Kviknet and IPv6
I decided to switch ISP, mainly due to Hiper (Danish) was using a VLAN for their connection which made pfSense and my APU3 board require a reboot everytime I changed anything.
Kviknet has a good reputation (wonder why) in Denmark, they are not cheap and they have the same opening hours as everyone else - meaning until 16:30 and closed during weekends. I sometimes wonder how companies who need 24/7 internet get on with that ... well it's Denmark.
Kviknet has an interesting way to do IPv6, your router get and SLAAC assigned IPv6 address on the public side (wan) and you get a ::/48 network from Kviknet to use on your lan.
To some degree it does make sense, you can then configure your lan with static addresses as you see fit, and for dynamic assignment you use RA stateless dhcp *) ... which works for everything.
(I need to get my piHole configured with an static IPv6 so that I can use that ...).
To use pfSense with Kviknet and to get it working with IPv6 do this:
1) System -> Advanced -> Networking
- Check [x] "All IPv6 traffic will be blocked by the firewall unless this box is checked"
- Set DHCP6 DUID to: "DUID-LLT: Based on Link-layer Address Plus Time"
2) Firewall -> Rules -> WAN
Make sure that you allow incoming IPv6 ICMP echoreq (this sometimes solves an issue where your WAN interface does not get an address.
You might be able to get it to work without this, then leave it out.
3) Interface -> WAN
- IPv6 Configuration Type: DHCP6
--> DHCP6 Client Configuration
- Check [x] Advanced Configuration
- Set "DHCPv6 Prefix Delegation size" to 64 (that is the address you get from Kviknet)
- Check [x] Debug
--> Advanced DHCP6 Client Configuration
- Send options: ia-pd 1, ia-na 1
-> Identity Association Statement
- Check [x] Non-Temporary Address Allocation
-- id-assoc na ID = 1
-- IPv6 address = ::/0
- Check [x] Prefix Delegation
-- id-assoc pd ID = 1
-- IPv6 prefix = 48
- Prefix Interface = WAN
This takes care of getting the WAN side configured, and you'll now be able to ping an IPv6 address from your router.
4) Services -> DHCPv6 Server & RA / LAN / DHCPv6 Server
*) There is a bug in the DHCPv6 configuration, I have not been able to configure it and only use RA.
Interface -> Router Advertisements
- Router mode: Stateless DHCP - RA Flags [other stateful], prefix ....
That is is, press [save].
Your clients should now get an IPv6 address and will be able to connect to the internet.