IPv6 To the home
Why?
Because Virgin Media(UK Mainland) still does not provide its residential customers with any sort of IPv6 connectivity and I need to work on some deployments whilst not having to connect to a vpn.
How?
Through a tunnel broker.
After going through my options for tunnel brokers I landed on Route48 as not only do they have a location closer to me than some of the others but they allow you to use your own* IPv6 Prefixes via BGP.
*Supplied by them but completely manageable by RIPE and useable off platform if you ever decide to leave.
How to do it!
I use PFSense at home so this is all written for users that either use PFSense at home or as a virtualised router
This tutorial expects you to have some knowledge of BGP and its prerequisites for example your own ASN, if you dont know what that is or dont have one stop here!
Get Signed up to Route48
Get Your ASN Verified so you can do BGP and get a IPv6 Allocation
Once you have been verified request a network, a /48 will do for most peoples home networks, you may wish to get a larger block if you are not using them at home
Create your tunnel
Create a BGP Session
Once those steps have been done you can now move to your PFSense install
While PFSense has FRR installable from the package manager its a poor implementation in my opinion so I opted to install Bird 1.6 via the cli, open a SSH session to your PFSense and press 8 to drop into a Shell
Then Paste these commands into your session
pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/bird-1.6.8.pkgpkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/bird6-1.6.8.pkg
You will then need to enable bird and bird6 but dont start them yet as you have no config
echo "bird_enable=YES" >> /etc/rc.conf echo "bird6_enable=YES" >> /etc/rc.conf
At this point you can return to Route48 and grab the Bird 1.6 BGP Config and using the file manager (Diagnostics->Edit File) in PFSense paste it into the bird6.conf which is located in "/usr/local/etc/bird6.conf" After pasting it on comment out or remove the scan time line as thats already handled elsewhere in the existing config
Once that has been saved you create your tunnel back to Route48 on PFSense, Navigate to your interfaces tab and click on assignments,GIFs and then click add. This is where you will put the details from the IPv6 Tunnels page.
Remote IPv6 will always end in ::1 and local will allways end in ::2 for the tunnel network
Once you have saved that go back to interface assignments and click add on the available network ports. go into the new interface, click enable, save and this will bring up the tunnel
Go back to the SSH session you have open and start Bird
service bird start service bird6 start
That will bring up the BGP session to Route48 which you can check by going to "BGP Sessions" and in status it will say "Established"
You can now set up using your IPs on your local network, go to your Lan interface and select static under the IPv6 Option and then enter whatever your prefix is with ::1 at the end, select /64 and hit save. I found if you try and use /48 DHCPv6 and RA fails to work.
Now you need to configure DHCPv6 and RA.
For DHCPv6 it will tell you what range you can use I suggest you copy it in to the boxes but add ::2 to the first box, for RA I recommend Assisted and in the subnet you put in the prefix you have been allocated by Route48
Firewall->NAT->Outbound
If your NAT is anything but manual then you will need to set it to manual
I recommend a reboot here as a lot has been changed, when PFSense comes back up you should see your devices being issued with IPv6 address's from your prefix, to double check just ask google "what is my ip" and it should show one of yours