IPv6 Integration: A Look at pfSense 2.1

On September 15, 2013, pfSense 2.1 was released. This release brings many new features; the biggest change is IPv6 support in almost every portion of the system. There are also a number of bug fixes. Recently, I burned a live CD of 2.1 to see what interesting features the new version has.

Configuring an Interface for IPv6


Configuring an interface for IPv6 in pfSense 2.1

The integration of IPv6 support is obvious to anyone who even takes a casual look at the pfSense web GUI. Under “Interfaces“, if you select an interface, under “General Configuration“, there is a new dropdown box called “IPv6 Configuration Type“. The options are: Static, DHCP, Stateless Address Auto Configuration (SLAAC), 6rd Tunnel, 6to4 Tunnel, and Track Interface. Stateless Address Auto Configuration is a mechanism that allows a host to generate its own IPv6 address even if the routable addresses are assigned or pre-configured and is required on all IPv6 configurations. 6rd is an IPv6 transitioning mechanism to allow for stateless tunneling of IPv6 over IPv4, and is intended as a mechanism to tunnel across an ISP’s IPv4-only access network. 6to4 Tunnel is yet another transition mechanism for migrating from IPv4 to IPv6, and allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. Choosing “None” disables IPv6 on this interface.

If you choose an IPv6 configuration type, the “Static IPv6 configuration” subsection appears. Here you must enter an IPv6 address and an optional gateway. Once you have entered this information, you can press the “Save” button and the “Apply Changes” button on the next page.

DHCPv6 Relay and DHCPv6 Server

Once you have configured at least one IPv6 interface, it will be possible to configure other IPv6-related services. For example, by navigating to Services -> DHCPv6 Relay, you can add an IPv6 DHCP relay. This enables you to relay DHCPv6 requests to a server or several servers. In order to use this service, click on the “Enable” check box to enable the DHCP relay. In the “Interfaces” list box, select the interface(s) from which DHCP requests will be relayed (hold down the CTRL key while clicking to select more than one interface. Next is the “Append circuit ID and agent ID to requests“. pfSense can append its interface number (circuit ID) and agent ID to DHCP requests, just as it can with IPv4 DHCP requests. Finally, at the “Destination server” edit box, you type in the IPv6 address of the server to which DHCPv6 requests are relayed. You can enter multiple server IPv6 addresses, separated by commas. Then press the “Save” button to save the settings.


Configuring Router Advertisements in pfSense 2.1.

Another new option under “Services” is “DHCPv6 Server/RA“. If you select this option there are two levels of tabs. On the top level, there is a tab for each IPv6 interface. You can enable a DHCPv6 server on each of these interfaces. The configuration options for the DHCPv6 server look identical to the configuration for DHCP for IPv6. There is a second tab, however, for “Router Advertisements“. There are five choices: “Disabled”, which disables router advertisements, “Router Only”, which causes pfSense to advertise only the current router; “Unmanaged”, which allows the radvd router advertisement daemon to handle advertising with stateless autoconfig; “Managed”, which causes assignment through the DHCP server, and “Assisted”, which combines the two. “Router Priority” allows you to select the priority for the Router Advertisement Daemon (low, normal, or high). You can add a Router Advertisement subnet on this page as well by clicking on the “plus” button and adding a subnet. You can also specify an alternate DNS server or domain serch list or use the same settings as the DHCPv6 server.

I have really only scratched the surface regarding IPv6 integration in pfSense 2.1, and there are many other features I have not touched upon here. As a result, it looks like there will be many more postings concerning the new features of the latest pfSense. Stay tuned.

External Links:

IPv6 at Wikipedia

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy