How to Configure pfSense 2.2.2 for IPv6 on CenturyLink Gigabit Fiber

Configuring IPv6 can be a bit tricky. It’s new to most people, the pfSense IPv6 code has been changing quickly in the last few months, and there have been some recent IPv6 bugs in the 2.2 code all of which have made it difficult to find exactly how to create a working configuration.  However, as of 2.2.2, the lion’s share of those bugs appear to be fixed, and it’s now much easier to configure a working setup.

Ok, let’s get started.  This article assumes that you already have a working IPv4 configuration with CL.  If you don’t, check out my previous post  and get that working first.

You must know the correct IPv6 settings. CenturyLink has some nice posts that give you all the settings for their provided routers.  For instance, this link is for the router that was provided to me:  http://internethelp.centurylink.com/internethelp/modem-c2000t-ipv6rd.html and here is how I translated that into a working pfSense config.

WAN Interface Settings

IPv6 Configuration Type:  6rd

6rd prefix:  2602::/24

6rd Border Relay:  205.171.2.64

6rd IPv4 Prefix:  0

Screenshot 2015-04-26 13.11.05

Here is my working  section from the config.xml file.

pppoe0

1448

1472
pppoe
6rd
2602::/24 0 205.171.2.64

LAN Interface Settings

IPv6 Configuration Type:  Track Interface

IPv6 Interface:  (your wan interface name)

IPv6 prefix id:  0

Screenshot 2015-04-26 13.11.18

Working section of config.xml

em1

1448
10.200.201.1
24
track6
wan0

Routing

You will need a default gateway.

Screenshot 2015-04-26 13.38.20

And a firewall rule.

Screenshot 2015-04-26 13.42.14

That’s it.  You may need to power cycle your media converter and firewall to get you going.

Please let me know if this article was helpful, if you have any questions, or if I’ve left anything out in a comment.

Advertisements
How to Configure pfSense 2.2.2 for IPv6 on CenturyLink Gigabit Fiber

How to Configure pfSense 2.2.2 for CenturyLink Gigabit – Seattle Edition

I just got CenturyLink Gigabit Fiber installed, and now officially, for the first time in my life, I have more bandwidth than I can use.  Speed tests routinely look like this, which is as it should be!!

Screenshot 2015-04-21 21.25.39

However, because I have some more demanding needs than many folks, I have to say I’m not a big fan of the required leased modem that comes with the service.  CL provided me with a C2000T, wifi enabled, gigabit router.  I would much rather use my far more capable pfSense firewall, as I sure you would too. So, here is how to do it.

General Configuration Information

CL provisions PPoE over a VLAN which is dropped into your house via a special fiber terminator.  You then can connect via Cat 6 to a router of your own choosing.  In order for this to all work, you MUST have a router which can bind PPoE to a VLAN tagged interface. (I suppose you could put a VLAN capable switch in the middle to untag packets, but since pfSense 2.2 can do this for you why bother?)  So, here is my working pfSense 2.2.2-Release configuration.

Step 1. Create a PPoE based PPP connection bound to a specific VLAN.

You need to bind your PPoE authentication and traffic to a specific VLAN ID provided by CenturyLink. To do this, you must create a new PPP connection, of the type PPoE, and then link it to the the VLAN.

Before you start you will need the following information.

  • PPoE User ID and Password
  • VLAN ID

Next, follow these basic steps:

a)  Create a VLAN that matches the VLAN ID which CL has preconfigured for you.  You can do that from the VLAN tab of the Interfaces page, as show below.

b) Go here, create something like this:

Screenshot 2015-04-22 14.59.44

c) Configure the something you just created thusly:

Screenshot 2015-04-22 15.05.50

d) click”Show advanced options”, then click the Dial On Demand box, and enter “0” for the timeout. 

Screenshot 2015-04-22 15.25.21

If you haven’t already guessed, you will require your PPoE UID/Password.  This uid/pw is authenticated against a RADIUS server at the headend.  There are several domains that you may be given ( I am on qwest.net, for example).  You will also need to know specifically what VLAN you are provisioned for.  All the information except the password is available in the router configuration that CenturyLink leaves in the C2000T.  Copy everything you can from the router, but make sure you know your PPoE password before your technician leaves.

Step 2. Create an interface and bind it to the PPoE you just created.

The next step is to create a new interface (or reuse an old one)and to bind to the PPP (PPoE) network port you just created.

Screenshot 2015-04-22 15.10.13

Once you’ve created the interface, make sure it’s linked to thePPP (PPoE) network port you just created, as shown in the screenshot above.

Next, configure the interface like this.  Pay special attention to the highlighted settings

Screenshot 2015-04-22 15.18.54

Step 3.  Save Your Work!

That’s the basics.  Plug it all in, turn it on, and watch your PPP log, your system log, and the dashboard. A successful Auth attempt looks like this.

Last 50 PPP log entries
Apr 22 14:58:09 ppp: [opt4] IFACE: Rename interface ng0 to pppoe0
Apr 22 14:58:09 ppp: [opt4] IFACE: Up event
Apr 22 14:58:09 ppp: [opt4] X.X.X.X -> X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: LayerUp
Apr 22 14:58:09 ppp: [opt4] IPCP: state change Ack-Rcvd –> Opened
Apr 22 14:58:09 ppp: [opt4] IPADDR X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: SendConfigAck #87
Apr 22 14:58:09 ppp: [opt4]X.X.X.X is OK
Apr 22 14:58:09 ppp: [opt4] IPADDR X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: rec’d Configure Request #87 (Ack-Rcvd)
Apr 22 14:58:09 ppp: [opt4] IPCP: state change Req-Sent –> Ack-Rcvd
Apr 22 14:58:09 ppp: [opt4] IPADDR X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: rec’d Configure Ack #3 (Req-Sent)
Apr 22 14:58:09 ppp: [opt4] IPADDR X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: SendConfigReq #3
Apr 22 14:58:09 ppp: [opt4]X.X.X.X is OK
Apr 22 14:58:09 ppp: [opt4] IPADDR X.X.X.X
Apr 22 14:58:09 ppp: [opt4] IPCP: rec’d Configure Nak #2 (Req-Sent)
Apr 22 14:58:09 ppp: [opt4] IPV6CP: LayerFinish
Apr 22 14:58:09 ppp: [opt4] IPV6CP: state change Req-Sent –> Stopped
Apr 22 14:58:09 ppp: [opt4] IPV6CP: protocol was rejected by peer
Apr 22 14:58:09 ppp: [opt4_link0] LCP: protocol IPV6CP was rejected
Apr 22 14:58:09 ppp: [opt4_link0] LCP: rec’d Protocol Reject #39 (Opened)
Apr 22 14:58:09 ppp: [opt4] IPADDR 0.0.0.0
Apr 22 14:58:09 ppp: [opt4] IPCP: SendConfigReq #2
Apr 22 14:58:09 ppp: [opt4] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 22 14:58:09 ppp: [opt4] IPCP: rec’d Configure Reject #1 (Req-Sent)
Apr 22 14:58:09 ppp: [opt4] IPV6CP: SendConfigReq #1
Apr 22 14:58:09 ppp: [opt4] IPV6CP: state change Starting –> Req-Sent
Apr 22 14:58:09 ppp: [opt4] IPV6CP: Up event
Apr 22 14:58:09 ppp: [opt4] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 22 14:58:09 ppp: [opt4] IPADDR 0.0.0.0
Apr 22 14:58:09 ppp: [opt4] IPCP: SendConfigReq #1
Apr 22 14:58:09 ppp: [opt4] IPCP: state change Starting –> Req-Sent
Apr 22 14:58:09 ppp: [opt4] IPCP: Up event
Apr 22 14:58:09 ppp: [opt4] IPV6CP: LayerStart
Apr 22 14:58:09 ppp: [opt4] IPV6CP: state change Initial –> Starting
Apr 22 14:58:09 ppp: [opt4] IPV6CP: Open event
Apr 22 14:58:09 ppp: [opt4] IPCP: LayerStart
Apr 22 14:58:09 ppp: [opt4] IPCP: state change Initial –> Starting
Apr 22 14:58:09 ppp: [opt4] IPCP: Open event
Apr 22 14:58:09 ppp: [opt4] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Apr 22 14:58:09 ppp: [opt4_link0] Link: Join bundle “opt4”
Apr 22 14:58:09 ppp: [opt4_link0] Link: Matched action ‘bundle “opt4” “”‘
Apr 22 14:58:09 ppp: [opt4_link0] LCP: authorization successful
Apr 22 14:58:09 ppp: [opt4_link0] CHAP: rec’d SUCCESS #158 len: 4
Apr 22 14:58:09 ppp: [opt4_link0] CHAP: sending RESPONSE #158 len: 44
Apr 22 14:58:09 ppp: [opt4_link0] CHAP: Using authname “XXXXXXXX@qwest.net”
Apr 22 14:58:09 ppp: [opt4_link0] Name: “JUNOS”
Apr 22 14:58:09 ppp: [opt4_link0] CHAP: rec’d CHALLENGE #158 len: 36

Please let me know if you have any questions or comments, and I’ll try to answer them as I can.

How to Configure pfSense 2.2.2 for CenturyLink Gigabit – Seattle Edition

CENTURY LINK GIGABIT FIBER INSTALLATION – Part 4 – Install day

CenturyLink came out and hooked me up!  They moved the cable to where I wanted it on the house, and then passed it through to my wiring room.  They installed a Calix 716GE-I to terminate the fiber, and provided a port.  This particular model is made for apartment complexes, and can support up to four tenants.

Screenshot 2015-04-20 17.28.51  2015-04-20 13.18.58 2015-04-20 13.19.23 2015-04-20 13.19.16 2015-04-20 13.19.10 2015-04-20 14.16.16

All in all, the install went smoothly.  The modem came up, and worked fine.  Here’s a Speed Test for size.

Screenshot 2015-04-21 21.25.39

Next up: If it’s working, don’t touch it. Or, how to break your gigabit…

CENTURY LINK GIGABIT FIBER INSTALLATION – Part 4 – Install day

Century Link Gigabit Fiber Installation – Part 3

The Fiber is Here… and nothing else

A CL Contractor came and dropped fiber to the outside of my house.  My home is an odd one, in that it’s one of the 12 homes in the greater seattle area finished in Stucco. Everywhere else in the world, there is stucco, but in Seattle it’s a rare and challenging material to work with, and most of the contractors will NOT touch it for fear of legal repercussions, injury, death, and the dulling of a drill bit.  So, they found the one piece of my house that’s wood, and tied off the fiber to it.  To say it’s placed inconveniently is being nice.  Here’s the result.  A single strand of single mode fiber with carrier terminated in an SC connector.

After seeing this single strand, I started learning about the technology being used.  It appears that CL is using GPON, which is a passive optical network that uses multiple frequencies of light in a single fiber strand to provide non-blocking upstream and downstream channels.

2015-04-17 13.18.44 2015-04-17 13.18.34

Next up:  The Turn Up.

Century Link Gigabit Fiber Installation – Part 3

Century Link Gigabit Fiber Installation – Part 2

Pricing

CenturyLink pricing for their fiber offerings is hard to find.  Also, I believe it’s region dependent, and they don’t tell you what the taxes and fees will be unless you talk to a representative.  The pricing below is for Internet only.  As you can see, there is no reason to get any speed slower than 40Mb/s.

Screenshot 2015-04-18 11.46.57Screenshot 2015-04-18 11.46.45Screenshot 2015-04-18 11.46.33Screenshot 2015-04-18 11.46.20Screenshot 2015-04-18 11.46.01

If you bundle services, you can get some discounts, although with some caveats.  For instance, CL offers Prism, which is TV over IP, but only in select areas, Seattle, is not “select” enough at this time, so if you live in our glorious NW full of trees, rain, clouds, and seriously shitty south facing views you are required to put an ugly DirectTV Dish on your roof.  If you are in another part of the country, you might be able to do without all that.

PrismTV is available in the following locations (3/2015)

  • Arizona – Phoenix Mesa Tempe Queen Creek Sun Lakes Chandler Gilbert
  • Colorado – Denver and South Metro Denver, including: Downtown Denver Littleton Highlands Ranch Lone Tree Centennial Douglas County, including: Parker Castle Rock Sedalia Castle Pines Unincorporated Jefferson County Does not include incorporated cities such as Golden and Colorado Springs
  • Iowa – Council Bluffs
  • Nebraska – Omaha
  • Select markets in:
    • Missouri
    • Wisconsin
    • Nevada
    • Florida
    • North Carolina.
Century Link Gigabit Fiber Installation – Part 2

Century Link Gigabit Fiber Installation – Part 1 – Ordering

CenturyLink is still Qworst

I have been purchasing bandwidth and internet services in the Seattle area for more than 20 years, and there is one constant. Customer service is almost always awful.  Comcast, Time-Warner, CenturyLink, AT&T, and Verizon are some of the most despised brands in the world, and for good reason. In my case, the ordering procedure was a MESS.  The 800 number was “too busy” to accept any new calls, so I tried the web site.  It was painfully slow and produced wildly inconsistent information.

As an example, depending on whether I was logged in to my CL telephone account, the site would offer me entirely different product selections for the same address.  Compare these tw screen grabs, the first logged in to my account, and the second logged out.  Apparently, if I’m an existing customer I don’t need fiber, therefore I set up a new account and order.  I suppose that after the installation happens, I will have to merge my accounts, which should take about 2-3 months to straighten out, if the past is any guide.

Logged In

Screenshot 2015-04-18 11.21.05

Logged Out

Screenshot 2015-04-18 11.22.35

Next Up:  Pricing

Century Link Gigabit Fiber Installation – Part 1 – Ordering

Century Link Gigabit Fiber Installation – Preface

Fiber is COMING 

I came home on March 20th to a CL (CenturyLink) bucket truck stringing fiber through the neighborhood.  The cable techs seemed to think we might have service by the beginning of summer.  However, it appears that CenturyLink is MOTIVATED to get this done, because my installation date is set for the 20th of April, only 30 days after running the fiber on the poles! This blog will document my install and what I learn.

2015-03-20 09.24.14

Century Link Gigabit Fiber Installation – Preface