Hi gnomes

No, you don’t get addresses directly from RIPE, but from Swisscom from their pool if you order static IP addresses. This is currently only possible for business connections such as inOne SME.

What Chris Ebno is referring to here is probably native IP with a prefix reference. But probably not static like I know Swisscom. And since I’m no longer with Swisscom, it hasn’t already been tested including instructions for pfsense 🙂

Why won’t it be ini7 for you? Would probably be the best solution for you without any special hardware as long as you can provide the service directly and not via BBCs from Swisscom.

As of today, 10GE or even 25GE is marketed at the same price as 1 GE, i.e. 777 CHF per year, as soon as the corresponding POP is converted. A /48 IP prefix would be included free of charge, static if desired. You can also have a static legacy IP, but it costs extra.

Yes, I would be careful about IP statements from the hotline.

You usually know that. the difference between a public IP and a static one. Let alone the prefix questions.

As of today, you can assume that private customer products do not receive a static IP. Whether legacy or IP doesn’t matter. And it doesn’t depend on the access technology like xgs pon but on the product of the internet connection.

@Tux0ne Do you happen to know whether you also have to set the vendor-class-identifier (dhcp-option 60) for IPv6 DHCP via Swisscom in pfsense for dhclient6?

According to @ChristianEb, this should now be possible.

Is it the same? If so, is it the same configuration as in IPv4 dhclient.conf or is it different with dhcclient6?

This is what I currently have with the “normal” dhcclient(4):

cat /conf/dhclient.conf
interface "{interface}" {
send dhcp-class-identifier "100008,0001,pfsense 2.0";
}

@guybrush82 no, you only have to on the v4, greetings

Chris

---

@ChristianEb wrote:

@guybrush82 no, you only have to on the v4, greetings

Chris

---

And prefix /56 I think.

@Tux0ne Yup, /56…

@Anonymhmm everyone has their own opinion… but I’m not sure if I can understand your reasoning….

I currently understand that you want to take your own ipv6 subnet with you to a provider, with as much bandwidth as possible, right?

@ChristianEb

Unfortunately it didn’t work with the /56 prefix either, I can’t get an IP from the DHCP6 server. 😐

Should the rest of the settings be correct?

Thanks Tux0ne

With the option “Request only an IPv6 prefix” I now at least get an IPv6 on the WAN interface: xxxx::xxx:xxxx:xxxx:xxxx%igb2 (I don’t know whether the “%igb2” suffix should be 😉 )

And apparently I got a new IP on the IPv4 interface… 🙄

On the LAN interface, Track Interface is on:

No blocks on UDP 546 appear in the firewall logs:

Nevertheless, I get a message on IPv6 test pages that says IPv6 is not supported:

Yes, you don’t see that entirely realistically @Anonymous

Even if you change your ISP and the associated prefix change, you don’t have to reconfigure everything.

Basically you have slaac, so everything is addressed in a new way. And for server services you can make static leases using DHCP6.
DHCP6 in pfsense takes over this again if there is a dynamic prefix. Only the range and the static client identifier are defined. The prefix is ​​taken over again based on the tracking from the WAN. You should configure it like this.

With the local DNS resolution there is also the option of adopting the names based on the DHCP6 lease.

So just because you have IPv6 doesn’t suddenly tie you to the ISP because addressing the clients should present insurmountable hurdles.

I think my ISP change took less than half an hour and I had some static configurations in there.

---

@Anonymous wrote:

there is no NAT with IPv6,

---

IPv6 also supports NAT. However, using NAT with IPv6 is not recommended:

[https://security.stackexchange.com/questions/44065/with-ipv6-do-we-need-to-use-nat-any-more](https://security.stackexchange.com/questions/44065/ with-ipv6-do-we-need-to-use-nat-any-more)

---

@Anonymous wrote:

Please correct me if this is wrong, then I didn’t do my homework?

My problem (and everyone who has a NAS or a camera) is affected by this and will really be in trouble if I change provider. This means reconfiguring the entire network every time, which is unthinkable for companies

---

There are also mechanisms for fully automatic distribution of global IPv6 addresses for IPv6. For example: DHCPv6 and SLAAC. Anyone who manually assigns a global IPv6 address to every network participant in the home network or company network is doing something wrong:

https://www.elektronik-kompendium.de/sites/net/2004011.htm

https://www.elektronik-kompendium.de/sites/net/1902141.htm

https://www.elektronik-kompendium.de/sites/net/1902131.htm

---

@Anonymous wrote:

My problem (and everyone who has a NAS or a camera) is affected by this and will really be in trouble if I change provider.

For security reasons, access to such devices from the Internet should only be possible with a VPN tunnel. See “Good Performance Rule #5” at:

[https://community.upc.ch/d/4397-diagnose-tool-der-connect-box-says-your-home-network-hat-derzeit-einige-probl/27](https://community. upc.ch/d/4397-diagnose-tool-der-connect-box-says-your-home-network-has-currently-some-probl/27)

\=> IPv4 can continue to be used for VPN tunnels in the distant future.

In general, you should avoid using IPv6 until the ISP (here Swisscom) supports dual stack:

https://www.elektronik-kompendium.de/sites/net/1904041.htm

The use of any IPv6 tunnel solutions is not recommended. See "Good Performance Rule #26 and:

[https://community.swisscom.ch/t5/Internet-Allgemein/IPv6-6rd-MTU/td-p/641943](https://community.swisscom.ch/t5/Internet-Allgemein/IPv6-6rd- MTU/td-p/641943)

guybrush82

546 would be the local port not the sender port.

Has no address been configured as a gateway on the LAN?

Then you just have to do a bit of trial and error.

You can also try with a config like this. Simply with prefix 56 and not 52!

You don’t have to configure the RA so that local clients can use IPv6. Is that already clear?

@Tux0ne

> You don’t have to configure the RA so that local clients can use IPv6. Is that already clear?

No, that’s not clear to me, just to out myself as an IPv6 noob. 🙈😄

And I imagined it would be somehow easier with the IPv6 thing.

Actually, I would only want to use IPv6 out of interest anyway, but I have no problem switching it off if (from what I read here) many providers (including Swisscom) still make it more complicated than necessary.

Because I’m still a little bit ambitious, I’d like to make a few more attempts.

And to get closer to the diagnosis: No, no IPv6 address has been configured on the internal (LAN) interface.

The DHCP server doesn’t run on the firewall either, it’s outsourced to internal servers behind it and isn’t configured for IPv6 (if that were necessary), or I see here that RAs seem to be part of the DHCP6 server.

However, before I approach the I Pv6 configuration of local clients, I would like to have the part on the router working correctly.

Tux0ne Even with all the additional options, the WAN interface only has a fe80:: address, which probably corresponds to the link-local and indicates that a “real” IPv6 address is not even obtained. 😞

So I’ve never done this setup that you’re working on on a PF, but I suspect that the second hack is wrong @guybrush82 you don’t want to get the v6 over the v4,….

@ChristianEb This was just to test based on advice from @Tux0ne.

I’ve now taken it out again, but it hasn’t changed anything.