Internal 1000baseT <full-duplex> 192.168.255.1
track6
LAN 1000baseT <full-duplex> 192.168.1.1
WAN 1000baseT <full-duplex> 98.218.75.122
2001:558:6003:8:a53d:e2e2:250a:db88
sickcomputer 1000baseT <full-duplex> 192.168.253.1
wguest 1000baseT <full-duplex> 192.168.254.1
I have tried multiple modems and nics. I simply cannot get ipv6 to get sent to the internal vlans. This has been ongoing for a long time. Any ideas where to start?
Hi hescominsoon,
You should really check the configuration hints published by your provider.
Looking at and checking the IPv6 address in the information you provided, I figured you might be using Comcast?
Best regards.
yes i am using comcast..and i have everything setup at /55 and tried /54. it works under Linux, windows, if i plug my laptop directly into the modem. It works on the hardware that is currently running on if i install Linux on it so it's not my hardware. both pfsense and opnsense both refuse to work with ipv6. I've tried different modems as well. It's not Comcast, the modem, the hardware i have opnsense on and other firewalls NOT BSD base work fine. If i install opnsense anew..and let it run Live then the internal gets ipv6 and wan does. Once i build my vlans then ipv6 breaks.
So what logs does Opnsense want to try to troubleshoot this?
Hello
I too have Comcast, I have more or less had success after several failures. Once I stopped treating IPV6 like v4, I started to have a fruitful life.
WAN Interface:
IPv6 Configuration Type: DHCPv6
In my DHCP6 settings for my WAN, I have request of a /60 prefix, and of course sending a prefix hint request. Comcast refused to give me more than 16 networks. Which should be plenty. If that part succeeds, Comcast should give you a block like this:
2001:0001:0002:1230:: to 2001:0001:0002:123f::
For each of my internal networks, I decided (after a lot of pain and suffering) to use static IPs for each subnet/vlan I'm driving.
In System > Settings > General:
Prefer to use IPv4 even if IPv6 is available: [ ] Unchecked
Put Comcast DNS servers:
2001:558:feed::1 Use your ipv6 gateway
2001:558:feed::2 Use your ipv6 gateway
75.75.75.75 Use your ipv4 gateway
75.75.76.76 Use your ipv4 gateway
In Interfaces > Settings : Section IPv6 DHCP
Prevent release [./] Checked
Make sure you have a DHCP Unique Identifier, and safe it to prevent ever getting a difference prefix from comcast.
The firewall IP for my main work network has something like 2001:0001:0002:1230::/64
The guest interface is like 2001:0001:0002:1231::/64
The iot IP is like 2001:0001:0002:1232::/64
And so on, but each network needs to be /64. IPv6 doesn't like /65, /66 etc. on the right/interface side of the entire address space.
Set up your DHCPv6 range like:
2001:0001:0002:1230:ffff:: to 2001:0001:0002:1230:ffff:ffff:ffff:0
Assign static hosts like:
2001:0001:0002:1230:::2 ...
Finally, in router advertisements
I have these settings:
Router Advertisements Managed
Router Priority Normal
Source Address Automatic
Advertise Default Gateway [./]
If Comcast ever changes your prefix, you can always do a string replacement to update the new prefix. I decided to not use IPv6 Configuration Type: Track Interface . I have a little more control than this mode, but this was set back in the day of OPNsense 20.x
Do you have tested with the computer/laptop connected directly to the router?
I'm asking because I have recently struggled with something similar, but it turned out to be network switches that were the culprit. Some slightly older Netgear switches - and possibly other brands - can do IGMP snooping and other forms of multicast filtering, but the implementation is unfortunately not compatible with IPv6.
Quote from: hescominsoon on May 07, 2022, 05:36:19 AM
yes i am using comcast..and i have everything setup at /55 and tried /54. it works under Linux, windows, if i plug my laptop directly into the modem. It works on the hardware that is currently running on if i install Linux on it so it's not my hardware. both pfsense and opnsense both refuse to work with ipv6. I've tried different modems as well. It's not Comcast, the modem, the hardware i have opnsense on and other firewalls NOT BSD base work fine. If i install opnsense anew..and let it run Live then the internal gets ipv6 and wan does. Once i build my vlans then ipv6 breaks.
So what logs does Opnsense want to try to troubleshoot this?
Access the console as root and try:
find /var/log/system -type f -exec grep -H " dhcp6c " {} \; | sort | lessThat should give you the relevant information, provided there is any.
Best regards.
it works fine when i do the initial live install...before it gets connected to disk. once i get it loaded and do the vlans it stops working. It's been this way for years with both opn and pfsense...Linux based firewalls, however work fine...without having to manually assign ipv6 subnets to the vlan interfaces.
Internal (igb1_vlan10) -> v4: 192.168.255.1/24
LAN (igb1) -> v4: 192.168.1.1/24
WAN (igb2) -> v4/DHCP4: 98.218.75.122/23
v6/DHCP6: 2001:558:6003:8:a53d:e2e2:250a:db88/128
sickcomputer (igb1_vlan30) -> v4: 192.168.253.1/24
wguest (igb1_vlan20) -> v4: 192.168.254.1/24
What's the IPv6 config on each VLAN interface? Track interface? Are you assigning a unique prefix ID?