I finally got IPv6 working at home over the weekend. I ended up doing it with custom router hardware from PC Engines (in my case the very capable APU with 4GB memory [$131+$10 enclosure], a 16GB mSATA SSHD [$24.99], and three gigabit Ethernet ports) running pfSense.
Couple of hiccoughs along the way:
- Completely forgot about the all-important null modem cable.
- Needed to find driver for my USB-DB9 serial adapter that runs under macOS Sierra (Prolific PL2303 chipset well-supported)
- Needed to find an appropriate terminal emulator (screen works well)
If for no other reason than to document my own setup (dual WAN ISPs CenturyLink & Comcast), here’s what I did:
- Download FULL version of pfSense for AMD64 (in my case pfSense-CE-memstick-serial-x.x.x-RELEASE-amd64.img.gz)
- Burn it to USB stick (dd command)
- Load serial drivers from Prolific site
- Check to make sure serial port appears
- Insert mSATA SSHD, connect USB-serial adapter, null modem cable, plug into PC Engines board, plug in USB stick
- Open console, then open serial at correct rate (115K)
- Apply power to PC Engines board
- Do full install onto mSATA
- Follow the wizard for configuration.
- Configure both WAN interfaces, add to gateway group at same Tier (for load-balancing) at IPv4, add firewall rule
- Turn on tracking to ONE of the WAN IPv6 setups (CenturyLink uses 6rd, Comcast uses DHCP6). I picked CenturyLink
- Make a gateway and firewall for that too
If all goes well, you should get the below message.
There are a few:
- IPv6 is beyond my technical expertise. It doesn’t really use NAT and DHCP the same way I’m used to. It seems like everything is kind of a local anarchy (you can PICK your own local addresses to use! Randomly!). I’m probably wrong about most of this.
- The setup above doesn’t use load-balancing for IPv6, only for IPv4. More investigation necessary.
- I’m getting hiccoughs on streaming services from time to time. I think it’s switching between ISPs and Netflix/Amazon/TuneIn don’t like that. I may reserve addresses and force routing through a specific WAN for specific devices, (SIP devices, Fire TV, SONOS, etc.) as soon as I figure out how to do that.
- I have VPNs active (on of the other reasons I used pfSense). I have no idea if they work or not yet.
- pfSense on my own was not a good idea. Should’ve bought a box from these guys. The added cost and the ability to get support for my unique configuration would’ve been worth the hefty up-front cost ($499).
- I’m thinking of building a robust mesh network up here in Boulder Heights. I’ll likely want a board with one more port to get that working (2 WAN, 1 WiFi mesh, 1 LAN)