Unable to get DHCPv6 to work
-
@zingbats I am trying to understand how VF is configuring the IPv6 connection, postings on the net suggests they are in the process of rolling out native IPv6 support. Could you post the result of https://ipv6-test.com/ using the ISP router? It should indicate if you have native IPv6, or 6to4 (see https://forum.vodafone.co.uk/t5/Other-broadband-queries/ipv6-settings/td-p/2742474/page/2)
-
@pst I had already read up on the 6to4, but as I'm a new customer, I knew I'd be on the native. Here's the screenshot from the vodafone router
-
@zingbats good you've native, pity as it closes another avenue. With everything you've already tested it doesn't really leave much else to try. I still suspect VF is rejecting the DHCPv6 Request because pfSense is not sending the same parameters as the original router.
Here's what pfSense is sending
Whereas the VF router sends additional information:
You could try adding the missing parameters (Option Request rDNS, Reconfigure Accept, Domain Name, and Prefix Delegation (which should have been included when setting Send Hint)) by enabling WAN / DHCP6 Client Configuration / Advanced Configuration, and then populate Advanced DHCP6 Client Configuration. I have never attemped this, and would not have much to contribute. There might be someone else though, that can provide the final pieces of this puzzle.
-
@pst I tried the advance options, but it seems like the manual that pfSense references does not support these DHCP6 options.
https://man.freebsd.org/cgi/man.cgi?query=dhcp6c.conf&apropos=0&sektion=0&manpath=FreeBSD+10.3-RELEASE+and+Ports&arch=default&format=html
I imagine that means it's game over sadly.
-
@zingbats said in Unable to get DHCPv6 to work:
I imagine that means it's game over sadly.
Not yet, it might just be a little more complicated than first imagined :)
Let's try and add one parameter:
I think this falls under the manual section
In pfSense that would I guess translate into
If that works we should see pfSense sending this parameter to the DHCP6 Request, and we can continue with the next parameter.
-
@pst I have tried setting JUST this as requested, and replicating the complete default config file (which includes domain-name-servers) and I don't see any options passed in the packets.
-
@zingbats I wonder if there's a bug in the 2.7.2 version of pfSense then. I did a test on my 23.09.1, adding sip-server-list as advanced configuration. I noticed that ONLY sip-server-list was requested, not DNS servers and other stuff which is usually asked for. The DHCPv6 Request was rejected and no IPv6 connectivity established. That seems to indicate that the Advanced DHCP6 configuration needs to be a complete configuration, AND that the DHCPv6 server might reject a Request that does not include everything it is expecting.
That both the Advanced DHCP6 configuration and "Send IPv6 prefix hint" seems to be ignored by pfSense 2.7.2, suggests a bug IMHO.
-
@pst luckily I'm in my 14 day cancellation window with my ISP so I'm moving to BT who seem to better support IPv6 without the need for non-standard options. Hopefully IPv6 will become more stable and configurable in pfsense soon, as it seems the dhcp6c is missing modern request options such as those required by vodafone.
-
@zingbats said in Unable to get DHCPv6 to work:
request options such as those required by vodafone
or it could just be us not understanding what is needed...
BTW, have you tried configuring SLAAC instead of DHCP6 on the WAN? (the last straw)
-
@pst SLAAC yielded no luck, unfortunately.
I did another clean install of pfsense and couldn't get the options to appear in the DHCP6 packets. As part of my research, I decided to test OPNSense. You can see in my packet below that it sent one (spoofing the MAC of the vodafone router) but it didn't seem to send it directly to the Nokia media convertor / modem. I think I'm right in assuming it broadcast it? Don't forget these devices are on their own VLAN to allow packet sniffing. Is that relevant here?
I am not asking for help with OPNSense because I much prefer supporting pfsense, but I wonder if this knowledge might help us? i.e. what is OPNSense using as a DHCP6 Client, and why is it sending the packet differently.
-
@zingbats I had similar issues when trying to get my BT IPv6 working, these are the settings I changed to get it to work in the end.
I think I had to reset the connection once the changes had been made.In the WAN settings set to DHCP6 and in client config
In the LAN settings page set track interface and under Track IPv6 Interface
And then in the Firewall LAN rules make sure you have IPv6 added to the any rule.
-
This post is deleted! -
@mikemod @pst Thanks for your help! Weirdly, turns out this worked on OPNSense but not on pfSense. On pfSense, despite configuring Router Advertisements (unmanaged), I cannot load some ipv6 websites when I can on OPNSense.
I can ping ipv6.google.com but a tracert / https request to https://ipv6-test.com just times out.DNS is functioning fine.
If I don't get any further responses, I'll start a new thread.
-
@zingbats said in Unable to get DHCPv6 to work:
My Router Advertisements is set to disabled
I set it to "Router Advertisements (unmanaged)" and it broke my IPv6 connection
Setting it back to disabled and saving didn't help, I had to reboot the router, with it set to disabled, to get IPv6 restored. -
I solved things the other way around.
As my router, pfSense, gets a prefix, and I prefer that my pfSEnse handles all network related issues, I've set it to :
and since that moment, my LAN is fully IPv6 operational.
My (may stupid) thought is : if you disable it, or unmange it, who will handle the Ipv6 details ?
Me ? No way.
Go SLAAC mode ? No thanks. -
@mikemod interesting. When I have RA disabled I can't get any IPv6 addresses on the lan clients.
-
@zingbats Yes all seems a bit strange around that setting.
If I change mine to Managed and then back to disabled I also lose all IPv6 IPs from the clients.
In the status/services it shows "radvd Router Advertisement Daemon" with a red cross.I had to actually do a config restore to get back to where I was, with it disabled by default.
-
@mikemod said in Unable to get DHCPv6 to work:
If I change mine to Managed and then back to disabled I also lose all IPv6 IPs from the clients.
In the status/services it shows "radvd Router Advertisement Daemon" with a red cross.Isn't that obvious : you disable the service so it isn't running == a red cross ?(!)
pfSense, out of the box, doesn't use/have IPv6 activated, as every ISP on planet earth uses it's own method to use it. Some (probably : most) are still pretty broken if they do so.
When you managed to activate IPv6 on your WAN (you've obtained an IPv6 on WAN)
AND
pfSense also obtained from upstream (your ISP, or your local ISP router) at least one or more prefix,
AND you use this prefix with the 'tracking' method on one of your LAN's like :
a bit lower on the same LAN settings page ; you select WAN as the interface to track, and the prefix ID ( I've only one, so 0 out of 0) :
THEN
Activate the DHCPv6 server on LAN and set it up a bit like a DHCPv4 server on that LAN :
Example :
and of course you use RADVD as managed :
because (pure BS ahead ) : do you want to manage IPv6 yourself or do you want pfSense to do it for you ? ^^
(ok, now I'll get struck by the IPv6 purists and other SLAAC fans)From then on :
..... again : every ISP handles IPv6 somewhat differently. If you wonder why, then be welcome to the club. Ask your ISP ^^ tel us what they said, as their replies go often way beyond humor.
Some thinking, documentation and "selecting the right ISP" is, as always, important (was previously known as "learning")
IPv6 isn't plug and play, and this is understandably, as it took decades for IPv4 to become what it is today (so we can ditch it for-good "tomorrow". -
@Gertjan So if it's disabled by default then why does it work if I don't change that setting and it shows a green tick in the services.
All clients pass the IPv6 tests and if I ping google.co.uk it uses the google IPv6 address.
