logged

strumf666

Jr. Member

Offline

Posts: 45

Re: Static ipv6 and ipv6 neighbour

« Reply #2 on: December 19, 2011, 01:32:59 pm »

This illustrates what my ISP offered to me. Sorry about the language, if needed I will try to translate.
In short, I got assigned an external ipv6 address, /64 subnet, "connecting segment" (the /126 thing) and I have received default gateway.
In order to make it work I need to manually add a ipv6 neighbour which is actually an isp router (default gateway) which I can do with ndp -s [ipv6] [mac]. After that I can ping the gateway (otherwise I get an error) but test-ipv6 still doesn't see my ipv6 address (pinging google on ipv6 also times out).
I use separate subnets for lan and wifi, but I only enabled ipv6 for lan subnet (until I get a /56 subnet), in dhcp server I set RA to unmanaged for lan and Router only on lan dhcp is disabled and RA set to Router only. I laso added firewall rules for ipv6 traffic.
Any help appreciated...


	Logged

wallabybob

Hero Member

Online

Posts: 4802

Re: Static ipv6 and ipv6 neighbour

« Reply #3 on: December 19, 2011, 04:25:15 pm »

I might be missing something but I think

pfSense WAN interface should have IPv6 address 2a01:260:a:b::2/126
pfSense default route (gateway) should be 2a01:260:a:b::1/126 (add a default gateway under System -> Routing click on Gateways tab)


	Logged

strumf666

Jr. Member

Offline

Posts: 45

Re: Static ipv6 and ipv6 neighbour

« Reply #4 on: December 19, 2011, 06:38:10 pm »

I have it set up according to what you said.


	Logged

wallabybob

Hero Member

Online

Posts: 4802

Re: Static ipv6 and ipv6 neighbour

« Reply #5 on: December 19, 2011, 06:58:36 pm »

What is the output of the pfSense shell command netstat -r -n

Perhaps your ISP can give you the IPv6 address of a ping responding system located a little beyond your router. What is reported when you attempt to ping that? Does a packet capture on the pfSense WAN interface while the ping is running show both the ping and response?

If your default route is correct and your neighbouring router responds to pings but a system beyond the router doesn't respond to pings then the fault probably lies with your ISP.


« Last Edit: December 19, 2011, 07:02:32 pm by wallabybob »	Logged

strumf666

Jr. Member

Offline

Posts: 45

Re: Static ipv6 and ipv6 neighbour

« Reply #6 on: December 19, 2011, 09:53:08 pm »

I can ping my ISP router (the "Neighbour"), which is the first level above my router afaik. I was told I am apparently missing global unicast gateway/route through 2a01:260:4016::1, but that was at a first glance look at my routing table.

Code:

$ netstat -r -n
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 89.212.0.1 UGS 0 3782624 rl0
84.255.209.79 89.212.0.1 UGHS 0 102 rl0
84.255.210.79 89.212.0.1 UGHS 0 12 rl0
89.212.0.0/16 link#3 U 0 35329 rl0
89.212.6.75 link#3 UHS 0 0 lo0
127.0.0.1 link#4 UH 0 607 lo0
192.168.1.0/24 link#2 U 0 175132 re0
192.168.1.1 link#2 UHS 0 0 lo0
192.168.2.0/24 link#8 U 0 33 ath0_w
192.168.2.1 link#8 UHS 0 0 lo0

Internet6:
Destination Gateway Flags Netif Expire
default 2a01:260:4016::2 UGS rl0
::1 ::1 UH lo0
2a01:260:4016::/126 link#3 U rl0
2a01:260:4016::2 link#3 UHS lo0
2a01:260:4016:1:: link#2 UHS lo0 =>
2a01:260:4016:1::/64 link#2 U re0
fe80::%re0/64 link#2 U re0
fe80::221:91ff:fed4:c574%re0 link#2 UHS lo0
fe80::%rl0/64 link#3 U rl0
fe80::2e0:4cff:fe67:3edf%rl0 link#3 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0
fe80::%ath0_wlan0/64 link#8 U ath0_wla
fe80::225:86ff:fece:aedd%ath0_wlan0 link#8 UHS lo0
ff01:2::/32 fe80::221:91ff:fed4:c574%re0 U re0
ff01:3::/32 fe80::2e0:4cff:fe67:3edf%rl0 U rl0
ff01:4::/32 ::1 U lo0
ff01:8::/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U ath0_wla
ff02::%re0/32 fe80::221:91ff:fed4:c574%re0 U re0
ff02::%rl0/32 fe80::2e0:4cff:fe67:3edf%rl0 U rl0
ff02::%lo0/32 ::1 U lo0
ff02::%ath0_wlan0/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U ath0_wla


« Last Edit: December 19, 2011, 09:58:48 pm by strumf666 »	Logged

wallabybob

Hero Member

Online

Posts: 4802

Re: Static ipv6 and ipv6 neighbour

« Reply #7 on: December 19, 2011, 10:19:22 pm »

You have an IPv6 default route but it should specify the IP6 address of your upstream router, not the IPv6 address of your WAN interface.


	Logged

jimp

Administrator
Hero Member

Offline

Posts: 12852

Re: Static ipv6 and ipv6 neighbour

« Reply #8 on: December 20, 2011, 12:56:50 pm »

Double check your actual interface IP and gateway configuration (post screenshots if possible)

From your routing table output, you have the gateway set to 2 and not 1.

The output from "ifconfig -a" and "ndp -na" might also help.


	Logged

Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List

strumf666

Jr. Member

Offline

Posts: 45

Re: Static ipv6 and ipv6 neighbour

« Reply #9 on: December 20, 2011, 04:32:21 pm »

One of the ISP's tech guys was good enough to take a look at my pfsense through rdp. He said I had everything set correct, but in the routing tables it was wrong (I did have it set up under WAN settings, not under Routing, if it matters), think he said wan and lan were just the opposite. He edited those I think, then he used a startup script so that the ISP router (neighbour) is added everytime I restart it and added an ipv6 gateway under routes + a global unicast route and now it works. Posting routes if it will/can help anyone.

Code:

::1 ::1 UH 0 0 16384 lo0
2000::/3 2a01:260:4016::1 UGS 0 413 1500 rl0
2a01:260:4016::/126 link#3 U 0 18425 1500 rl0
2a01:260:4016::2 link#3 UHS 0 5 16384 lo0
2a01:260:4016:1::/64 link#2 U 0 848 1500 re0
2a01:260:4016:1::1 link#2 UHS 0 0 16384 lo0
fe80::%re0/64 link#2 U 0 75 1500 re0
fe80::221:91ff:fed4:c574%re0 link#2 UHS 0 0 16384 lo0
fe80::%rl0/64 link#3 U 0 0 1500 rl0
fe80::2e0:4cff:fe67:3edf%rl0 link#3 UHS 0 0 16384 lo0
fe80::%lo0/64 link#4 U 0 0 16384 lo0
fe80::1%lo0 link#4 UHS 0 0 16384 lo0
fe80::%ath0_wlan0/64 link#8 U 0 0 1500 ath0_wlan0
fe80::225:86ff:fece:aedd%ath0_wlan0 link#8 UHS 0 0 16384 lo0
ff01:2::/32 fe80::221:91ff:fed4:c574%re0 U 0 0 1500 re0
ff01:3::/32 fe80::2e0:4cff:fe67:3edf%rl0 U 0 0 1500 rl0
ff01:4::/32 ::1 U 0 0 16384 lo0
ff01:8::/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U 0 0 1500 ath0_wlan0
ff02::%re0/32 fe80::221:91ff:fed4:c574%re0 U 0 0 1500 re0
ff02::%rl0/32 fe80::2e0:4cff:fe67:3edf%rl0 U 0 0 1500 rl0
ff02::%lo0/32 ::1 U 0 0 16384 lo0
ff02::%ath0_wlan0/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U 0 0 1500 ath0_wlan0

Code:

$ netstat -r -n
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 89.212.0.1 UGS 0 6615203 rl0
84.255.209.79 89.212.0.1 UGHS 0 703 rl0
84.255.210.79 89.212.0.1 UGHS 0 107 rl0
89.212.0.0/16 link#3 U 0 476665 rl0
89.212.6.75 link#3 UHS 0 0 lo0
127.0.0.1 link#4 UH 0 167 lo0
192.168.1.0/24 link#2 U 0 3796618 re0
192.168.1.1 link#2 UHS 0 0 lo0
192.168.2.0/24 link#8 U 0 1138 ath0_w
192.168.2.1 link#8 UHS 0 0 lo0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
2000::/3 2a01:260:4016::1 UGS rl0
2a01:260:4016::/126 link#3 U rl0
2a01:260:4016::2 link#3 UHS lo0
2a01:260:4016:1::/64 link#2 U re0
2a01:260:4016:1::1 link#2 UHS lo0
fe80::%re0/64 link#2 U re0
fe80::221:91ff:fed4:c574%re0 link#2 UHS lo0
fe80::%rl0/64 link#3 U rl0
fe80::2e0:4cff:fe67:3edf%rl0 link#3 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0
fe80::%ath0_wlan0/64 link#8 U ath0_wla
fe80::225:86ff:fece:aedd%ath0_wlan0 link#8 UHS lo0
ff01:2::/32 fe80::221:91ff:fed4:c574%re0 U re0
ff01:3::/32 fe80::2e0:4cff:fe67:3edf%rl0 U rl0
ff01:4::/32 ::1 U lo0
ff01:8::/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U ath0_wla
ff02::%re0/32 fe80::221:91ff:fed4:c574%re0 U re0
ff02::%rl0/32 fe80::2e0:4cff:fe67:3edf%rl0 U rl0
ff02::%lo0/32 ::1 U lo0
ff02::%ath0_wlan0/32 fe80::225:86ff:fece:aedd%ath0_wlan0 U ath0_wla


« Last Edit: December 20, 2011, 04:35:53 pm by strumf666 »	Logged

databeestje

Administrator
Hero Member

Offline

Posts: 1048

It just might be your luck day, if you only knew.

Re: Static ipv6 and ipv6 neighbour

« Reply #10 on: December 22, 2011, 04:39:27 pm »

Reading your diagram that the isp gave you, it looks like a normal static ipv6 configuration.

Basically you configure the ::2 of the /126 prefix on the pfSense wan interface. You then create a gateway to the ::1 address of the /126 subnet. Normally the isp router will reply for ndp requests for this address.

You can configure the 1st /64 prefix on the lan interface. Your isp will just forward the /64 networks to the ::2 address of your /126 subnet.

This really is a basic static config as long as both the isp and pfsense reply to ndp requests. Which i think they will.

If you have any questions or want me to review your configuration i can verify it remotely.


	Logged

Pages: [1] Go Up

« previous next »