DHCP6-PD Proper Setup?
-
I'm using version 22.05 and trying to get DHCP6-PD to work, but am failing. I have a static /56 which I can request in /59 blocks from Comcast. The modem is using the first /59 for it's DHCP pool, so I'm requesting the 2nd /59 block.
Under my WAN interface, I have the following settings:
This produces a dhcp6c.conf file with the following:
interface igb0 { send ia-na 0; send ia-pd 0; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { address xxxx:xxxx:xxxx::50 604800; }; id-assoc pd 0 { prefix xxxx:xxxx:xxxx:20::/59 604800; };The issues I see:
-
Under interfaces, the WAN does get an IPv6 address, but it's xxxx:xxxx:xxxx:0:208:a2ff:fe0b:1234 generated from the MAC address instead of the requested address. If I look in the modem's leases, it shows that it has assigned the requested xxxx:xxxx:xxxx::50 address to pfSense. I'm not sure why pfSense isn't using it. (I can also see that the DNS servers are showing on the interfaces page, so DHCP is partially working at least.)
-
I don't see anything about the prefix delegation working or showing any reference to it on pfSense, and if I set other interfaces to
Track Interface, nothing happens on those interfaces. -
I don't see a release/renew button in the interface status screen. Is this supposed to be there for IPv6?
-
In the logs I can see
script "/var/etc/dhcp6c_wan_script.sh" cannot be executed safelyandfailed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
My dhcp6c_wan_script.sh contains the following:
Should those${xxx}variables have been replaced?#!/bin/sh # This shell script launches /etc/rc.newwanipv6 with a interface argument. dmips=${new_domain_name_servers} dmnames=${new_domain_name} case $REASON in REBIND) ;; REQUEST|RELEASE) /usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=igb0&dmnames=${dmnames}&dmips=${dmips}" ;; RENEW|INFO) esacI'm not sure if this is correct or not, or why this is happening as I'm not exactly sure what
cannot be executed safelymeans here. Turning on debug mode for the DHCP6 client doesn't show any extra useful information.Can anyone please help me out with my setup? Have I entered something incorrectly here?
-
-
@steve1515 said in DHCP6-PD Proper Setup?:
I'm using version 22.05 and trying to get DHCP6-PD to work, but am failing. I have a static /56 which I can request in /59 blocks from Comcast. The modem is using the first /59 for it's DHCP pool, so I'm requesting the 2nd /59 block.
That's unusual. Normally, you'd set up individual /64s from the /56. Also, a /59 is huge for a DHCP pool, especially considering a LAN is normally /64.
-
@jknott From what I've seen, this is pretty standard with Comcast Business static IPs. They give you a /56 and you can PD a /59 which can be split up into 32 /64s. My though was to use some of the 32 /64's on a few of the firewall interfaces and VPN networks.
If I were to PD /64's instead, how would I ask multiple for each of my interfaces and VPN networks?
-
If you request multiple, you'd then have to split again to get /64s. Is that what you plan? If so, I'd get the entire /56 and then route portions of it to downstream routers. Or is Comcast expecting you to have multiple routers connected directly to them? Again, a /59 for a DHCP server is a bit much, given any LAN will be a /64. I haven't worked with Comcast, let alone Comcast Business.
-
@jknott
My plan was to request one /59 and then break that up between my different interfaces and VPN's. For example, I'd request xxxx:xxxx:xxxx:20::/59 and then assign xxxx:xxxx:xxxx:21::/64 to the LAN, xxxx:xxxx:xxxx:22::/64 to OPT1, xxxx:xxxx:xxxx:23::/64 to OpenVPN, xxxx:xxxx:xxxx:24::/64 to WireGuard, etc.I can't request the /56 because the modem's interface (the one connected to pfSense WAN) has the first /64 of the first /59 assigned to it.
I also tried requesting a /60 like people say works on Comcast's residential service and I get the same results.
Should I see a message somewhere in pfSense showing that the prefix requested has been acquired? I don't see any reference to it anywhere. Is there a command line command I can enter to show what pfSense acquired?
I'm thinking this might be a broken implementation in pfSense, but I have not way of knowing that. I would have thought that I'd at least see a "release" button show up in Status -> Interfaces.
-
I don't know. What you're describing is foreign to me. Maybe someone else here has experience with Comcast.
-
I've been looking into this a little more...
I captured the DHCPv6 exchanges on the WAN interface and I can see that the modem does in fact assign the requested IP and Prefix to the pfSense dhcp6c client. When I look around in pfSense, I see no reference to the assigned address or prefix. There is also no route for the prefix shown on the routes status page. This seems like something is broken in pfSense to me as it appears to completely ignore the assigned information.
Can someone confirm where an assigned prefix would be shown in pfSense? It's possible I'm looking in the wrong place.
-
@steve1515 Did you every solve this? I'm having the same issue.
-
@jabbera Unfortunately, no, I did not. I think the DHCP6-PD implementation in pfSense is broken.
-
@steve1515 said in DHCP6-PD Proper Setup?:
I think the DHCP6-PD implementation in pfSense is broken.
It's been working here for 7 years and many others have no problem with it.
Either there's a problem with what your ISP provides or you configured something wrong. -
@jknott Yeah, I'm not sure what's going on. I feel something is broken because, I can do a packet capture and see that pfSense correctly requests the prefix and IP that I enter/request and the modem responds with the correct allocation. The issue is pfSense doesn't seem to do anything with this data that's returned from the modem. I see zero references to the requested allocations in the pfSense GUI. I'm not really sure what else to do or try. I was hoping 23.01 which is supposed to come out this month would possibly fix the issue.
-
Sometimes the solution is to start from scratch, as you may have set something and not realized it.
