IPV6, prefix delegation and Wireguard
-
You mean using a dynamic prefix from your PD as the Wireguard tunnel subnet?
Or listening on an internal interface that is part of the PD?
-
I mean that the virtual interface that is created as part of the Wireguard deployment process outlined in the pfSense+ documentation is not suitable as a Prefix Delegation target.
When specifying the Wireguard interface in the list of interfaces "asking" for Prefix Delegations, the Prefix Delegation for ALL interfaces fails.
If you're suggesting there is another way of doing this with Prefix Delegation, I'm very interested to hear about it.
Please have a look at this "bug" in the meantime.
Thanks
-
How exactly are you setting it? What error do you see?
-
I don't have the exact error in front of me. It was something like "link failed".
Like I said at the outset, I'm not looking for support advice. I'm looking for someone knowledgeable about specifically Wireguard and ipv6 Prefix Delegation in pfSense+.
If it's not currently supported, shouldn't it be in release notes errata or something?
Here's the file that works:
interface ix2 { send ia-na 0; send ia-pd 0; send ia-pd 1; send ia-pd 2; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { }; id-assoc pd 0 { prefix-interface igc0 { sla-id 0; sla-len 0; }; }; id-assoc pd 1 { prefix-interface igc0.1001 { sla-id 0; sla-len 0; }; }; id-assoc pd 2 { prefix-interface igc0.69 { sla-id 0; sla-len 0; }; };And here's the code that doesn't:
interface ix2 { send ia-na 0; send ia-pd 0; send ia-pd 1; send ia-pd 2; send ia-pd 3; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { }; id-assoc pd 0 { prefix-interface igc0 { sla-id 0; sla-len 0; }; }; id-assoc pd 1 { prefix-interface igc0.1001 { sla-id 0; sla-len 0; }; }; id-assoc pd 2 { prefix-interface igc0.69 { sla-id 0; sla-len 0; }; }; id-assoc pd 3 { prefix-interface tun_wg0 { sla-id 0; sla-len 0; }; }; -
Sorry I'm just trying to understand the problem since I've never hit it. Either it's something I've never tried (probably) or it's something that just worked for me in which case it may be a regression for example.
-
Do you happen to know if Wireguard ipv6 with Prefix Delegation is supported by pfSense+ ?
-
No I don't know for sure. I was trying to replicate your setup. It looks like you're using a custom dhcp6c config? Pulling individual PDs?
-
Yes, this is how one "pulls" prefix delegations from CPE.
-
@cmcdonald will know. Let's see...
-
Looking forward to some clarity. Thank you!
-
F FreeYourMind referenced this topic on
