Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Routing Platforms => Topic started by: magicbycalvin on July 23, 2014, 08:20:54 AM

Title: Trouble Getting IPv6 to Work With pfSense
Post by: magicbycalvin on July 23, 2014, 08:20:54 AM
Hello Hurricane Electric community!

Skip to the bottom if you want the short version.

   I am currently working at an ISP and we are looking to support IPv6. I have been handed the task of creating a firewall for our internal and test servers that will support IPv6 so that we can soon implement it for the end user. After many days of research we decided to use pfSense to play around with.
   I have got pfSense up and running and it works great with IPv4, however for some reason I am unable to get IPv6 to work. I am currently using the most recent release (2.1.4) which does have GUI support. My issue is that I am unable to ping further than the LAN IPv6 port from the client computer. I am, however, able to ping out to the internet from the pfSense firewall. This suggests that I am having internal routing issues. I am still not completely well versed in how router advertisements work but from what I have learned, I decided to use 'Managed' along with the internal DHCPv6 service. When I check ipconfig on the client computer I do not receive an IPv6 gateway nor does my IPv6 address match the range that I have put in place for the DHCPv6 service. I have made sure that IPv6 is enabled on the GUI. The IPv6 address for the WAN side is 2001:XXXX:XXXX:2000::2, the gateway/upstream router is 2001:XXXX:XXXX:2000::1, and the LAN side is 2001:XXXX:XXXX:2001::1. I do also have the allow all rule on LAN for IPv6.
   I appreciate any help that you folks can provide. The sooner I can get this up and running the sooner we can provide IPv6 to our customers and hopefully set an example for more ISP's to follow. Thanks again!

Short Version:
Using pfSense firewall
pfSense version - 2.1.4
Issue - Unable to reach further than LAN (can't ping WAN, upstream router, or internet)
Possible Cause - Routing issues for IPv6
LAN Address - 2001:XXXX:XXXX:2001::1
WAN Address - 2001:XXXX:XXXX:2000::2
Upstream Router - 2001:XXXX:XXXX:2000::1
Router Advertisement - 'Managed', DHCPv6 Service Enabled
Other Useful Info - IPv6 is enabled on GUI, IPv4 works fine, firewall rule set to allow all IPv6 traffic on LAN, ipconfig shows no IPv6 Gateway and IPv6 address on client does not fall within designated range on DHCPv6.