IPv6 working at home (sort of)

I finally got IPv6 working at home over the weekend. I ended up doing it with custom router hardware from PC Engines (in my case the very capable APU with 4GB memory [$131+$10 enclosure], a 16GB mSATA SSHD [$24.99], and three gigabit Ethernet ports) running pfSense.

Couple of hiccoughs along the way:

1. Completely forgot about the all-important null modem cable.
2. Needed to find driver for my USB-DB9 serial adapter that runs under macOS Sierra (Prolific PL2303 chipset well-supported)
3. Needed to find an appropriate terminal emulator (screen works well)

If for no other reason than to document my own setup (dual WAN ISPs CenturyLink & Comcast), here’s what I did:

1. Download FULL version of pfSense for AMD64 (in my case pfSense-CE-memstick-serial-x.x.x-RELEASE-amd64.img.gz)
2. Burn it to USB stick (dd command)
3. Load serial drivers from Prolific site
4. Check to make sure serial port appears
5. Insert mSATA SSHD, connect USB-serial adapter, null modem cable, plug into PC Engines board, plug in USB stick
6. Open console, then open serial at correct rate (115K)
7. Apply power to PC Engines board
8. Do full install onto mSATA
9. Follow the wizard for configuration.
10. Configure both WAN interfaces, add to gateway group at same Tier (for load-balancing) at IPv4, add firewall rule
11. Turn on tracking to ONE of the WAN IPv6 setups (CenturyLink uses 6rd, Comcast uses DHCP6). I picked CenturyLink
12. Make a gateway and firewall for that too

If all goes well, you should get the below message.

Caveats

There are a few:

• IPv6 is beyond my technical expertise. It doesn’t really use NAT and DHCP the same way I’m used to. It seems like everything is kind of a local anarchy (you can PICK your own local addresses to use! Randomly!). I’m probably wrong about most of this.
• The setup above doesn’t use load-balancing for IPv6, only for IPv4. More investigation necessary.
• I’m getting hiccoughs on streaming services from time to time. I think it’s switching between ISPs and Netflix/Amazon/TuneIn don’t like that. I may reserve addresses and force routing through a specific WAN for specific devices, (SIP devices, Fire TV, SONOS, etc.) as soon as I figure out how to do that.
• I have VPNs active (on of the other reasons I used pfSense). I have no idea if they work or not yet.
• pfSense on my own was not a good idea. Should’ve bought a box from these guys. The added cost and the ability to get support for my unique configuration would’ve been worth the hefty up-front cost ($499).
• I’m thinking of building a robust mesh network up here in Boulder Heights. I’ll likely want a board with one more port to get that working (2 WAN, 1 WiFi mesh, 1 LAN)