[pfSense] IPv6 Routing in pfSense

Tassos Chatzithomaoglou achatz at forthnetgroup.gr
Sat Jul 13 20:14:02 CEST 2013 

Sorry for the delayed answer.

Some examples are the following:

Under WAN interface, if i choose SLAAC, then i cannot get DHCPv6-PD work at all.
If i choose DHCP6, then i get an extra option "DHCPv6 Prefix Delegation size" which imho is not needed.
The same happens on the LAN interface too.

Under "Services: DHCPv6 Server", i get the following message which is confusing atleast.
"The DHCPv6 Server can only be enabled on interfaces configured with static IP addresses.
Only interfaces configured with a static IP will be shown."

Generally, i tried to mimic the config we use on our CPEs (since pfsense if being used by quite a few of our customers as a wan router with a adsl modem in bridge mode), but i couldn't do it.

A sample IPv6 gui template we provide to our CPE vendors (which can be used to grab some ideas) is the following:

*Interface* 	*Title*
	*Choices*
	*Type*
	*Default*
*WAN* 	  	  	  	 

	*IPv4/IPv6*
	IPv4
IPv4 & IPv6
IPv6
	Single choice
	IPv4 & IPv6
  	*IPv6 Address Assignment* 	SLAAC
DHCPv6
Static 	Multiple choices 	SLAAC
  	*DHCPv6-PD* 	Enable
Disable 	Single choice 	Enable
  	*Tunnel* 	None
DS-Lite
MAP
	Single choice 	None
  	*     DS-Lite AFTR* 	Manual (+IP)
Auto (from DHCPv6) 	Single choice 	Manual
  	*PCP*
	Enable
Disable 	Single choice 	Disable
  	   *PCP Server*
	Manual (+IP)
DS-Lite AFTR
Auto (from DHCPv6) 	Single choice 	DS-Lite AFTR
*LAN* 	  	  	  	 
  	*IPv6* 	Enable
Disable
	Single choice 	Enable
  	*SLAAC* 	Enable
Disable 	Single choice 	Enable
  	*     SLAAC Prefix* 	Manual
Auto (from DHCPv6-PD) 	Single choice 	Auto (from DHCPv6-PD)
  	*     SLAAC Options* 	MTU
DNS 	Multiple choices 	MTU (from WAN MTU or 1492)
  	*DHCPv6 Server* 	Enable
Disable 	Single choice 	Enable
  	*     DHCPv6 Prefix* 	None
Manual
Auto (from DHCPv6-PD) 	Single choice 	None
  	*     DHCPv6 Options* 	Prefix
DNS (manual)
DNS (from DHCPv6-PD) 	Multiple choices 	DNS (from DHCPv6-PD)
  	  	  	  	 



--
Tassos

Seth Mos wrote on 02/07/2013 15:50:
> On 2-7-2013 14:08, Tassos Chatzithomaoglou wrote:
>> I've been trying for many months to make DHCPv6-PD work reliably over PPPoE, but i haven't got any positive result until now.
>> Besides that, i find confusing a lot of IPv6 options in the GUI.
>> Other than that, Dual-Stack seems to work fine.
> The DHCP6 renewal still seems to be biting us which is being looked at.
>
> What is confusing about the IPv6 options? Do you mean that the label or
> text is not describing or explaining it well?
>
> Kind regards,
>
> Seth
>
>> --
>> Tassos
>>
>> Nick Buraglio wrote on 01/07/2013 20:10:
>>> I've worked pretty extensively with pfSense since it's early alpha
>>> days and have had private builds with IPv6 for years and years. It
>>> works well under 2.1-BETA and has supported DHCPv6-PD for a while on
>>> the WAN side.    I've been using the 2.1-BETA train in production for
>>> a very long time with good results but I don't believe the IPv6 DNS is
>>> assigned via IPv4, it doesn't exist in the IPv4 lease tracking file
>>> and hacking through the interface code briefly it looks like there is
>>> mechanism for obtaining the DNS via DHCPv6 on the WAN side.  This is
>>> further strengthened by the fact that I have correct ISP assigned IPv6
>>> name servers assigned to me and they exist in the places I expect
>>> based on that code.
>>>
>>> nb
>>>
>>>
>>> On Mon, Jul 1, 2013 at 11:41 AM, Eugen Leitl <eugen at leitl.org> wrote:
>>>> ----- Forwarded message from Mark Tinka <mark.tinka at seacom.mu> -----
>>>>
>>>> Date: Mon, 1 Jul 2013 18:39:13 +0200
>>>> From: Mark Tinka <mark.tinka at seacom.mu>
>>>> To: list at lists.pfsense.org
>>>> Subject: Re: [pfSense] IPv6 Routing in pfSense
>>>> Organization: SEACOM
>>>> User-Agent: KMail/1.13.6 (Linux/2.6.37.6-24-desktop; KDE/4.6.0; i686; ; )
>>>> Reply-To: mark.tinka at seacom.mu, pfSense support and discussion <list at lists.pfsense.org>
>>>>
>>>> On Monday, July 01, 2013 06:23:03 PM Jim Pingle wrote:
>>>>
>>>>> Sure. A purely routed IPv6 setup was one of the first
>>>>> things to work well on 2.1.
>>>>>
>>>>> We do not do any NAT on IPv6 by default, there is NPt if
>>>>> someone really needs to do that, but it's all manual.
>>>>>
>>>>> And the settings for IPv4 and IPv6 are independent, you
>>>>> can do NAT on IPv4 while routing IPv6.
>>>> Excellent, Jim!
>>>>
>>>> Looking forward to 2.1.
>>>>
>>>> I suppose the other thing I'll then be thinking about is how
>>>> end-users are assigned IPv6 address information.
>>>>
>>>> Typical deployments have tended to use SLAAC with DHCPv4 for
>>>> the DNS. I've previously done SLAAC with DHCPv6 for DNS.
>>>> >From what I can see on doc.pfsense.org, I see pfSense will
>>>> support stateful address assignments using DHCPv6, in
>>>> addition to SLAAC.
>>>>
>>>> Would you be able to confirm whether 2.1 or later will
>>>> support DNS via DHCPv6 as well, as well as DHCP-PD?
>>>>
>>>> I suppose, for now, the default gateway will need to be
>>>> assigned via SLAAC, the one thing about DHCPv6 I still don't
>>>> find amusing.
>>>>
>>>> Cheers,
>>>>
>>>> Mark.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> List mailing list
>>>> List at lists.pfsense.org
>>>> http://lists.pfsense.org/mailman/listinfo/list
>>>>
>>>>
>>>> ----- End forwarded message -----
>>>> --
>>>> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>>>> ______________________________________________________________
>>>> ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
>>>> AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20130713/39ba93ed/attachment.html

More information about the ipv6-ops mailing list