La Fibre
Datacenter et équipements réseaux => Routeurs => 
Remplacer la LiveBox par un routeur => Discussion démarrée par: Keyser le 07 mai 2024 à 16:14:58
-
Hi All.
Sorry about the english post, but I don’t speak French.
I have had my SG-2100 pfSense running on Orange in France with the fs.com Gpon SFP module for almost 2 years - it has been working flawless with IPv4.
I never did get IPv6 working on this setup in pfSense, so I still only use IPv4.
Has anyone been able to get IPv6 including delegation fully working on pfSense with Orange? If yes, any guides, hint or tips on whats needed?
I’m very impressed with you guys on this forum - how you ever figured out all these needed “mods” to avoid the Livebox is REALLY impressive.
-Keyser
-
Hi All.
Sorry about the english post, but I don’t speak French.
I have had my SG-2100 pfSense running on Orange in France with the fs.com Gpon SFP module for almost 2 years - it has been working flawless with IPv4.
I never did get IPv6 working on this setup in pfSense, so I still only use IPv4.
Has anyone been able to get IPv6 including delegation fully working on pfSense with Orange? If yes, any guides, hint or tips on whats needed?
I’m very impressed with you guys on this forum - how you ever figured out all these needed “mods” to avoid the Livebox is REALLY impressive.
-Keyser
:)
c'est là qu'on voit la renommée internationale de l'ingénierie française ;)
here we can admire the international prestige of frenchy frogs engineers :D
-
Most explanation here will be on :
- opnsense
- networkd
- openwrt
- debian
Try to have a look if the ipv6 config for opnsense can transpose to pfsense and if not, maybe and if possible, switch to opnsense ?
-
When I did my config a couple of years ago it didn’t seem possible to get IPv6 going on pfSense due to missing DHCP options (raw) support in the pfSense DHCP6c binary. But since then pfSense has moved on from being based on BSD 12.3 to now BSD 15 which might have changed quite a few things.
So I just wanted to hear if anyone had any success / done it before me? It takes quite some time for me to test all the things due to translations, remote access (have to be sure to be able to come online again if the Orange failsafes kick in) and being a little out of my comfort zone :-)
-
:)
c'est là qu'on voit la renommée internationale de l'ingénierie française ;)
here we can admire the international prestige of frenchy frogs engineers :D
He he, true that. But being from Denmark I’m also a little surprised at all the “obstacles” Orange creates to prevent subscribers from just using their own equipment. It must be using a boatload of ressources (money) in manpower, configuration and testing to maintain and upgrade such a complicated setup.
Back in denmark you can plug your own router on just about any ISP’s Fiber or ADSL, and if you don’t want the trouble of the interface issues, any ISP will place their “livebox” in bridgemode so you still get the “raw” connection. None of this is possible with French ISPs as far as I can tell. They all go out of their way to make it impossible for you NOT to use their equipment on a end customer private ISP connection.
-
Well, in fact only Free has a router which can be bridge-moded ;-)
-
Hi,
there is indeed an operator that works like this, its name is MilkyWan (https://milkywan.fr/).
It is an association of which many members are very active on this forum (https://lafibre.info/milkywan/).
-
Hi, yes, I have a working IPv6 setup (my WAN receives a prefix, which I then delegate to my interfaces, and I then configure a DHCPv6 server on each of my interfaces to obtain an IPv6. I've automated the management of the various options and set up a cron task to renew my option 90/11 once a day autonomously to prevent any interruptions.
Do you still need it? Could you tell me which version of pfSense you're running? I'll dump the firewall rules, my script, and briefly explain how it works if you're interested.
-
That is really amazing. I didn’t think it was possible yet.
I would really love to see how you have made that setup and what options/parameters you have set in your DHCP6c setup.
You are using Orange Fiber (pfsense as a replacement for a Livebox) right?
Looking forward to hear from you.
-Keyser
-
It's possible, currently I have a GPON-ONU-34-20BI connected to my PFSense router, the optical fiber is directly connected to this GPON which is inserted into my PFSense router on the integrated WAN card. The Livebox is in the closet (and between us, I'm glad about it!!), and I control my entire apartment (servers, wall socket, Wi-Fi, IoT, ...) with this PFSense router (I'm waiting for XGS-PON to upgrade to a higher model :)). The Orange WAN is in DHCP V4/DHCP V6 and my different VLANs are in static V4 and track interface to retrieve an IP delegated by Orange! All of this with an average uptime of 100 days (I only reboot the PFSense for updates) and a constant throughput of 1Gbps/1Gbps.
Can you just confirm which version of PFSense you have as well as the Livebox model you have (v5/v6)? I'm going to make a little guide on my Git next week, there's a lot of information to consider but I've configured most of the points to be modified by script so it should be pretty straightforward!
-
Sorry about the late response. I'm really exited you got IPv6 working with pfSense, so I'm looking forward to seeing your Github guide.
My pfSense is a Netgate 2100 box currently running pfSense Plus 24.03 (The latest version).
The Livebox (sitting in the closet and not being used) is a Livebox 5
Thank you so far :-)
-
Hello Keyser.
I was interested in your post and SolunarX’s guide as I spent the two last weeks tinkering to get there as well.
In my case I reboot the router daily as I shut everything off at night so I do not need to have SolunarX’s magic to renew the option 90/11.
In the end I got IPv6 and I detailed the procedure (and all the things I wondered about when I read the forum) in « Orange DHCP conformité protocolaire 2023 - lire depuis le début du sujet » pinned post (90th page – the last right now).
It’s in french but as my pfsense is in english I mention all the options by their english names so you should be able to figure it out.
Cheers
-
I too have battled with this before and gave up, accepting only ipv4 in pfsense. OpnSense ipv6 worked, but I preferred not to shift to OpnSense as I rely on some stuff in pfsense.
Seeing this thread, I dutifully followed V's post at Orange DHCP conformité protocolaire 2023 - lire depuis le début du sujet (https://lafibre.info/remplacer-livebox/durcissement-du-controle-de-loption-9011-et-de-la-conformite-protocolaire/msg1072779/#msg1072779)
In the end, I had the same result as I always do. No luck.
Could you look at my attached screenshots below and see if there is any mistake?
ia-pd 0, raw-option 6 00:0b:00:11:00:17:00:18, raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:4c:69:76:65:62:6f:78:35, raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d, raw-option 11 $1, raw-option 1 00:03:00:01:E4:$2
dhcp-class-identifier "sagem", user-class "+FSVDSL_livebox.Internet.softathome.Livebox5", option-90 $1, dhcp-client-identifier 01:E4:$2
The Mac address of my live box starts with E4 for reference.
Thank you!
In the end I got IPv6 and I detailed the procedure (and all the things I wondered about when I read the forum) in « Orange DHCP conformité protocolaire 2023 - lire depuis le début du sujet » pinned post (90th page – the last right now).
It’s in french but as my pfsense is in english I mention all the options by their english names so you should be able to figure it out.
-
I see in your wan that you did not tick DHCP6 VLAN Priority, thus not doing the COS stuff, this might be it since I think it is mandatory.
I am afraid I cannot provide much more help, I’m a monkey with a hammer and patience.
I have no deep understanding of what I am doing yet. Just cross checking information I find and trying stuff. Knowledge develops along the path but remains below the average level around here.
-
I see in your wan that you did not tick DHCP6 VLAN Priority, thus not doing the COS stuff, this might be it since I think it is mandatory.
I am afraid I cannot provide much more help, I’m a monkey with a hammer and patience.
I have no deep understanding of what I am doing yet. Just cross checking information I find and trying stuff. Knowledge develops along the path but remains below the average level around here.
Thanks, I went ahead and ticked that box unplugged all the cables from the ONT for a few minutes and restarted pfsense and reconnected the ONT. Unfortunately no change.
Your post with your settings carefully laid is definitely appreciated, I wonder though if I might be missing something else, that I could spot in screenshots? When you have time would it be possible to make a comprehensive collection of screenshots?
I know Keyser was also interested in this, I wonder if he has had a chance to try?
Cheers
-
Since it obviously still requires a "hack" and installing other DHCP6c Binaries in pfSense, I will not be attempting any further tests.
I do not care for such solutions that break at each upgrade :-)
-
that's one of the main reason I migrated to opnsense (along with netgate update policies on the free version), having been a user since ~v1.2.1. I ended up facing the exact same conclusion I didn't want to replace binaries after each upgrade. (and most of the upgrades didn't work out out of the box. I remember pain when upgrading to v2.5 and 2.6 >:( ).
-
I see in your wan that you did not tick DHCP6 VLAN Priority, thus not doing the COS stuff, this might be it since I think it is mandatory.
I am afraid I cannot provide much more help, I’m a monkey with a hammer and patience.
I have no deep understanding of what I am doing yet. Just cross checking information I find and trying stuff. Knowledge develops along the path but remains below the average level around here.
I was re-reading your detailed post to see if I missed anything. One point I am questioning, and please forgive my ignorance, but does SOSH simply act as a reseller for Orange Fibre? Meaning, they are functionally identical and they share the same systems, etc.?
This first part in particular made me wonder if I am missing something:
Obtenir l’ONT seul ( « boitier fibre » ) -> contacter la messagerie Sosh et prétexter que « c’est pas pratique le boîtier PTO est mal placé, mon logement neuf est déjà câblé en RJ45. je souhaiterais l’utiliser pour mettre ma box où ça m’arrange et ne pas ajouter de câbles », il faut ensuite les rappeler pour qu’ils le whitelist.
## edit2 : fait en 1 min avec la messagerie sosh. Il faut leur filer le SN et PROD ID
Do I need Orange to whitelist my Leox ONT? It would seem not since it works for opnsense, but I have never announced to Orange that I am not using their box.
Can you confirm which version of pfsense you are using?
On the subject of opnsense vs pfsense, I would love to drop pfsense for opnsense, but it seems Inam dependent as I could not bare to manually migrate all my pfsense configurations and at the end of the day it is only ipv6.
-
Hello Sloopbun,
My apologies for the late answer, i am afraid I cannot provide screenshots since I ditched pfsense.
I have a wireless card at hand that – of course – has no BSD driver so I am looking for a Linux solution now.
For your first question, as far as I know yes. Sosh is the low-cost Orange. Main difference is the absence of any shop to ask for help. You have a chat and that’s about it for customer service.
Then, I think they have a slightly different offering in terms of bandwidth. Sosh is lower.
For the second question, as far as I understood yes absolutely, the ONT is the device talking to them on their side and they need to know it to actually whitelist it : hence calling them and giving them the serial number and vendor id. I have no idea how you actually got it working ? Then I don’t think sfp modules users do that so there must be another path, but I didn’t looked in depth.
I was using pfsense 2.7 Community Edition and yes modified DHCPc binaries.