Kviknet and IPv6

 I decided to switch ISP, mainly due to Hiper (Danish) was using a VLAN for their connection which made pfSense and my APU3 board require a reboot everytime I changed anything.

Kviknet has a good reputation (wonder why) in Denmark, they are not cheap and they have the same opening hours as everyone else - meaning until 16:30 and closed during weekends. I sometimes wonder how companies who need 24/7 internet get on with that ... well it's Denmark.

Kviknet has an interesting way to do IPv6, your router get and SLAAC assigned IPv6 address on the public side (wan) and you get a ::/48 network from Kviknet to use on your lan. 

To some degree it does make sense, you can then configure your lan with static addresses as you see fit, and for dynamic assignment you use RA stateless dhcp *) ... which works for everything. 

(I need to get my piHole configured with an static IPv6 so that I can use that ...).

pfSense is a pain, I do like it, but they are light years behind their main competitor OpnSense, when it comes to IPv6 configuration.

To use pfSense with Kviknet and to get it working with IPv6 do this:

I use this post from Version2 to get it to work - thank you Michael Hansen.


1) System -> Advanced -> Networking

- Check [x] "All IPv6 traffic will be blocked by the firewall unless this box is checked"

- Set DHCP6 DUID to: "DUID-LLT: Based on Link-layer Address Plus Time"

Click [save]

2) Firewall -> Rules -> WAN

Make sure that you allow incoming IPv6 ICMP echoreq (this sometimes solves an issue where your WAN interface does not get an address.

You might be able to get it to work without this, then leave it out.

3) Interface -> WAN 

- IPv6 Configuration Type: DHCP6

--> DHCP6 Client Configuration

- Check [x] Advanced Configuration

- Set "DHCPv6 Prefix Delegation size" to 64 (that is the address you get from Kviknet)

- Check [x] Debug

--> Advanced DHCP6 Client Configuration

- Send options: ia-pd 1, ia-na 1

-> Identity Association Statement

- Check [x] Non-Temporary Address Allocation

-- id-assoc na ID = 1

-- IPv6 address = ::/0

- Check [x] Prefix Delegation 

-- id-assoc pd ID = 1

-- IPv6 prefix = 48

- Prefix Interface = WAN

Click [save]

This takes care of getting the WAN side configured, and you'll now be able to ping an IPv6 address from your router.

4) Services -> DHCPv6 Server & RA / LAN / DHCPv6 Server

*) There is a bug in the DHCPv6 configuration, I have not been able to configure it and only use RA.

Interface -> Router Advertisements

- Router mode: Stateless DHCP - RA Flags [other stateful], prefix ....

That is is, press [save].

Your clients should now get an IPv6 address and will be able to connect to the internet.





Daniel said…
Thank you so much, it got my ipv6 working on pfsense with kviknet :)
Consider sending the guide to kviknet, so they can put it on their documentation
Casper said…
You can send them a link, I made my opinion about their documentation very clear. Which made them a bit unhappy.
Anonymous said…
Hi Casper. Is your pfSense settings still working with Kviknet, and in case they do, which fiber network provider are you using. I'm running pfSense (tried since 22.05, and now 23.05), and you settings gets me an IP address and delegation, but pfSense is never able to renew or rebind the WAN IPv6 address causing both the IP and the delegation to to timeout and cause a full service restart when lost - after which pfSense again is offered the address (and PD) on a full new DHCP6 cycle.
Casper said…

I'm on N1 (Norlys), I had a similar problem with Hiper which I was never able to solve. Back then I was only able fix it by rebooting my router.

Eventhough Kviknet does not support anything but their own routers, I'd talk to them - you might be lucky. Or ask Yoel Caspersen directly.

Popular posts from this blog

Apple AirPort Express and Digital Jitter..

Apple IOS cannot download song