IPv6 discussions
- Thread starter xiaofan
- Start date
- Joined
- Sep 16, 2018
- Messages
- 30,211
- Reaction score
- 8,277
Check out official pfSense documentation, use DHCPv6 and SLAAC.
https://docs.netgate.com/pfsense/en/latest/interfaces/configure-ipv6.html
You may also read the posts in Page 1.
thiamhui
Senior Member
- Joined
- Jan 3, 2001
- Messages
- 813
- Reaction score
- 116
I'm not so sure if I understand what you want, but I got IPv6 working for SIMBA after some trial and error. You can try the following if Singtel is giving you native IPv6.
At System -> Advanced -> Networking -> IPv6 Options, enable "Allow IPv6".
At Interfaces -> WAN -> General Configuration, choose the "IPv6 Configuration Type". I select "DHCP6".
On the same page under DHCP6 Client Configuration, set the "DHCPv6 Prefix Delegation size". I think is 56 for Singtel.
At Services -> DHCPv6 Server -> LAN -> General DHCPv6 Options, check on "Enable".
Lastly, at Services -> Router Advertisement -> LAN -> Router Advertisement, try "Assisted" for Router Mode.
Unfortunately, these settings did not enable ipv6 for me
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,297
- Maybe try setting the prefix of /64 first, when it works, then try /56 later
- Try unchecking the DHCPv6 options under Services
- Under Router Adv, try "Unmanaged"
- Joined
- Apr 8, 2011
- Messages
- 72,402
- Reaction score
- 2,458
then they are likely not giving you native ipv6 on your connection.
could be some quirks with pfsense also, i remembered xiaofan having some issues with singtel native ipv6 on pfsense.
- Joined
- Sep 16, 2018
- Messages
- 30,211
- Reaction score
- 8,277
Initially I could not get Singtel native IPv6 to work with pfSense back in Nov 2023 even though no issues with OpenWRT and Asus. But later in 2024, it automatically worked without any changes from my side. I was using Singtel ONT and Singtel 1Gbps plan at that time.
But I am not using pfSense now with the Singtel 5Gbps plan and bridged Singtel ONR. I am using OpenWRT.
No idea about Singtel Business plan.
Talking to Singtel about IPv6 on the consumer plan is very difficult. You can take a look at the following thread.
https://forums.hardwarezone.com.sg/threads/singtel-5gbps-ipv6.7053976/
Now it seems to be the same case for business plan.
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,297
I did.. and tried again. still no ipv6.Try reboot.
Sometimes a simple reboot helps.
Irony is my backup WAN circles data SIM in a LTE router which I use as a backup gave me IPV6 without having me to do anything
thiamhui
Senior Member
- Joined
- Jan 3, 2001
- Messages
- 813
- Reaction score
- 116
Most likely you are not having native IPv6. So only left with 6rd Tunnel.
i have access to Singtel Business Broadband. very low-end basic 350 Mbps plan.
last year, i tried enabling IPv6, only the 6rd worked, which i didn't want to use.
i configured the router to native IPv6, which didn't work, but i just left it at that configuration.
i don't log in to the router admin page much except for when i need to update the firmware, which was a few months ago. but yesterday when i logged in, to my surprise, there was a native IPv6 /56 connection active!
i put in an IPv6 DNS server and it worked immediately.
i didn't request for it, it just happened on its own. looks like Singtel is really slowly rolling out native IPv6 across their network.
last year, i tried enabling IPv6, only the 6rd worked, which i didn't want to use.
i configured the router to native IPv6, which didn't work, but i just left it at that configuration.
i don't log in to the router admin page much except for when i need to update the firmware, which was a few months ago. but yesterday when i logged in, to my surprise, there was a native IPv6 /56 connection active!
i put in an IPv6 DNS server and it worked immediately.
i didn't request for it, it just happened on its own. looks like Singtel is really slowly rolling out native IPv6 across their network.
Just sharing my experience, has dual-stacked my home previously except for Wireguard until now
Below are some of the backstories and what are the problems faces and the steps to overcome it. Solution might be janky, but it works for me now.
ISP: Starhub 5Gbps Plan
Router OS: OPNSense 25.1.8_1 (Running on Taobao N100 Mini PC bought 2 years back)
Write Up #1: Recently lost "IPv6" after dual-stacking my Wireguard, IPv6 was working fine when I whenever I check it until recently.
Block private networks: Checked
Block bogon networks: Unchecked
IPv6 Configuration Type: DHCPv6
Prefix delegation size: 64
Request prefix only: Unchecked
Send prefix hint: Unchecked
With this settings it is supposed to be working, but no matter what I am not able to get an IPv6.
Have restarted router and modem multiple times.
So did a packet inspection for WAN,
I did see Solicit, Advertise and Request... but no reply from Starhub issuing me IPv6.
So I thought Starhub was down, so I waited for another day, but nothing changes, still no IPv6
Afterwards I tried generating MAC Address and set it on my WAN Interface. Voila and it works, I am getting a IPv6 address. Problem solved.
Next, I tried removing the custom MAC address, I lost the IPv6 again. Then I generate another MAC address, this time it doesn't work anymore until I used back the first MAC address, I had generated previously
For now, I am leaving it this way. Leaving this here so that it might be able to help someone out as well as to see anyone has insight on this.
Write Up #2: Wireguard with IPv6
Backstory
Since setting up it as dual-stack last year, I have the following:
LAN Interface:
IPv6 Configuration Type: Track Interface
Parent Interface: WAN
Assign prefix ID: 0
Manual Configuration: [Checked] Allow manual adjustment of DHCPv6 and Router Advertisements
In Router Advertisements:
Router Advertisements: Stateless
Router Priority: Normal
Source Address: Automatic
DNS options:
Use the DNS configuration of the DHCPv6 server: Unchecked
Do not send any DNS configuration to clients: Unchecked
With this IPv6 is working perfectly as it should be able to browse public IPv6.
However, I do realised that if I set my DNS to the GUA IPv6 address of my Pihole, it will fail once I get a new prefix from starhub. So I looked into ULA, and given myself a ULA adding it in Interfaces/Virtual IPs:
Will explain why I didn't use the link local fe80 IP address later on.
Mode: IP Alias
Interface: LAN
Network / Address: [My generated LAN IPv6 ULA prefix]
Now with the this, all of my devices will get a 'Local' IPv6 address. ULA, my local IPv6 is fixed. Locally my IPv6 is working as it should.
Dual-Stacking Wireguard but... no public IPv6 access
1. Generate another ULA Network Address for my Wireguard
2. Everything work as it is, include DNS over IPv6, I realised I can't use the fe80 IP address to connect to my DNS server back home. Cause fe80 is link local, it doesn't support routing. Thus, the ULA address I have set up previously come into play.
Now the issue is without a Globally routed IPv6, I am not able to surf Public IPv6.
So, I am left with two choices. (Don't flame me for using NAT in IPv6, it's more like an experiment that I want to try, but also I am left with no other choice..
NAT-ing my Wireguard IPv6 Stateful vs Stateless
1. NAT66, so all my outgoing Wireguard to the public will use my WAN Interface IPv6. - This is tested to be working, but decided not to use it since it is stateful.
2. NPTv6 - This basically rewrites the prefix of my Wireguard ULA to my WAN IPv6 Prefix
NPTv6 rewriting the wrong address
Under firewall > NAT > NPTv6 Add a Rule
Interface: WAN
Internal IPv6 Prefix (source): [Internal Wireguard IPv6 Prefix]
External IPv6 Prefix: [Leave it Empty] (Since my public IPv6 prefix is dynamic, the idea to leave it empty is so that it will grab the prefix of my Global IPv6 prefix.
Track Interface: LAN
When I got to here... NPTv6 is working but no IPv6 public internet. Upon checking my logs...
NPTv6 is has replace my Wireguard IPV6 with the LAN IPv6 Prefix that I have created earlier.
But if i remove my Virtual IP temporarily, then add back my LAN ULA in Virtual IP. My Wireguard is able to surf IPv6 publicly.
However, feeling that this will not solve the problem, once reboot, I am afraid NPTv6 will pick my LAN prefix again.
Updating NPTv6 with Monit and Custom Script
Have to make use of Monit, OPNSense API and some custom script to update the NPTv6 settings.
Two scripts needed (At the bottom of this post)
1. check_ipv6_prefix.sh
2. update_nptv6.sh
In Services > Monit > Settings > Service Tests Settings (Add New):
Name: WAN_IPv6_Changes
Condition: status != 0
Action: Start
In Services > Monit > Settings > Service Settings (Add New):
Enable service checks: Ticked
Name: wan_ipv6_prefix_check
Type: Custom
Path: /path/to/check_ipv6_prefix.sh
Start: /path/to/update_nptv6.sh .
Test: WAN_IPv6_Changes (The Service Test Created Earlier)
If only Starhub gives us a prefix larger than /64
As of now this is the best I could think of to overcome this, it's janky, but it works for me for now. Do let me know if you have another solution. It would be good if Starhub don't just assign /64 IPv6 to us... then I could assign another IP range to another dummy interface and track that instead without conflicting with my Local ULA.
Scripts
Do review it before using it, not going to lie but made it up with the help of ChatGPT
check_ipv6_prefix.sh
https://pastebin.com/PJWg5aR9
update_nptv6.sh
https://pastebin.com/Scf88Ftp
Below are some of the backstories and what are the problems faces and the steps to overcome it. Solution might be janky, but it works for me now.
ISP: Starhub 5Gbps Plan
Router OS: OPNSense 25.1.8_1 (Running on Taobao N100 Mini PC bought 2 years back)
Write Up #1: Recently lost "IPv6" after dual-stacking my Wireguard, IPv6 was working fine when I whenever I check it until recently.
Block private networks: Checked
Block bogon networks: Unchecked
IPv6 Configuration Type: DHCPv6
Prefix delegation size: 64
Request prefix only: Unchecked
Send prefix hint: Unchecked
With this settings it is supposed to be working, but no matter what I am not able to get an IPv6.
Have restarted router and modem multiple times.
So did a packet inspection for WAN,
I did see Solicit, Advertise and Request... but no reply from Starhub issuing me IPv6.
So I thought Starhub was down, so I waited for another day, but nothing changes, still no IPv6
Afterwards I tried generating MAC Address and set it on my WAN Interface. Voila and it works, I am getting a IPv6 address. Problem solved.
Next, I tried removing the custom MAC address, I lost the IPv6 again. Then I generate another MAC address, this time it doesn't work anymore until I used back the first MAC address, I had generated previously
For now, I am leaving it this way. Leaving this here so that it might be able to help someone out as well as to see anyone has insight on this.
Write Up #2: Wireguard with IPv6
Backstory
Since setting up it as dual-stack last year, I have the following:
LAN Interface:
IPv6 Configuration Type: Track Interface
Parent Interface: WAN
Assign prefix ID: 0
Manual Configuration: [Checked] Allow manual adjustment of DHCPv6 and Router Advertisements
In Router Advertisements:
Router Advertisements: Stateless
Router Priority: Normal
Source Address: Automatic
DNS options:
Use the DNS configuration of the DHCPv6 server: Unchecked
Do not send any DNS configuration to clients: Unchecked
With this IPv6 is working perfectly as it should be able to browse public IPv6.
However, I do realised that if I set my DNS to the GUA IPv6 address of my Pihole, it will fail once I get a new prefix from starhub. So I looked into ULA, and given myself a ULA adding it in Interfaces/Virtual IPs:
Will explain why I didn't use the link local fe80 IP address later on.
Mode: IP Alias
Interface: LAN
Network / Address: [My generated LAN IPv6 ULA prefix]
Now with the this, all of my devices will get a 'Local' IPv6 address. ULA, my local IPv6 is fixed. Locally my IPv6 is working as it should.
Dual-Stacking Wireguard but... no public IPv6 access
1. Generate another ULA Network Address for my Wireguard
2. Everything work as it is, include DNS over IPv6, I realised I can't use the fe80 IP address to connect to my DNS server back home. Cause fe80 is link local, it doesn't support routing. Thus, the ULA address I have set up previously come into play.
Now the issue is without a Globally routed IPv6, I am not able to surf Public IPv6.
So, I am left with two choices. (Don't flame me for using NAT in IPv6, it's more like an experiment that I want to try, but also I am left with no other choice..
NAT-ing my Wireguard IPv6 Stateful vs Stateless
1. NAT66, so all my outgoing Wireguard to the public will use my WAN Interface IPv6. - This is tested to be working, but decided not to use it since it is stateful.
2. NPTv6 - This basically rewrites the prefix of my Wireguard ULA to my WAN IPv6 Prefix
NPTv6 rewriting the wrong address
Under firewall > NAT > NPTv6 Add a Rule
Interface: WAN
Internal IPv6 Prefix (source): [Internal Wireguard IPv6 Prefix]
External IPv6 Prefix: [Leave it Empty] (Since my public IPv6 prefix is dynamic, the idea to leave it empty is so that it will grab the prefix of my Global IPv6 prefix.
Track Interface: LAN
When I got to here... NPTv6 is working but no IPv6 public internet. Upon checking my logs...
NPTv6 is has replace my Wireguard IPV6 with the LAN IPv6 Prefix that I have created earlier.
But if i remove my Virtual IP temporarily, then add back my LAN ULA in Virtual IP. My Wireguard is able to surf IPv6 publicly.
However, feeling that this will not solve the problem, once reboot, I am afraid NPTv6 will pick my LAN prefix again.
Updating NPTv6 with Monit and Custom Script
Have to make use of Monit, OPNSense API and some custom script to update the NPTv6 settings.
Two scripts needed (At the bottom of this post)
1. check_ipv6_prefix.sh
2. update_nptv6.sh
In Services > Monit > Settings > Service Tests Settings (Add New):
Name: WAN_IPv6_Changes
Condition: status != 0
Action: Start
In Services > Monit > Settings > Service Settings (Add New):
Enable service checks: Ticked
Name: wan_ipv6_prefix_check
Type: Custom
Path: /path/to/check_ipv6_prefix.sh
Start: /path/to/update_nptv6.sh .
Test: WAN_IPv6_Changes (The Service Test Created Earlier)
If only Starhub gives us a prefix larger than /64
As of now this is the best I could think of to overcome this, it's janky, but it works for me for now. Do let me know if you have another solution. It would be good if Starhub don't just assign /64 IPv6 to us... then I could assign another IP range to another dummy interface and track that instead without conflicting with my Local ULA.
Scripts
Do review it before using it, not going to lie but made it up with the help of ChatGPT
check_ipv6_prefix.sh
https://pastebin.com/PJWg5aR9
update_nptv6.sh
https://pastebin.com/Scf88Ftp
Last edited:
- Joined
- Sep 16, 2018
- Messages
- 30,211
- Reaction score
- 8,277
As of now, the best consumer ISP for IPv6 may actually be ViewQuest which gives free /56 Static IPv6 for VQ users upon request.
M1 and Starhub give only /64.
SingTel is rolling out native IPv6 as well and it is supposed to be /56. But somehow I could not really use more than /64 which may be related to the SingTel ONR.
M1 and Starhub give only /64.
SingTel is rolling out native IPv6 as well and it is supposed to be /56. But somehow I could not really use more than /64 which may be related to the SingTel ONR.
- Joined
- Apr 8, 2011
- Messages
- 72,402
- Reaction score
- 2,458
Don't let VQ be your only WAN connection though, the uptime can be flaky.
I'm using VQ's /56 for my subnets, then NPTv6 from the VQ prefix to my secondary connection's /64 for dual WAN load balancing.
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
