Starlink, PFSense, HAProxy, IPv6

nickn.nys · January 14, 2023, 8:18pm

I have followed this guide How To Setup ACME, Let's Encrypt, and HAProxy HTTPS offloading on pfsense - YouTube in the past and have had success using IPv4.

I am looking to setup the same thing only over IPv6. Starlink uses an additional layer of NAT on their IPv4 network which prevents me from using that. My understanding is that this is not the case with their IPv6 network. There would be no need, plenty of addresses to go around. If I am mistaken please let me know. If not I am not sure what steps need to differ from the video. I have done the following but it is still not working.

*I have enabled IPv6 in Advanced/Networking
*Under Interfaces/WAN I have both IPv4 & 6 configuration types set to DHCP & DHCP6 respectivly. Should IPv4 be set to none? I am remote and can’t lose internet connection or I will have to go there to fix.
*No settings where changed under interfaces/LAN
*Port fowarding for HA proxy was done with IPv6 with needed WAN rule
*Acme was setup exactly the same as the video
*DDNS is set up as IPv6 and appears to be updating properly
*The backend is a Blue Iris server which I can access internally on either IPv4 or 6. I have tried using both addresses in the backend settings and neither worked
*The frontend is set to use “WAN address IPv6”

I have not gotten it to work and I don’t know what else there is to do. Any help is greatly appreciated.

LTS_Tom · January 14, 2023, 11:44pm

IPv6 wit HAProxy is not something I have ever tried.

netcate · January 24, 2023, 2:22am

this is interesting, i was looking around to setup ipv6 with haproxy (i got mine from route48)

have you tried to ping your ipv6 from outside and make sure it works? there’s also known issue Configuring 'default-server resolve-prefer ipv4' does not seem to work · Issue #1825 · haproxy/haproxy · GitHub where you have to restart the entire service instead of reloading the config only

nickn.nys · January 30, 2023, 3:22pm

I’ve played with it a bit and still unable to get it working.

Can I use a VPN from my starlink location to my fiber location and use the HA proxy from my fiber location to point to the server at my starlink location? If so will openVPN work for this? Not sure of all the rules I would need to make for this to work. I’ll start setting this up and see how far I can get.

TheCastle · February 6, 2023, 7:52pm

Starlink like a lot of other wireless providers is using CGNAT on IPV4. I wouldn’t bother trying to make this work on IPV6 as it so often doesn’t work right. Also they do not allow port forwarding even over IPV6.

Your options for hosting something which is what I’m assuming you’re doing. Is that right? In that case your options would be;

Use a cloud service to host your setup with a public IPV4
find a wireless provider that allows you to have a static IPV4 (AT&T does)
use a VPN tunnel to send your traffic out through a static IP (performance penalty and another item to go down)
someday starlink business may offer a static IPV4 address, but at this time they do not. I know as I have it and have asked.

Personally its just easier to get an AT&T enterprise LTE plan with a static IPV4 address than to make starlink work for hosting. Its also probably cheaper. I pay $120 a month for unlimited enterprise plan with a static IPV4 address.