Netgate SG-1000 microFirewall

Author Topic: Use Delegate IPv6 Prefix in LAN  (Read 302 times)

0 Members and 1 Guest are viewing this topic.

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Use Delegate IPv6 Prefix in LAN
« on: January 17, 2018, 02:04:22 pm »
Hi,

i use a Zyxel VMG1312-B10A with "Deutsche Telekom" as provider.
I get a Dual Stack IPv4 and IPv6 from my Provider.

The Zyxel shared adress to a test device (Windows 7 Machine) which is directly connected to Zyxel VMG1312-B10A and i have IPv4 and IPv6 internet connection.

But i get only an IPv6 address on my WAN (DHCPv6) port but my LAN get no IPv6 address (Track Interface from WAN with 0)

In the attachments i have add the settings from my Zyxel VMG1312-B10A.

Which setting is wrong or which setting i must set to get ipv6 in my LAN network.

Please help

Thx

Rafael
« Last Edit: January 17, 2018, 02:30:36 pm by rafael.seeck »

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #1 on: January 17, 2018, 02:52:17 pm »
If your ISP supplies you a /56 prefix for instance, then your ZyXEL needs to delegate a prefix (say a /62) to your pfSense machine for one LAN to have its /64.

Then test with DHCP6-PD or Static from pfSense to obtain the desired results.
« Last Edit: January 17, 2018, 03:03:59 pm by hda »

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #2 on: January 17, 2018, 03:15:16 pm »
Hi,

thanks for your reply.

Is this settings correctly?

Thx

Rafael

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #3 on: January 17, 2018, 03:36:17 pm »
There is now no need for through the IPv4 link.
And only ask the prefix.

But first it must be allowed from the ZyXEL as a /62 to pfSense. (check their forum)

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #4 on: January 17, 2018, 03:39:31 pm »
hi,

now im in the start situation:

WAN get an IPv6 but LAN get no IPv6. All settings i have add as pictures in the attachments.

Thanks

Rafael

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #5 on: January 17, 2018, 03:48:22 pm »
Hi,

before i open here this topic i had contact with the zyxel support from the configuration site everything is fine.

Thx

Rafael

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #6 on: January 17, 2018, 04:05:30 pm »
In Firewall Rules Floating: put in rule IPv6 *ICMP* (any) anywhere Allow.
Check if System Advanced Networking has: Allow IPv6.
Have an Allow rule on your LAN for IPv6 anywhere.
« Last Edit: January 17, 2018, 04:08:40 pm by hda »

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #7 on: January 18, 2018, 05:09:46 am »
Hi Firewall rules is also set.

How can i debug this problem in pfsense?

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #8 on: January 18, 2018, 07:37:48 am »
Show at Status Interfaces ?

Do
Interfaces WAN DHCP6 Client Configuration Debug > Status System Logs DHCP (or General)

Do
DiagnosticsPacket Capture WAN(LAN) > View Capture (or dwnld & Wireshark)

« Last Edit: January 18, 2018, 07:42:51 am by hda »

Offline rafael.seeck

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Use Delegate IPv6 Prefix in LAN
« Reply #9 on: January 18, 2018, 12:58:16 pm »
Hi,

here the logs from my pfsense box:

Logs from dhcp:

Code: [Select]
Jan 18 19:22:09    dhcp6c    52079    Sending Solicit
Jan 18 19:22:09    dhcp6c    52079    unknown or unexpected DHCP6 option vendor class, len 18
Jan 18 19:22:09    dhcp6c    52079    advertise contains NoPrefixAvail status

Logs from paket capture:

Code: [Select]
19:51:33.387373 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:51:37.030823 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:51:46.389244 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:51:52.512874 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:00.397632 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:09.273705 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:13.525238 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:13.527773 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1:ffbc:daa1: ICMP6, neighbor solicitation, who has fe80::215:17ff:febc:daa1, length 32
19:52:13.527813 IP6 fe80::215:17ff:febc:daa1 > fe80::a2e4:cbff:fea4:3dc2: ICMP6, neighbor advertisement, tgt is fe80::215:17ff:febc:daa1, length 32
19:52:13.528522 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:13.721413 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:18.991170 IP6 fe80::215:17ff:febc:daa1 > fe80::a2e4:cbff:fea4:3dc2: ICMP6, neighbor solicitation, who has fe80::a2e4:cbff:fea4:3dc2, length 32
19:52:18.992042 IP6 fe80::a2e4:cbff:fea4:3dc2 > fe80::215:17ff:febc:daa1: ICMP6, neighbor advertisement, tgt is fe80::a2e4:cbff:fea4:3dc2, length 24
19:52:20.423288 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:21.786929 IP6 fe80::215:17ff:febc:daa1 > ff02::2: ICMP6, router solicitation, length 16
19:52:23.534638 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:24.446869 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:24.448690 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:25.574409 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:25.576884 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:27.658950 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:27.660968 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:29.981862 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:31.647205 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:31.649272 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:39.783712 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:39.785645 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:52:39.899272 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:49.420112 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:55.063083 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:52:56.118458 IP6 fe80::215:17ff:febc:daa1.546 > ff02::1:2.547: UDP, length 97
19:52:56.120488 IP6 fe80::a2e4:cbff:fea4:3dc2.36418 > fe80::215:17ff:febc:daa1.546: UDP, length 144
19:53:00.546213 IP6 fe80::a2e4:cbff:fea4:3dc2 > ff02::1: ICMP6, router advertisement, length 24
19:53:01.119071 IP6 fe80::a2e4:cbff:fea4:3dc2 > fe80::215:17ff:febc:daa1: ICMP6, neighbor solicitation, who has fe80::215:17ff:febc:daa1, length 32
19:53:01.119111 IP6 fe80::215:17ff:febc:daa1 > fe80::a2e4:cbff:fea4:3dc2: ICMP6, neighbor advertisement, tgt is fe80::215:17ff:febc:daa1, length 24

Please help

thx

Rafael