Yes, a very long time in which you could develop enormous practical know-how if you always look for solutions and don’t capitulate and deactivate.
That means for me.
- Activate IPv6 as soon as possible via Swisscom Labs, i.e. with a Google 6rd script on an Open WRT.
- Enabling IPv6 on Centro Grande
- Switching from RES to SMEs because there is a standstill on this topic and a lot of ignorance or other interests
- Enable IPv6 on the SMB CPE
- PPPoE passthrough, DMZ LAN1 on downstream router with full IPv6 support
- Notice that somehow it doesn’t quite work
- Swisscom support cannot help
- I contact Martin Gysi directly
- After much back and forth, this really verifies a bug on the SME CPE
- These fix it afterwards, my interventions came to nothing, it took the network architect to do it…
- Since then made many applications and situations with pfSense and IPv6. Privately as well as in business. (Really a lot. By far only a fraction of the IPv6 applications/solutions and hurdles were asked about in this community.)
- Swisscom doesn’t go any further, services become irrelevant for me, so I change ISP
- Swisscom (Hoi Ivan, how are you? good luck with your J search!) demoted me from Super User because mümümü 😂
- Commissioning of the latest SME CPE (at the request of Swisscom) in a productive environment because, as I said, there is no longer any Swisscom privately
- Activation of IPv6 of course again in the DMZ LAN 1
- Report after 1 hour that there is a packet loss in the DMZ via IPv6. IPv4 OK
So you can use the time or not. Everyone should know that for themselves. This is practical know-how every day and not just theory.
Written via IPv6 VPN because there is only 4G access with legacy IP in the beautiful Pampas.
For professionals/experts (and those who want to become one) as well as for all people interested in technology, this is all right, necessary and praiseworthy.
But again, from the perspective of a 08:15 customer who doesn’t even know how to write IP and doesn’t want to know, this has, at least superficially, zero relevance. And if I examine certain topics from the perspective of this clientele, that doesn’t mean that I have anything against IPv6 or that I don’t see the importance and necessity of IPv6.
Ultimately, the engineers, network technicians, network equipment suppliers and telcos also have to take responsibility if IPv6 has still not reached the awareness of end customers because they have missed out on successfully promoting IPv6 to business customers with appropriate use cases and marketing campaigns. and promote residential customers.
I don’t understand what you’re getting at. IPv6 is a necessary protocol now and for the future. There is no need for advertising for end customers. It works perfectly. With activated connections, depending on the type of service you use, over 50% of the traffic is transmitted via IPv6 without the customer noticing. That’s enough advertising and proof of the record. Now also available natively for Swisscom customers, without having to be packaged in IPv4 and routed via boarder gateways. So even more direct and better. Nobody advertises IPv6, HTTP/3, TLS 1.3, etc. These are simply newer protocols that replace older ones, faster or slower, until the tipping point at which the old version is no longer supported or very poorly.
Don’t put your hope in NAT, Synfuel or whatever. These are just expensive workarounds that can be considered for special cases.
But what is needed on the CPE is support for the few customers who are already doing port forwarding with IPv4. These are a smart local DNS resolver where you can manage the clients. They are DDNS services for the servers because the prefix is dynamic. And a more manageable firewall is needed because it replaces NAT. Nothing more is actually needed for the basic requirements of an 08:14 Swisscom customer. You could have been watching this slowly for 10 years.
All the rest doesn’t matter at all. This could also be adapted to IPv4. A lack of support for port forwarding etc. would be just as bad. And here too you can say that hardly anyone needs it.
4 months later
3 months later
- Solutionselected by scn
Works for me now too.
Setup IB3 (firmware version 12.02.48) behind it an opnsense router.
Setup is relatively simple.
On the IB 3 it shows under the diagnostic options
- IPv6 type: DualStack
- IPv6 prefix: xxxxx/56
Under the network settings, enable IPv6 and check “activate ipv6 prefex delegation”. For “LAN delegated prefix” it says /60
On Opensense this:
- Configure WAN interface for DHCPv6
!! I thought the prefix delegation size would be /60. Doesn’t work for me, I have to choose /62 - The other INterfaces are then “Track Interfaces”, prefix ID start with 0 to 3 (for /62)
Afterwards, your interfaces should actually be populated with IPv6 addresses on the dashboard page.
Question to the group:If you only get a /62 (4 nets), why can’t I use the whole /60? Ideas?
Thank you for your compassion over the last 5 years and your comments 😉
2 months later
scn
How exactly did you set it up?
IPv4 and IPv6 on Pfsense:
I get an IPv6 address like this: fe80::20b:XXXXXXXX but that is not a real IPv6 address.
I have a Zyxel AX7501-B0 as a bridge. IPv4 works and also Live and Replay TV.
No, I don’t have that with me. For me it runs over DSL and PPPoE with another provider (BBCS).
Do you have IPV6 enabled in pfSense? You can find it via System/Advanced Tab:Networking / Allow IPv6
Here’s a hint about the problem from your log: [https://forum.netgate.com/topic/130805/default-ipv6-deny-rule-in-system-logs-even-tho-default-is-pass/4?lang=en](https:// forum.netgate.com/topic/130805/default-ipv6-deny-rule-in-system-logs-even-tho-default-is-pass/4?lang=de)
Let’s see if @Tux0ne wants to get involved here.
Yes, well, I don’t want to be like that. But there can be no question of liking it 😅
Only request an IPv6 prefix with 56 on the WAN.
And for the LAN Interfaces Track Interface WAN with the ID you want.
WAN interface release / renew or reboot.
That should be it if Swisscom doesn’t do something strange.
Unfortunately no success so far.
I turned off the DHCPv6 server for a round of testing
Has anyone posted this here?
dhcp6c output with debug active:
Networking:
In order to get something other than a fe80::20b:XXXXX Ipv6 on the firewall, do I have to set firewall rules first?
Addition:
As I said, I use a Zyxel Bridge via P2MP. I’m not sure whether I have to set something up for Ipv6 and Bridge on the Zyxel, I didn’t look at that closely at the time.
It always looks about the same in the log. Further input is very welcome.
Yes, you have to activate RA on the LAN interface, you can use assisted.
To start, create a rule on the LAN interface that generally allows IPv6.
Then show me how the LAN interface is configured.
I would also check after refreshing the WAN interface to see if you find any messages that port 546/547 was blocked. Then you can activate this directly from the log using the easy rule, for example.
The question also arises as to whether native IPv6 is already activated on your access. Don’t know if that’s generally the case. You can check it by connecting the original plastic router from Swisscom.
