pluralist & toph3r thank you for your comments.

Forgive my ignorance, but shouldn't I see a 'proper' IPv6 address on the MODEM as well as a link-local address? As a standalone device that is responsible for connecting my router to the Internet, I would expect it to get it's own address so it could communicate with the outside world. On the IPv4 side pfSense tells me the CF WAN Gateway has 100.72.X.X as an address which I understand is consistent with the address range given out for the 150Mb offering from CF.

toph3r amending my settings based on your response still makes no difference.

I think I'm going to have to turn it all off and walk away for now. Maybe something will click if I come back later #sigh

A basic modem does nothing other than change analogue signals to digital and vice versa. It doesn't have or need an address.

However most people these days refer to modem/routers in two ways, but rarely as the correct modem/router that they are.

Your "modem" is certainly a modem/router in bridge mode with input from the outside world through an ethernet port connected to your ONT (Optical Network Termination/Terminator). (I wonder if you even need it?)

In the early days of FTTC on Openreach lines their two routers (Huawei and ECI) were in fact both modem/routers in bridge mode, simply doing that signal conversion from/to the phone line splitter and your true router. If you remember, they had ethernet output to your equipment. As such they did not have an IP address. IP addresses at this level are for communication between between routers or a router and devices.

However, as devices connected to your own router, they did have a LAN address (usually the 192.168.n.n range) issued by your router. This enabled us to configure them if required. Such as turning that bridge mode on and off. Fairly quickly a hacked firmware became available for the Huawei, enabling us to obtain the xDSLx line stats. The ECI hack came later, but involved soldering stuff on its circuit board. Not for the faint-hearted.

A few people did in fact use the Huawei in full modem/router mode, with no other router.

That was history of course. These days what we call a router is rarely just that except in larger more complex systems. Of the kind toph3r is probably involved in.

The modern home/SOHO "router" is always a modem/router plus an ethernet switch plus a WAP (Wireless Access Point). Basically four separate logical pieces of kit combined into one box and with circuitry to handle all the functions on a single board. When connected to a full fibre network its in and out connection with the outside world is by ethernet to the ONT. The modem component simply not used, if still present. In time it won't be there, as its function ceases to exist.

GonePostal's reply to toph3r is important corroboration of what I have suggested earlier. You need to establish the IP address of your "router". Your "modem" cannot be modulating/demodulation between analogue and digital as it has no analoge input from anywhere. As I wondered as an afterthought earlier in this post, do you even need that modem?

In my long reply to toph3r I provided this link. There is a post by MHC in that thread that gives an easier method than mine of setting up BQM to ping your router on IPv6. I can't vouch for it, but it looks feasible to me, and he is far from stupid.

On AAISP my method of course wouldn't work and neither would his, as the router was just an intermediary between AAISP and the WAN network of my /64 on which my devices had their IPv6 addresses issued by my router's DHCP server in the same way as the 192.168.n.n ones were as a LAN on FTTC.

Postscript: In my years on AAISP, IIRC we were issued with an initial /56 within the /48 not the smaller /64s, and could have multiples of those if we wished.

Edited by pluralist (Fri 10-Mar-23 14:06:18)

You don't have to have a public IPv6 on the WAN interface, I've been with ISPs where I've just had an internal one (fe80). With AAISP they have allocated a public looking IPv6 address for the WAN but not from my own range, and I've never checked if I can ping it from outside.

For pinging from ThinkBroadband BQM I simply use the LAN1 IPv6 address which is public.

So under Interfaces -> LAN1 you could try setting:

IPv6 configuration type: Static IPv6

You then need to pick an address from your range, if you have a /48, this means they give you something like:

2001:8b02:1b22 as a prefix, and from this you need to decide your LAN1 range of addresses, I would keep it easy to visualise, so if your prefix is similar to this, being a /48, pick the first 64 bits you want to use for your LAN1, I would suggest just adding all ones so:

2001:8b02:1b22:1111 <- All ones to tell you this is one you've chosen for LAN1. If you are given a /56 range, then the ISP has fixed two extra bytes, so your prefix would look something like: 2001:8b02:1b22:12, so you would then select your LAN1 to have 2001:8b02:1b22:1211 as its prefix. This means all devices on LAN1 will have an IPv6 address starting with that prefix.

To set the full IPv6 address for LAN1, simply give it 1, so LAN1 Static IP becomes 2001:8b02:1b22:1111:0000:0000:0000:0001, you can shorten this to 2001:8b02:1b22:1111::1

Make sure Use IPv4 connectivity as parent interface is checked.

Now set up the LAN, which is Services -> DHCPv6 Service, I like to set up DHCP as well as Router Advertisments. On the DHCPv6 Server tab you should see your subnet automatically showing, and subnet mask at 64 bits. The available range is shown.

Set the range to use for DHCP, you just need a small range out what is available, again keep it so you can recognise when you see devices with an IPv6 address where it has come from DCHP, so using the example address from above, set rang 2001:8b02:1b22:1111::d:1 to 2001:8b02:1b22:1111::d:ffff this gives you 60,000+ addresses that can be used for DHCP addressing. You shouldn't need to change anything else on this page.

Select the Router Advertisements tab, select Assisted - RA Flags. Again all other settings should be fine at defaults. Save the changes.

The Firewall doesn't need anything configured for incoming, but you do need to tell the firewall to allow Outgoing IPv6. Go to Firewall - Rules - LAN1 tab, add an outgoing rule for everything (the same as the IPv4 rule but with IPv6 selected as the Protocol).

Reboot pfSense and see if devices are getting an IPv6 address, which if handed out by DHCP will be 2001:8b02:1b22:1111: something, and SLAC addresses will start 2001:8b02:1b22:1111 with something completely random afterwards. Browse to https://test-ipv6.com/ to check if IPv6 is routing out.

Hopefully that might get it working for you.

Edited by E300 (Fri 10-Mar-23 16:10:00)

In reply to a post by GonePostal:

The point @pluralist is making is generic and would apply equally well if anyone had a range of external IPv4 addresses for their kit. If it has all been TLDR previously, the simple point being made is that if you want to run ThinkBroadBand BQM you need to point the connection from the TBB Firebrick to a fixed point in your network.

I addressed that? Point it to a LAN v6 iface on your router. That's what I do.

In reply to a post by nwootton2000:

pluralist & toph3r thank you for your comments.

Forgive my ignorance, but shouldn't I see a 'proper' IPv6 address on the MODEM as well as a link-local address?

No. Some ISPs may give you a WAN v6 iface, others will not. There's no 'right' or 'wrong' here. Just know that not seeing one assigned is completely OK technically. Your v6 delegation is to your internal ifaces, not your wan iface, with your ISP (it seems at any rate).

re the config not working. pfsense sucks sometimes. Reboot after making any v6 changes. That's what I am forced to do.

Edited by toph3r (Fri 10-Mar-23 16:30:22)

In reply to a post by E300:

You don't have to have a public IPv6 on the WAN interface, I've been with ISPs where I've just had an internal one (fe80). With AAISP they have allocated a public looking IPv6 address for the WAN but not from my own range, and I've never checked if I can ping it from outside.

EXACTLY.

Glad someone else gets this.

Presumably logic is not your strong point.

Because you don't have a public IP, to run the BQM you need to find an address which can be pinged by the Firebrick.

If you think the either Pluralist or I do not understand that then you are not capable of understanding the underlying logic in long sentences or paragraphs.

In reply to a post by GonePostal:

Presumably logic is not your strong point.

Because you don't have a public IP, to run the BQM you need to find an address which can be pinged by the Firebrick.

..I've already addressed this - twice - as has another poster.

NB: The irony of a person who *continues* to not understand what is being written attempting to call another person's logic prowess out is truly remarkable.

Edited by toph3r (Fri 10-Mar-23 18:39:32)