pfSense Gold Subscription

Author Topic: IPv6 on 2VLANs  (Read 323 times)

0 Members and 1 Guest are viewing this topic.

Offline pbnet

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
IPv6 on 2VLANs
« on: October 31, 2017, 06:13:14 am »
Hello,

I'm trying to get IPv6 from my ISP on both VLANs I have.
Here's the setup:
- custom made PFSense 2.4.1 box with 2NIC
- NIC 1 --> Connects to the ISP via PPPoe on IPv4 and DHCP6 on IPv6, IPv6 prefix delegation /64. It requests an IPv6 prefix though the IPv4 connectivity link
- NIC 2 has 2 VLANS:
VLAN1: IPv4: Static IPv4; IPv6: Track Interface WAN with IPV6 prefix ID: 0
VLAN2: IPv4: Static IPv4; IPv6 --> here I need you guys help, since I cannot use the same prefix ID, and the PFSense GUI does not allow me to change the prefix ID to anything else than 0 which is already being used.

For the moment I have IPv6 on VLAN1, but not on VLAN2.

Thanks for all your help.

Andy.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 955
  • Karma: +33/-4
    • View Profile
Re: IPv6 on 2VLANs
« Reply #1 on: October 31, 2017, 06:16:49 am »
What prefix are you getting from your ISP?  If only a /64, you're out of luck.  I have a /56 and I can configure pfSense to request any prefix up to that with "DHCPv6 Prefix Delegation size on the WAN" page.  Once you have more than 1 /64, you can choose which one when configuring VLANs.

Offline pbnet

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: IPv6 on 2VLANs
« Reply #2 on: November 01, 2017, 03:42:42 am »
Hello,

The ISP is assigning a ::/64. So I'm out of luck :)
They might be assigning a ::/56 sometimes during January 2018.
Just out of curiosity, can you put some screenshots on how to do it using a ::/56 ?

Thanks a lot,
Andy

Offline JKnott

  • Hero Member
  • *****
  • Posts: 955
  • Karma: +33/-4
    • View Profile
Re: IPv6 on 2VLANs
« Reply #3 on: November 01, 2017, 06:11:01 am »
There's really no need for screen shots.  As I mentioned, you set the desired prefix size on the WAN page.  In my case I selected a /56 and when you configure the interface, you just choose which /64 to use on that interface.  Also make sure that RAs are set up properly.  That's pretty much all there is to it.  It works the same way whether you have 1 /64 or 65,536.  If you can do one, you can do them all.

Offline pbnet

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: IPv6 on 2VLANs
« Reply #4 on: November 01, 2017, 06:32:16 am »
Thanks a lot.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14420
  • Karma: +1335/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPv6 on 2VLANs
« Reply #5 on: November 01, 2017, 08:33:51 am »
If you don't want to wait til your ISP starts handing out prefixes you can work with multiple segments behind pfsense.  You could always setup tunnel with Hurricane Electric (free) you can get a /48 from them.  Then you could setup as many vlans you want on ipv6.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline pbnet

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: IPv6 on 2VLANs
« Reply #6 on: November 03, 2017, 01:01:27 am »
Does it also work if my ISP is assigning dynamic IPv4 addresses ?
As far as I know, HE requires an IPv4 static endpoint..

Thanks

Offline Grimson

  • Full Member
  • ***
  • Posts: 176
  • Karma: +26/-2
    • View Profile

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14420
  • Karma: +1335/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPv6 on 2VLANs
« Reply #8 on: November 04, 2017, 07:57:06 am »
"As far as I know, HE requires an IPv4 static endpoint.."

Where would you have gotten that FUD from?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline JKnott

  • Hero Member
  • *****
  • Posts: 955
  • Karma: +33/-4
    • View Profile
Re: IPv6 on 2VLANs
« Reply #9 on: November 04, 2017, 11:53:35 am »
"As far as I know, HE requires an IPv4 static endpoint.."

Where would you have gotten that FUD from?

At one point, HE.  I was looking at them several hears ago and then you had to supply an IPv4 address and they had no way of handling a different address.  While my IPv4 address was virtually static and I could have used it, I went with another provider that could even handle mobile users & NAT.  I believe HE now has a way to handle changing addresses, though I haven't investigated it.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9212
  • Karma: +1046/-308
    • View Profile
Re: IPv6 on 2VLANs
« Reply #10 on: November 04, 2017, 12:02:07 pm »
HE.NET has the ability to use a dynamic DNS address for the tunnel endpoint. In fact there is a specific dyndns provider setting in pfSense for HE.NET Tunnelbroker.

Just do it. It works great.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline JKnott

  • Hero Member
  • *****
  • Posts: 955
  • Karma: +33/-4
    • View Profile
Re: IPv6 on 2VLANs
« Reply #11 on: November 04, 2017, 05:41:25 pm »
HE.NET has the ability to use a dynamic DNS address for the tunnel endpoint. In fact there is a specific dyndns provider setting in pfSense for HE.NET Tunnelbroker.

Just do it. It works great.

Can they handle NAT yet?  The tunnel broker I used could either use 6in4 IP protocol 41 or UDP.  UDP was necessary behind NAT.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9212
  • Karma: +1046/-308
    • View Profile
Re: IPv6 on 2VLANs
« Reply #12 on: November 04, 2017, 07:27:07 pm »
No idea. NATs are bad.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline JKnott

  • Hero Member
  • *****
  • Posts: 955
  • Karma: +33/-4
    • View Profile
Re: IPv6 on 2VLANs
« Reply #13 on: November 04, 2017, 08:23:49 pm »
No idea. NATs are bad.


Yeah, I know.  But when you're using someone else's network, you have no choice.