Since I’ve seen that at least some people found my guide on Ebox IPv6 helpful, I figured I’d add a post talking about one topic I didn’t cover much: the LAN IP assignments. Note that I’m still on DSL, and despite Bell buying Ebox I still don’t have access to FTTH so I can’t say if anything I write will work with their FTTH until they fix their IPv6 problems on fiber. I also can’t comment on how applicable this is to anyone with another ISP.
Before, I had my LAN set up to Track Interface as I showed in another post. This meant that my LAN IP addresses could change and would only be assigned if the internet connection was up. This might be required for some ISPs, but Ebox did a good job and ensured that the /56 you get from them never changes as it’s tied to your account number. Having watched it for quite a while, I’m pretty sure that information is correct, so I decided to permanently assign my LAN IPs statically. This means that even when Ebox is down, your IPv6 LAN will still work, and if you have servers (even a Raspberry Pi) or anything else where a static IP is very useful for easy external access, you can simply assign them static addresses as you would if you had a static IPv4 range. Note that all the same security considerations apply as with IPv4 externally accessible addresses, so please make sure you’re familiar enough with networking before opening a giant hole for anyone in the world to access your computers.
If you’ve followed my previous post, everything in it is correct up until the part where I mention Track Interface. Instead, under Interfaces→LAN select Static IPv6 for IPv6 Configuration Type.
Then, you’ll need to assign an IPv6 address to the interface. You’ll need to know what your prefix is to determine what you can assign – outside of some very complicated situations, you’re limited to assigning one of the 256 /64 ranges that form the /56 assigned to you from the ISP to each LAN interface. One way to find this prefix is to first test things out with the Track Interface setting and see what gets assigned. Then, you can determine what your prefix is from that address, remembering that your interface is a /64, the prefix is a /56, and the prefix ID is whatever you set it to. A better way is to temporarily enable Start DHCP6 client in debug mode on the Interfaces→WAN page and look in the logs to see what it is. There should be a message similar to:
IA_PD prefix: 2606:6d00:abc:5000::/56 pltime=86400 vltime=86400
I wish it were simpler, but pfSense doesn’t do a good job of exposing that information.
Once you have that prefix, you can come up with an IPv6 address to assign. Two examples:
2606:6d00:abc:5000::1/64 2606:6d00:abc:5001::1/64
If you have more than one LAN interface you can repeat the above steps for each of them.
Finally, don’t forget to set up the DHCPv6 Server and RA page as I mentioned in the older guide – everything is still applicable, assuming you want at least some of your devices to get their own address without static assignment.
Hello,
I am with FTTH and I can say only partial work. I have a WAN IPv6 following your tutorial but when I put track on my LAN, I don’t get any IPv6. Because of that, there’s no subnet nor prefix in the dhcpv6 service. I really don’t know what is wrong in the configuration. I think the missing part is from the Advanced / Networking page, where you can check multiple thing on IPv6. I had “Allow IPv6” disabled (while I still got IPv6 for the WAN). There are many other option and I don’t know which I should choose.
At minimum “Allow IPv6” has to be checked. Everything else on that page can be left at default.
Given what Ebox has said on dslreports, I wouldn’t spend too much time worrying about it until they fix their IPv6 on FTTH problems. It might very well be their problem.