IPv6 + pfSense Video Suggestion

In the last Homelab Q&A show there was a passing comment in the chat concerning IPv6.

tl;dr - I would also like to suggest IPv6 with pfSense as a topic. Catch is it may require bringing in an expert like when there was the CAT cable topic.

I’m an amateur radio operator (Ham radio) and in the good old days there was an IPv4, Class A subnet reserved. Under some conditions it is possible for some licenced hams to be allocated addresses within this space. BGP protocol can be used with the appropriate approvals and the side effect is you may be allocated a subnet of a minimum 256 IPv4 addresses.

Many years ago when ADSL (~1.5 Mbps) was rolled out in our suburb I was looking for a home modem/router that would support BGP and there were only a couple available in my price range. I settled on a DrayTek Vigor2830 ADSL modem/router. When our suburb was upgraded to xDSL (100/40 Mbps) I upgraded to the Vigor2860ac, Vigor2862ac models. These DrayTek modems support three WAN interfaces (ADSL/xDSL, 3G/4G/5G/LTE Mobile/Cell Broadband, plus 1,000 Mbps Ethernet). All were configured with the mobile broadband as fallback for the ADSL/xDSL.

Then our ISP offered free upgrades to optical fibre. The intertubes now jump to 1,000/50 Mbps but Ookla speed tests are topping out at 250 to 300 Mbps downloads even though the 1 Ge interface is now in service. Much testing, enabling hardware acceleration, etc., and the problem is isolated to the Vigor’s IPv4 NAT in that modem/routers. Recommendation by Draytek support is to replace the SOHO Vigor286x series with a higher tier of equipment.

For many years IPv6 has been an option from my ISP and now it is provided by default by both broadband ISP services. IPv6 does not have the NAT bottleneck so the existing equipment could be used (zero cost solution). An IPv4 to IPv6 rollout is not going to happen overnight when you only have some IPv6 theory.

My history with firewalls at home starts with dialup SmoothWall (zero point something) and ends with ClearOS. For me IPv6 support is now mandatory for future implementation on the home network. pfSense becomes the logical choice to replace the struggling Vigor2862 modem/router.

My suggestion is a Homelab video on setting up multiple IPv6 WANs on pfsense and configuration of LAN, DMZ, IPv4 only equipment, etc. I believe there can be gotchas when implementing multiple IPv6 WANs configured as failovers.

The bigger issue is I don’t know any IPV6 experts and especially one for pfsense would be hard to find.

I came here looking for similar information. I have been using pfSense for many years and have what I think is a pretty decent network system setup… but only using IPv4. I am trying to wrap my head around IPv6 but I’m driving myself crazy attempting to read instructions and watching videos on the subject because they tend to assume I’m already quite versed in it, which I am not. I KNOW it is possible to setup an IPv6 gateway and route IPv6 traffic, but I really do not know how. I’ve seen Tom explain other things with pfSense and hoping he could help, but it appears that at least 6 or so months ago he wasn’t versed enough to explain it yet.

For what it is worth, I have AT&T Fiber as my ISP with an Arris BGW210-700 residential gateway. For IPv4, it is set for passthrough mode. I see in that gateway some IPv6 info listed, such as the status is available, I’m given a “Global Unicast IPv6 Address”, a “Link-local IPv6 Address”, and an “IPv6 Addressing Subnet (including length)”. I’m guessing that some of that will be needed for setting up an IPv6 gateway on pfSense, but these terms are almost a foreign language to me (obviously they are English words but not sure how to interpret them). Once a gateway is defined, I am assuming I’ll need to set up “DHCPv6 Server & RA”, but again, I don’t really know what I’m doing there either.

My configuration is changing…

We now have a fibre (not a spelling mistake) connection with 2 active Ethernet data ports on the Network Termination Device (NTD).

Data Port #1 is the house network’s 1,000/50 Mbps, IPv4 service directly connected to a pfSense firewall. IPv6 is provided by the ISP but not configured.

Data Port #2 is configured with IPv4, IPv6 and BGP (Border Gateway Protocol) configured with 256 addresses in the 44.0.0.0 subnet. This does mean that I will be configuring a ‘real’ network instead of a virtual network. This means I will be able to experiment with network configurations, break things and not impact the house network. That will keep my partner happy.

I wrote up the approval process for applying for the 256 address subnet for my local ham radio club’s magazine. This process is only applicable to ham radio operators due to the approval restrictions.