IPv6 not assigning to LAN device - ISP Hyperoptic UK
-
@samleemc https://markuta.com/pfsense-ipv6-hyperoptic/
At the bottom it mentions "This issue was likely caused by HyperOptic because they do not respond to RA requests coming from devices that are not issued by them. Spoofing the MAC address solved this."
Not a customer but spoofing the MAC might help.
-
@nogbadthebad already did that. Sorry didn’t mention that in my original post.
-
@samleemc said in IPv6 not assigning to LAN device - ISP Hyperoptic UK:
Can't assign requested address" error?
That sounds like a problem I had with my ISP a few years ago, where they had a problem with the CMTS I was connected to.
Can you do a packet capture of the full DHCPv6 sequence and post the capture file here>
-
Sorry for the late reply! Weekend have been busy with kids....
Here you go, not sure if that make any sense to you....certainly not to me....
In the system log, I am also seeing the below as well.
This is the setting I used to do the package capture
-
In that capture, I see the solicits going out, but nothing coming back.
This would indicate a DHCPv6 problem at your ISP.
Here's what it should look like.
-
@jknott May I know why your package length is longer than mine by 20? Does it matter?
-
Here's yours:
And mine:
Mine shows that identity association section, which yours doesn't have. I'm not sure why the difference. Possibly some config issue, though I'm not sure what. Can you do a screen shot of your WAN DHCP6 client config?
-
@samleemc I have same issue with HO with Pfsense.
Did you managed to solve the problem, can you please share with us?
Regards
-
@digitalberg unfortunately, I am unable to solve the issue. I believe the issue is at Hyperoptic side. Tried to contact Hyperoptic support, but I think it is not being escalated to the right team.
-
@samleemc Thanks. I will contact HO tomorrow as well to get more info and let you know too.
Is your Pfsense on a virtual environment or physical box?
-
@digitalberg physically box. NIC is Intel i225
-
@digitalberg any luck from your side?
This is the reply I get from Hyperoptic on the handshake.
-
@samleemc You are lucky; at least you got the response :) No, they haven't even bothered to contact me yet. It's been over four days now.
I figured out that Tunnel Broker is the best option for us.
So I used Cloudflare Teams (zero trust) and tested it with PFSense; it worked like a charm with full 1Gbps speed. Before I used a different tunnel broker, but the speed was bad on IPv6. Cloudflare impressed me today.
Try it and let me know if you need more info.
-
@digitalberg just wondering by any chance you have any documentation that I can follow?
-
@samleemc Sure, please click on the below instructions. I hope this helps.
Setup Cloudflare Teams in pfSense
Another benefit of using Cloudflare in pfSense is that our DNS queries are on DoT, DoH, and WARP :)
If you need further support, PM me, and we can do a remote session :)
Regards,
-
@samleemc Hi Sam, I connected Hyperoptic IPv6 to my pfSense box without HO support.
Please elaborate on your HO settings and configuration so we can pinpoint the issue.
p.s My HO IPv6 worked without spoofing the MAC address in the pfSense.
Have a nice weekend!
Screenshot 2022-11-18 at 21.22.50 -
@digitalberg Amazing! How did you get it to work?
Those are my setting related to IPv6
I have 3 physical LAN ports in the machine, and I have setup a bridge "LAN" to join them together as below
Then each LAN is set to track the WAN interface for IPv6
All LAN are pretty much the same.
As for the DHCPv6 and RA, I have turned off the DHCPv6 and enable RA as below
I think that's pretty much all the setting related to IPv6.
Any difference from yours?
Sam
-
pfsense version is
-
@samleemc
Your LANs are on the bridge, and the IPv6 configuration type is "track interface." This is the best setting, so DCHPv6 automatically assigns the client's network, but I can see some tweaking is required on your end.As you can see, I did not configure MAC spoofing!
If the below settings don't work, I would tell you to start from scratch and use one LAN without bridging the LANs to see if works.
My pfSense version: 2.6.0-RELEASE (amd64)
WAN:
LAN:
DCHPv6:
Rules tab:
This rule is for the LAN and includes an HO IPv6 gateway, so traffic will be routed through the HO gateway.
DNS:
The DNS is also important for the HO connection. you can setup Hyperoptic DNS however, i have setup Cloudflare:
HyperOptic Gateway up and running:
I would recommend having sleeping pills once everything is set up. LOL, i meant to first restart the pfsense and disconnect all the clients devices and leave the pfSense for 1-2 untouched so pfSense can talk to HO to get IPv6 etc.
-
I followed your setting above, but still no luck.
Btw, are you using the community version or the pfsense+ version?
Sam