Pfsense: Dualstack IPv6 + IPv4 with DSL over PPPoE

PfSense

Dualstack IPv6 + IPv4 with DSL over PPPoE

Interfaces -> WAN

  1. IPv4 Configuration Type: PPPoE
  2. IPv6 Configuration Type: DHCP6

DHCP6 Client Configuration

PPPoE Configuration

Interfaces -> Bridge0

Because I have a LAN,WIFI bridge0, so I have to set my static IPv6 IP’s at the bridge0 interface:

Navigate to Services / DHCPv6 Server & RA / bridge0 / Router Advertisements:

Situation: Router Advertisements does not proper work, if there is a bridge configured. Because, pfSense does not configure a link local address on the bridge. See this bug in pfsense. Bug is also included in 2.3.2-RELEASE-p1.

Workaround in /etc/inc/interfaces.inc did not work for me. So this is my workaround (after a pfsense reboot) until it is fixed:

  1. Navigate to Interfaces / Bridge0 Change IPv6 Configuration Type: Track Interface Track IPv6 Interface: IPv6 Interface: WAN IPv6 Prefix ID: 0
  2. Save and apply change. After that, PfSense configures the missing Link Local address to the bridge.
  3. Revert step 1, save and apply.

Now the radvd works proper.

OpenVPN config

  1. Start wizard
  2. Select Type of Server: Local User Access
  3. Create a New Certificate Authority (CA) Certificate Descriptive name: apu openvpn Key length: 4096
  4. Create a New Server Certificate Descriptive name: apu openvpn Key length: 4096
  5. General OpenVPN Server Information Interface: WAN Protocol: UDP Local Port: 1194 TLS Authentication: Enabled Generate TLS Key: Enabled Tunnel Network: 192.168.3.0/24 IPv6 Tunnel Network: fd00:9999::/64 Redirect Gateway: Enabled (Force all client generated traffic through the tunnel.) Concurrent Connections: 5 DNS Default Domain: vpn.domain.tld DNS Server enable: Copy dns servers from System / General Setup NTP Server enable: use pfsense ip as ntp master
  6. Firewall Rule Configuration Traffic from clients to server: Enabled Traffic from clients through VPN: Enabled

Create a Client Certificate for the VPN user:

  1. Navigate to SystemUser / Manager / Users / Edit

  2. Add a User Certificate: Method: Create an internal Certificate Certificate Type: User Certificate Key length: 4096 Common Name: user.vpn.domain.tld Alternatives Names: email address

  3. To be able to export client configurations, browse to System->Packages and install the OpenVPN Client Export package. Confirmation Required to install package pfSense-pkg-openvpn-client-export.

  4. Navigate to VPN / OpenVPN / Client Export / OpenVPN Clients Download standard configuration: Archive

  5. Extract to ~/.openvpn/xyz

  6. Change remote ip at fw-udp-1194-username.ovpn

  7. Import configuration via gnome openvpn importer.

WLAN Router config

Links