Tata Sky Broadband: Static IPV6 - Unable to Configure

It is indeed some erratic implementation... Few weeks ago, I tested it on ubiquiti edgerouter and it worked perfectly.. but it was bumpy ride when I use Juniper SRX320 and doesn’t work at all on PFSense / OPNSense
In none of the case, I get default route.. but if I add a static route on edgerouter it works smoothly
 
@panks21 I updated the config with the NextDNS servers on the general setup page and DHCPv6 server page n pfSense and it works. Just make sure you go to the RA tab and check the "Provide DNS configuration via radvd" and "Use same settings as DHCPv6 server", See this --> Config

PS - seeing your latest reply..maybe Airtel's v6 implementation is facing teething issues and its the reason why they're rolling it out slowly. TSBB on the other hand has had v6 for a pretty long time, some years actually, according to what the tech told me.
 
Took a new connection from them today. Ipv6 works out of the box. Everything was simply configured from their end and I didn't have to manually add any routes or DNS servers.
 
@pillaicha if you're using their router it works without a hitch whether on v4 or v6. But getting pfSense to work with v6 is a bit of an issue. Not simple. But once you get it done it works. On pfSense let RA do the hard work is my advice.
 
Ok guys, an update you will need to create a rule to allow ICMP echo on v6 from your WAN to LAN. See here Configuring Unifi IPv6 on pfSense

Changing MTU on LAN is not really required but you can drop it from 1500 to 1492 or similar assuming you do the ping test with IPv4. I have not changed LAN MTU.
 
@panks21 @pillaicha @tatyasky so once the firewwall rule is updated everything just falls into place. That latency I saw with some sites isn't there. Score = 19/20 according to ipv6-test.com. You can see the screenshot here - Ipv6-test.com Also, it now scores a 10/10 according to test-ipv6.com. Test

So, static IPv6 on pfSense finally done. It should also work for dynamic IPv6. Phew! 🙂 Cheers!
 

OK.. Not on PFSense, but I have it working again on Juniper SRX320 on a single vlan on the LAN side (I wanted with 3 different vlans but never mind)

@Chip Can you please confirm if you are able to open icicibank.com personal netbanking login page when you have both IPv4 and IPv6 on your PC?

It doesn't work for me with when I have IPv6, neither on desktop nor via icici mobile app.. SBI/HDFC works for me
 
@panks21 yes I can access Icici netbanking with TSBB IPv4 and v6 enabled. Just checked now. Just setup that firewall rule to permit IPv6 ICMP echo from your local network and everything just falls into place. I was lucky I saw the site (advanxer) that I shared earlier. Double checked at the pfSense site too and yes, ICMP echo is absolutely essential. With ICMP blocked v6 gets messed up.

Airtel will follow pretty much the same practice so this should work with them maybe with a few tweaks if at all. I can't wait to get IPv6 on Airtel to test it out. 🙂

BTW, how much did that SRX320 cost you? Is this for your home network?
 
@Chip can you do some screenshots of your pfsense settings. Did you setup a NAT for ICMP on WAN or simply setup rules?

Out of the box there is already a rule on LAN interface to allow all traffic.
yzUXTmo.png
 
Last edited:
@rajil.s yes, that one is in there out of the box. But with my config I have it set for IPv4+v6 not just v6. Exactly what issue are you currently facing with pfSense? About the screen shots, I have shared links in Msg #95 on this thread.
 
@Chip Everyother netbanking works along with everything else except icicibank. I get 19/20 on the ipv6-test.com and 10/10 in test-ipv6.com. NextDNS detects that I have IPv6 enabled network
So I don't see a challenge with the firewall policies
Juniper SRX320 was given by employer during Covid. It is indeed home network
 
@panks21 can u switch off NextDNS and try? I am only guessing here because unless I get IPv6 on my Airtel connection I will be unable to experiment. Also, what I read is that major browsers default to opening v6 sites and if it's not present they load the v4 as a fall back. Can you try with a different browser?
 
Chip said:
@rajil.s yes, that one is in there out of the box. But with my config I have it set for IPv4+v6 not just v6. Exactly what issue are you currently facing with pfSense? About the screen shots, I have shared links in Msg #95 on this thread.
Click to expand...
I am trying these things on Airtel. Until this morning i could not ping out to ipv6 address from pfsense ssh shell itself. However, automagically something changed, and now ping is working from pfsense.
[2.5.2-RELEASE][root@pfSense.localdomain]/root: ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2401:4900:1f24:8fff::5c:6365 --> 2404:6800:4007:814::200e
16 bytes from 2404:6800:4007:814::200e, icmp_seq=0 hlim=118 time=8.687 ms
16 bytes from 2404:6800:4007:814::200e, icmp_seq=1 hlim=118 time=8.586 ms
16 bytes from 2404:6800:4007:814::200e, icmp_seq=2 hlim=118 time=8.706 ms
^C
--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 8.586/8.659/8.706/0.053 ms
Click to expand...

However, ping from LAN side (Desktop) are still not working,
$ ping ipv6.google.com
PING ipv6.google.com(hkg07s33-in-x0e.1e100.net (2404:6800:4005:804::200e)) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
274 packets transmitted, 0 received, 100% packet loss, time 283931ms
Click to expand...



I have the RA set to assisted mode on pfsense, and can see a public IPv6 address defined on my desktop (in addition to link local).
 
@rajil.s bro i think it's something to do with one of your firewall rules either on Windows or pfSense maybe both. I can ping any v6 DNS server via the Windows command line and pfSense shell including Google, OpenDNS which I use & now NextDNS as well.

Can you please create that new rule for ICMP v6 on the firewall and retry? I'd give the router box a reboot after these rules are created just to be sure they load correctly.
 
Ok, this is working just as it should. pfSense has been backed up with a baseline config. 🙂

As a final test my desktop was able to ping my mobile phones' IPv6 addresses when the phones were:
  • Connected to the home WiFi and with my TSBB static IPv6 address (1st 4 quartets + DUID value).
  • On Jio's IPv6 address.
  • On Airtel's IPv6 address.
 

Similar threads

MikeHolmes
Questions for existing Tata Sky Broadband users
Replies
2
Views
1,740
Rock990
ATX
ACT Fibernet Static IP Performance
2
Replies
27
Views
17,902
RedskyITM
madhusudhan7
Review on Tata Sky+ HD True VOD Service (Download Content Via Broadband Internet on Lan Port)
2 3 4 5
Replies
63
Views
21,790
dyna
S
  • Locked
Tata Broadband and Belkin Wireless router
Replies
2
Views
6,215
y2s
Top