Splunk.Net

[home] [64bit putty] [About]

Configuring pfSense for IPv6 on Midco

17 Oct 2015 in sysadmin

Having a conversation recently with a friend the topic of IPv6 came up and he mentioned that Midcontinnent Communications has rolled out native support for IPv6 on their network. I hadn’t noticed because no one at Midco made any noise about this and since I’ve been using a 6 over 4 tunnel through Hurricane Electric for years I just never bothered to look at the WAN side of my router.

Enable IPv6 on the WAN Interface

The first thing I did was to remove all the HE prefix information from the LAN interface as well as deleted the GIF tunnel and interface assignment. With everything cleaned out I jumped over to the configuration page for the WAN interface and change the IPv6 type to DHCPv6. A quick save and the information page shows a very nice /128 address on the WAN interface. Huzza! native IPv6.

wan1

Set the Prefix Delegation Size

Now that the WAN interface has a valid IPv6 address I wasn’t sure how to get a prefix for the LAN side. I was overly hopeful and called tech support, unfortunately they were not able to give me any useful information. Undaunted I released I probably need to request a prefix, this is done further down on the WAN configuration page under the DHCP6 client configuration section. From the dropdown menu select a prefix size of 64. I tried larger sizes but none of them worked, looks like I can only get one subnet from Midco, oh well I tried.

wan2

Configure the LAN Interface

In order for the router to advertise the prefix to the internal network the LAN interface has to be set to Track Interface for the IPv6 type. This opens a section further down the page where you can select which interface to track from and what index to use for the prefix. Since there is only one prefix available the default of 0 (zero) is the only option.

lan1

lan2

Configure the Firewall

Lastly, once you have the internal interface set you should start seeing your clients auto assign themselves IP addresses inside the prefix assigned to the LAN interface. However, you might notice you can’t get anywhere just yet. That is because you’ll need to add a single firewall rule under the LAN section to allow all outbound IPv6 traffic to go out.

firewall2

firewall1

Celebrate

You’re now browsing the internet of the future, or something like that. Go ahead, try out test-ipv6.com you should get a solid 10/10. Enjoy!


Load Comments