I got IPv6 working! :D (3 hours Later) NOOOOOOOOOOOOOO!!!

This weekend, I set about trying to get IPv6 working on my home network. It wasn’t necessary but given I’d received a /56 network prefix from my ISP (Aquiss) and it wasn’t completely straight forward to setup, I was on a mission to get it working!

5 hours later and I had IPv6 working on my pfsense router, IPv6 addresses from within my /56 network prefix on various devices in my network and was able to ping IPv6 addresses from my laptop 😀 WOOHOO! Result!

3 hours after, it occurred to me perhaps this wasn’t the brightest thing I’ve done in quite a while… There was a lack of firewall blocks on my pfsense firewall! I’d overlooked allowing internet traffic past the firewall to the devices on the network directly! NOOOOOOOOOOOOOO!!! 🙁

2 hours later, IPv6 was satisfactorily disabled on my network and won’t be re-enabled for a good while 🤦

I wish I’d read the first paragraph “Some differences in IPv4 and IPv6” from Your Warranty Is Void.com before attempting to setup IPv6 this weekend

For anyone interested in the magic combination required to setup IPv6 on pfsense with ISP Aquiss, read on…

First, go into the interface you’ve configured for your internet connection. In my case it’s an interface named FTTP. Change the “IPv6 Configuration Type” to DHCP6. This will then add in a panel to the page for configuring the IPv6 settings.

Under “DHCP6 Client Configuration”, tick “Use IPv4 connectivity as parent interface”, enter your prefix size in “DHCPv6 Prefix Delegation size” (in my case /56) and tick “Do not wait for a RA”. Please note, not all of the options ticked may be required but this combination worked for me…

Next, go to your LAN interface and under “General Configuration”, in “IPv6 Configuration Type”, select “Static IPv6”

This will then put an additional panel onto the page “Static IPv6 Configuration”. In this panel, enter the IPv6 address you’ve been provided and the prefix size. I’ve changed the example IP address but hopefully you get the idea!!

Next, go to Services -> DHCPv6 Server and you should find you have an entry for the LAN interface. Enable the DHCPv6 Server and enter a start and end prefix.

If you now go to Status -> Intefaces you’ll find your internet interface has an “IPv6 Link Local” address and “Gateway IPv6”.

Your pfsense box should be able to ping an IPv6 address, so lets test it by going to Diagnostic -> Ping and entering www.google.com, selecting IPv6 and click Ping.

There’s one final bit left which is to allow your network devices to talk to the internet, so head over to the firewall rules for the LAN interface and add in a pass rule from any source to any destination on any protocol.

That should now be it! So test it out from one of your devices. You might need to disable and re-enable the network adaptor to pick up a new IPv6 address. The example below is from command prompt.