FibreNest - IPv6 Addressing

Introduction

After recently moving from a Juniper firewall over to pfSense, I discovered that FibreNest have started to hand out IPv6 addresses and subnets for their customers. I’m compiling this quick guide on getting it configured for pfSense, although i’m sure it will be fairly similar on your platform of choice - YMMV.

At this time, the IPv6 WAN address and local subnet is dynamic. I have spoken to support about static addresses, however this is not currently available. They may work to enable later this year, but there are no timelines.

WAN Interface Configuration

The WAN configuration is fairly simple to get started. To begin with, browse to your WAN interface and enable DHCP6 on the IPv6 interface configuration:

WAN General Configuration

Once enabled, the following section will become available for configuration. The settings that I have found to work best are as follows:

  • Use IPv4 connectivity as parent interface: Checked
  • DHCPv6 Prefix Delegation size: /56
  • Do not allow PD/Address release: Checked

WAN DHCP6 Configuration

Click save and apply configuration on your interface page. After applying, you should see that your WAN interface has an IPv6 address associated.

LAN Interface Configuration

Once we have an IPv6 address on our WAN interface, we can configure the LAN interface to follow the recieved configuration. Start by browsing to your LAN interface and set the IPv6 Configuration type to - Track Interface:

LAN General Configuration

Further down, we’ll then need to configure the interface that we will be tracking:

LAN IPv6 Configuration

Click save and apply configuration. You will now notice that your LAN interface has an IPv6 address associated, different to your WAN interface.

DHCP6 and Router Advertisment Configuration

Next we need to configure pfSense to advertise itself as a Router on the LAN subnet. Browse to Services > DHCPv6 Server & RA from the navbar. Click the Router Advertisments tab:

DHCPv6 RA Configuration

On this tab, we just need to configure the top 2 settings;

  • Router Mode: Stateless DHCP - RA Flags
  • Router Priority: High

This will configure pfSense to send out the require router advertisment packets on your LAN interface.

Click save and apply as before and you are all done!

Testing

A quick an easy test to make sure that everything is working as expected is to browse to https://ipv6.google.com. This is only browsable via IPv6 and will not resolve if your IPv6 isnt working.

After that is all confirmed, another great site is the IPv6 Test suite - https://test-ipv6.com/

Caveats

  1. Due to FibreNest currently handing out a delegated IPv6 subnet, we aren’t able to use static internal addresses for things such as DNS resolution or internal services. At the moment, i’m continuing to use IPv4 for all my internal services. There are a few workarounds for this, but I haven’t been able to get a consistent experience.

  2. I have found that when the WAN address expires and needs to be renewed (even if you have a static IP), FibreNest will issue a new internal IPv6 subnet. This is mildly annoying, as it will require a DHCP lease renew of all internal clients before being able to browse IPv6 again.

Last modified: 28 February 2023