Pfsense configures radvd with a /60, breaking it [SOLVED]
-
What is in your
/var/etc/dhcp6c_wan.conffile?There is math involved inside the client because it has to take the prefix length and calculate it based on the prefix ID and what was received. It's not math done by pfSense, but inside
dhcp6c. -
[2.4.4-RELEASE][ripdog@madokasama.home]/home/ripdog: cat /var/etc/dhcp6c_wan.conf interface pppoe0 { send ia-pd 0; # request prefix delegation request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh"; # we'd like nameservers and RTSOLD to do all the work }; id-assoc pd 0 { prefix ::/56 infinity; prefix-interface em1 { sla-id 0; sla-len 8; }; }; -
What happens if you uncheck the "send prefix hint" box in the WAN settings?
Also, with the client in debug mode what gets logged from the ISP for the prefix (lines containing
IA_PD)The
sla-lenbits are correct if you receive a /56, but I have to wonder if maybe somehow dhcp6c is using the prefix hint incorrectly if what it receives from the ISP does not match that prefix size. -
I have no idea how I got this so wrong, but it turns out I was wrong about my ISPs prefix size AGAIN. You only get a /56 if you pay for a static IP+prefix, everyone else gets a /48. They don't document this, of course. I suppose the community members who had documented their own IPv6 setups had mostly been paying for the static IP.
After turning off the prefix hint (seems it wasn't necessary after all) and setting the prefix length to /48, ifconfig is reporting a /64 being put on my LAN interface, and radvd is getting the same and working fine.
Thanks so much for your help.
Since you're a developer, I have to ask: It seems like it should be fairly easy for pfsense to detect when dhcp6c is receiving a different prefix length to what is being configured. Perhaps it could detect that and provide an alert like "You've configured WAN to receive a /56 prefix, but your ISP provided a /48. IPv6 may not work until the prefix length is correctly configured."? Might stop others from falling into the trap I did.
Thanks again.
-
@ripdog said in Pfsense configures radvd with a /60, breaking it [SOLVED]:
You only get a /56 if you pay for a static IP+prefix, everyone else gets a /48.
Hopefully, they'll respect the DUID and provide a consistent prefix. When they say static, are they referring to the WAN IP or the entire prefix? It's only the prefix you're worried about. The WAN IP is pretty much irrelevant.
It's a shame you'll have to make do with only a meager /48.
-
Hah, I'm not complaining. 48 is bigger, after all.
Static is a product for both v4 and v6, giving a static v4 IP and v6 prefix. I have no idea how often my prefix changes, I haven't bothered to find out. I'm not worried, anyway.
-
@ripdog said in Pfsense configures radvd with a /60, breaking it [SOLVED]:
Since you're a developer, I have to ask: It seems like it should be fairly easy for pfsense to detect when dhcp6c is receiving a different prefix length to what is being configured.
It actually isn't. The client doesn't expose the prefix to scripts or the environment in any way yet. There is an open issue where someone is looking into that, though.
At the moment the only way to even find that out is putting the client in debug mode and then scraping the log output, which is too late to do anything programmatically and prone to errors.
-
Log scraping is what I had been thinking about, actually. Leaving the client in debug mode by default seems fine, surely? It's not like it spams thousands of messages or anything.
-
I leave all of mine in debug mode. It's generally harmless and usually when I look for the logs they've already rolled off. And I have my logs set to 50MB. Not spammy at all.
-
I have similar messages from radvd and want to debug dhcp6c messages, but I don't see debug option anywhere, how can I start dhcp6c in debug mode? PfSense version is 23.05 WAN is PPPoE and LAN is set to track IPv6 on WAN.
