Unable to get DHCPv6 to work
-
I've been unable to get IPv6 via DHCPv6 to work on my UK vodafone PPPoE service, but it does work with the ISP provided router. As such, I have port mirrored and packet sniffed between the working router, and the pfSense router. I'm not technical enough to analyse these DHCPv6 packets and spot what pfSense configuration I might need. I have attached the wireshark logs below in case someone is able to look into this.
I apologise if there any any sensitive IPv6 details within it! Many thanks. -
@zingbats One difference I can see is that pfSense does not include IPv6 Prefix Delegation in the request. Try changing the Interfaces / WAN / DHCP6 Client Configuration to
-
@pst thanks for this. I had already tried it, but I've made some new logs. The shorter file name is just with your tickbox suggested as above, the second is with the additional tickbox of "Only request an IPv6 prefix, do not request an IPv6 address" ticked too, as some other users in these forums have had success with this with their ISP.
Is it worth spoofing the ISP WAN mac address?WireShark.zip
-
@zingbats Odd, neither of the new logs contains the Prefix Delegation element in the request. I wonder if the interface needs a restart before the configuration is applied? Try restart the WAN in Status / Interfaces and check if that makes a difference.
-
@pst I did a full reboot with just the prefix hint box. Log attached.
I am also going to back up and do a factory reset to see if that works.
EDIT: Factory reset did nothing. -
@zingbats nope, still the same.
-
@pst Well the factory reset didn't help either. Any other ideas?
-
@zingbats As you suggested, you could try the MAC spoofing. If that fixes the VF rejection, great but it still doesn't explain why pfSense doesn't include the Prefix Delegation hint when it has been configured to do so. Which version of pfSense are you running?
-
@pst when I did the factory reset I spoofed the mac in the wizard and it changed nothing.
Running latest pfSense CE (2.7.2), x86
-
This post is deleted! -
@zingbats I'm out of ides for the moment. I need to pop out for a few hour, hopefully I have some new ideas when I get back.
-
@zingbats I am trying to understand how VF is configuring the IPv6 connection, postings on the net suggests they are in the process of rolling out native IPv6 support. Could you post the result of https://ipv6-test.com/ using the ISP router? It should indicate if you have native IPv6, or 6to4 (see https://forum.vodafone.co.uk/t5/Other-broadband-queries/ipv6-settings/td-p/2742474/page/2)
-
@pst I had already read up on the 6to4, but as I'm a new customer, I knew I'd be on the native. Here's the screenshot from the vodafone router
-
@zingbats good you've native, pity as it closes another avenue. With everything you've already tested it doesn't really leave much else to try. I still suspect VF is rejecting the DHCPv6 Request because pfSense is not sending the same parameters as the original router.
Here's what pfSense is sending
Whereas the VF router sends additional information:
You could try adding the missing parameters (Option Request rDNS, Reconfigure Accept, Domain Name, and Prefix Delegation (which should have been included when setting Send Hint)) by enabling WAN / DHCP6 Client Configuration / Advanced Configuration, and then populate Advanced DHCP6 Client Configuration. I have never attemped this, and would not have much to contribute. There might be someone else though, that can provide the final pieces of this puzzle.
-
@pst I tried the advance options, but it seems like the manual that pfSense references does not support these DHCP6 options.
https://man.freebsd.org/cgi/man.cgi?query=dhcp6c.conf&apropos=0&sektion=0&manpath=FreeBSD+10.3-RELEASE+and+Ports&arch=default&format=html
I imagine that means it's game over sadly.
-
@zingbats said in Unable to get DHCPv6 to work:
I imagine that means it's game over sadly.
Not yet, it might just be a little more complicated than first imagined :)
Let's try and add one parameter:
I think this falls under the manual section
In pfSense that would I guess translate into
If that works we should see pfSense sending this parameter to the DHCP6 Request, and we can continue with the next parameter.
-
@pst I have tried setting JUST this as requested, and replicating the complete default config file (which includes domain-name-servers) and I don't see any options passed in the packets.
-
@zingbats I wonder if there's a bug in the 2.7.2 version of pfSense then. I did a test on my 23.09.1, adding sip-server-list as advanced configuration. I noticed that ONLY sip-server-list was requested, not DNS servers and other stuff which is usually asked for. The DHCPv6 Request was rejected and no IPv6 connectivity established. That seems to indicate that the Advanced DHCP6 configuration needs to be a complete configuration, AND that the DHCPv6 server might reject a Request that does not include everything it is expecting.
That both the Advanced DHCP6 configuration and "Send IPv6 prefix hint" seems to be ignored by pfSense 2.7.2, suggests a bug IMHO.
-
@pst luckily I'm in my 14 day cancellation window with my ISP so I'm moving to BT who seem to better support IPv6 without the need for non-standard options. Hopefully IPv6 will become more stable and configurable in pfsense soon, as it seems the dhcp6c is missing modern request options such as those required by vodafone.
-
@zingbats said in Unable to get DHCPv6 to work:
request options such as those required by vodafone
or it could just be us not understanding what is needed...
BTW, have you tried configuring SLAAC instead of DHCP6 on the WAN? (the last straw)