Unable to get DHCPv6 to work
-
@pst Well the factory reset didn't help either. Any other ideas?
-
@zingbats As you suggested, you could try the MAC spoofing. If that fixes the VF rejection, great but it still doesn't explain why pfSense doesn't include the Prefix Delegation hint when it has been configured to do so. Which version of pfSense are you running?
-
@pst when I did the factory reset I spoofed the mac in the wizard and it changed nothing.
Running latest pfSense CE (2.7.2), x86
-
This post is deleted! -
@zingbats I'm out of ides for the moment. I need to pop out for a few hour, hopefully I have some new ideas when I get back.
-
@zingbats I am trying to understand how VF is configuring the IPv6 connection, postings on the net suggests they are in the process of rolling out native IPv6 support. Could you post the result of https://ipv6-test.com/ using the ISP router? It should indicate if you have native IPv6, or 6to4 (see https://forum.vodafone.co.uk/t5/Other-broadband-queries/ipv6-settings/td-p/2742474/page/2)
-
@pst I had already read up on the 6to4, but as I'm a new customer, I knew I'd be on the native. Here's the screenshot from the vodafone router
-
@zingbats good you've native, pity as it closes another avenue. With everything you've already tested it doesn't really leave much else to try. I still suspect VF is rejecting the DHCPv6 Request because pfSense is not sending the same parameters as the original router.
Here's what pfSense is sending
Whereas the VF router sends additional information:
You could try adding the missing parameters (Option Request rDNS, Reconfigure Accept, Domain Name, and Prefix Delegation (which should have been included when setting Send Hint)) by enabling WAN / DHCP6 Client Configuration / Advanced Configuration, and then populate Advanced DHCP6 Client Configuration. I have never attemped this, and would not have much to contribute. There might be someone else though, that can provide the final pieces of this puzzle.
-
@pst I tried the advance options, but it seems like the manual that pfSense references does not support these DHCP6 options.
https://man.freebsd.org/cgi/man.cgi?query=dhcp6c.conf&apropos=0&sektion=0&manpath=FreeBSD+10.3-RELEASE+and+Ports&arch=default&format=html
I imagine that means it's game over sadly.
-
@zingbats said in Unable to get DHCPv6 to work:
I imagine that means it's game over sadly.
Not yet, it might just be a little more complicated than first imagined :)
Let's try and add one parameter:
I think this falls under the manual section
In pfSense that would I guess translate into
If that works we should see pfSense sending this parameter to the DHCP6 Request, and we can continue with the next parameter.
-
@pst I have tried setting JUST this as requested, and replicating the complete default config file (which includes domain-name-servers) and I don't see any options passed in the packets.
-
@zingbats I wonder if there's a bug in the 2.7.2 version of pfSense then. I did a test on my 23.09.1, adding sip-server-list as advanced configuration. I noticed that ONLY sip-server-list was requested, not DNS servers and other stuff which is usually asked for. The DHCPv6 Request was rejected and no IPv6 connectivity established. That seems to indicate that the Advanced DHCP6 configuration needs to be a complete configuration, AND that the DHCPv6 server might reject a Request that does not include everything it is expecting.
That both the Advanced DHCP6 configuration and "Send IPv6 prefix hint" seems to be ignored by pfSense 2.7.2, suggests a bug IMHO.
-
@pst luckily I'm in my 14 day cancellation window with my ISP so I'm moving to BT who seem to better support IPv6 without the need for non-standard options. Hopefully IPv6 will become more stable and configurable in pfsense soon, as it seems the dhcp6c is missing modern request options such as those required by vodafone.
-
@zingbats said in Unable to get DHCPv6 to work:
request options such as those required by vodafone
or it could just be us not understanding what is needed...
BTW, have you tried configuring SLAAC instead of DHCP6 on the WAN? (the last straw)
-
@pst SLAAC yielded no luck, unfortunately.
I did another clean install of pfsense and couldn't get the options to appear in the DHCP6 packets. As part of my research, I decided to test OPNSense. You can see in my packet below that it sent one (spoofing the MAC of the vodafone router) but it didn't seem to send it directly to the Nokia media convertor / modem. I think I'm right in assuming it broadcast it? Don't forget these devices are on their own VLAN to allow packet sniffing. Is that relevant here?
I am not asking for help with OPNSense because I much prefer supporting pfsense, but I wonder if this knowledge might help us? i.e. what is OPNSense using as a DHCP6 Client, and why is it sending the packet differently.
-
@zingbats I had similar issues when trying to get my BT IPv6 working, these are the settings I changed to get it to work in the end.
I think I had to reset the connection once the changes had been made.In the WAN settings set to DHCP6 and in client config
In the LAN settings page set track interface and under Track IPv6 Interface
And then in the Firewall LAN rules make sure you have IPv6 added to the any rule.
-
This post is deleted! -
@mikemod @pst Thanks for your help! Weirdly, turns out this worked on OPNSense but not on pfSense. On pfSense, despite configuring Router Advertisements (unmanaged), I cannot load some ipv6 websites when I can on OPNSense.
I can ping ipv6.google.com but a tracert / https request to https://ipv6-test.com just times out.DNS is functioning fine.
If I don't get any further responses, I'll start a new thread.
-
@zingbats said in Unable to get DHCPv6 to work:
My Router Advertisements is set to disabled
I set it to "Router Advertisements (unmanaged)" and it broke my IPv6 connection
Setting it back to disabled and saving didn't help, I had to reboot the router, with it set to disabled, to get IPv6 restored. -
I solved things the other way around.
As my router, pfSense, gets a prefix, and I prefer that my pfSEnse handles all network related issues, I've set it to :and since that moment, my LAN is fully IPv6 operational.
My (may stupid) thought is : if you disable it, or unmange it, who will handle the Ipv6 details ?
Me ? No way.
Go SLAAC mode ? No thanks.