-
Amazon Deals - ToS - Warp
IPv6 setup on your router behind JIO router
- Thread starter bhojv74
- Start date
- Replies 48
- Views 18,352
are you using openwrt?
Did you have success with setting up pfsense with jio?
I don't have a Jio Fiber connection, and this is what I could infer with the limited digging I could do with a JioFi :
JioFi Status Page :
Windows Client IPv6 :
Traceroute :
Ping to 2409:4063:4215:294d:1020:f0ff:fe0c:c33e :
As we can see the JioFi gets assigned an IPv6 address, most likely via IPv6 DHCP, since it doesn't match the subnet from which the downstream clients are assigned IPv6 addresses.
Also via DHCPv6 the JioFi requests a /64 delegated prefix : 2409:4063:4215:294d::/64 which is used to assign public IPv6 addresses to downstream clients.
On pinging 2409:4063:4215:294d:1020:f0ff:fe0c:c33e I receive a reply time of <1ms (if this was DHCP relay, then the response time on LTE would never be <1ms even if I was sitting right below the towers) which means this is the IPv6 address that the JioFi is using to advertise itself through SLAAC to downstream devices (NO DHCPv6, hence no possibility of getting delegated prefixes further downstream).
On tracing route to the public IPv6 address assigned to my computer (2409:4063:4215:294d:f7:3497:4552:23f4), we get the following result :
Which further confirms that the JioFi is in fact acting as a proper IPv6 router, not just relaying IP addresses.
[/QUOTE]
Now, if you want to use pfSense as an IPv6 router, there's no other way than to use IPv6 NAT. Here are steps to do so :
TL;DR : This must be used only and only if you absolutely need IPv6 connectivity (torrents, VPS, etc.). This method does not provides publicly routable IPv6 addresses to end hosts :
Step 1 : Change WAN Interface to obtain IPv6 address via SLAAC :
Step 2 : Assign a private IPv6 Address to your LAN Adapter ( Any range from fc00::/7). I chose mine to be fd00::1/64
Step 3 : Go to Firewall > NAT > Outbound
Choose Hybrid Outbound NAT Rules Generation and add the following mapping : (Leave all other settings at default)
Step 4 : Go to Services > DHCPv6 Server and RA > LAN > Router Advertisements : (Leave other settings at default, be sure to match the advertised subnets with that you chose under LAN)
Save and restart pfSense.
Go to ipv6.google.com and you should see the page load.
JioFi Status Page :
Windows Client IPv6 :
Traceroute :
Ping to 2409:4063:4215:294d:1020:f0ff:fe0c:c33e :
As we can see the JioFi gets assigned an IPv6 address, most likely via IPv6 DHCP, since it doesn't match the subnet from which the downstream clients are assigned IPv6 addresses.
Also via DHCPv6 the JioFi requests a /64 delegated prefix : 2409:4063:4215:294d::/64 which is used to assign public IPv6 addresses to downstream clients.
On pinging 2409:4063:4215:294d:1020:f0ff:fe0c:c33e I receive a reply time of <1ms (if this was DHCP relay, then the response time on LTE would never be <1ms even if I was sitting right below the towers) which means this is the IPv6 address that the JioFi is using to advertise itself through SLAAC to downstream devices (NO DHCPv6, hence no possibility of getting delegated prefixes further downstream).
On tracing route to the public IPv6 address assigned to my computer (2409:4063:4215:294d:f7:3497:4552:23f4), we get the following result :
Which further confirms that the JioFi is in fact acting as a proper IPv6 router, not just relaying IP addresses.
[/QUOTE]
If you go by this approach you lose all the firewall features (+ other layer 3 features) of the pfSense firewall. That's equal to removing pfSense from the middle.
Now, if you want to use pfSense as an IPv6 router, there's no other way than to use IPv6 NAT. Here are steps to do so :
TL;DR : This must be used only and only if you absolutely need IPv6 connectivity (torrents, VPS, etc.). This method does not provides publicly routable IPv6 addresses to end hosts :
Step 1 : Change WAN Interface to obtain IPv6 address via SLAAC :
Step 2 : Assign a private IPv6 Address to your LAN Adapter ( Any range from fc00::/7). I chose mine to be fd00::1/64
Step 3 : Go to Firewall > NAT > Outbound
Choose Hybrid Outbound NAT Rules Generation and add the following mapping : (Leave all other settings at default)
Step 4 : Go to Services > DHCPv6 Server and RA > LAN > Router Advertisements : (Leave other settings at default, be sure to match the advertised subnets with that you chose under LAN)
Save and restart pfSense.
Go to ipv6.google.com and you should see the page load.
Last edited: