Delegated prefix not used
-
Does your ISP provide any info? Also, the WAN address is usually not from your prefix. In fact, you don't even need a WAN IPv6 address, as link local addresses are normally used for routing.
-
@jknott
Hi
Yes these options are from the ISP:
Delegated a /48, must set ia-pd 1, ia-na 1 and IAID for NA 1.
Selecting only request prefix does not seem to make a difference as WAN still gets an address - which indeed is not in the prefix. -
It appears they are just making the /48 available, which you then have to configure for, instead of using prefix delegation. Do they also provide a gateway address so you can do that?
BTW, who is the ISP? Maybe someone else has experience with them? Do they normally support business customers where there would be a network admin?
-
@jknott
The ISP is Kviknet (Denmark).
The google translate is ok for their help page:
IPV6 help pageTheir DHCP server injects the route so i do need to use DHCPv6.
It appears to be a bit of a quirky setup...
-
@redakula said in Delegated prefix not used:
It appears to be a bit of a quirky setup...
With both SLAAC and DHCPv6-PD on the WAN??? I can see one or the other, but not both. Can you do a packet capture on the WAN interface during startup and attach the capture file here.
To do this:
- Shut down pfsense and disconnect the WAN cable
- Power up pfsense and start Packet Capture on the WAN port, filtering on ICMP6
- Reconnect the WAN cable and let Packet Capture run for a minute or so.
- Download the capture file and attach it here.
-
Thank you for your time :-)
Yep they acknowledge that it is a special setup. Apparently they use some ZTE routers that are not particularly well documented. (And i guess just plain weird...)
It appears that the routing part via the RA announcements on WAN works fine as the router itself has ipv6 internet access. I have previously struggled with the default route either not being set or disappearing. But it appears stable now after allowing RA's on WAN.I attached a capture of WAN via an intermediate switch where i could mirror the port. I included ICMPv6 and DHCPv6 packets without any further filtering but i guess type 133+134 are the interesting ones...
The DHCPv6 packets returned from the ISP look like they have all the information as the logs from dhcp6c also show... But i am not deep enough into IPV6 to see if something is missing that throws off pfSense maybe?
2b4f is the WAN interface.
router_initWAN.pcapng -
Ok tried something... I set the prefix interface to my LAN interface and the /48 prefix is delegated to this interface.
So it appears that the problem is assigning the interface to the WAN interface - which would be required for the track interface option to work??? -
I see several MAC addresses. Which one is you? It appears you can see other traffic than yours with that connection, which makes it hard to sort things out. You could try putting your MAC address in the Host Address box in Packet Capture. Then it will only capture traffic to or from your system. I normally don't have to do that with IPv6, but do with IPv4.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
You set the track interface to WAN, unless your ISP is doing something different. You then enter a prefix ID to choose which prefix from that /48 you want to use on an interface. Your choices range from 0 to ffff and you can only use an ID once.
-
@jknott said in Delegated prefix not used:
I see several MAC addresses.
Sorry, I meant link local address, though they are often based on the MAC.
-
Ok i just gave up on getting pfSense to generate a working configuration...
If something in my ISP's weird setup is causing it, a bug or the position of the moon i have no idea.But it works when writing the config file manually and adding the interfaces. The interface still shows nothing about the delegated prefix but everything is working.
RA's set to unmanaged on the local interfaces.The config file that works with my setup (on Kviknet in denmark):
interface xn3 { send ia-pd 1; send ia-na 1; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 1 { }; id-assoc pd 1 { prefix ::/48 infinity; prefix-interface xn0 { sla-len 16; sla-id 1; }; prefix-interface xn1 { sla-len 16; sla-id 2; }; };
