Router Advertisements not working as expected

mvuille

Configuration:

• pfSense+ 23.09.1-RELEASE on Netgate 1100 hardware.
• LAN port is connected to 1G Ethernet network.
• OPT port is VLAN trunk connected to Wi-Fi AP with three SSIDs on separate VLANs, each VLAN is configured as an interface on pfSense.
• WAN is configured with "DHCPv6 Prefix Delegation size" of "62".
• LAN and each Wi-Fi/VLAN interface are configured with "IPv6 Configuration Type" of "Track Interface" and "IPv6 Interface" of "WAN".
• LAN is configured with "IPv6 Prefix ID" of "0".
• First Wi-Fi/VLAN interface is configured with "IPv6 Prefix ID" of "1", and so forth.
• On LAN and each Wi-Fi/VLAN interface, Router Advertisement "Router Mode" is configured as "Unmanaged".

Observations with Wireshark/tcpdump:

On the LAN, things are working as expected: router advertisements have no flags set and include a prefix option.

On the Wi-Fi/VLAN interfaces, Router Advertisements are not right:

• The O (other stateful) flag is set, and
• There is no prefix option included.

Any idea what is wrong, or any suggestions how to debug?

JKnott

@mvuille

What is router mode set to for each interface?

mvuille

@JKnott

As stated on the last line of Configuration, "Unmanaged"

patient0

@mvuille since on the SG-1100 all the ports are on the same internal switch setting up VLANs is getting used to.

If in doubt you may have a look at the video from Lawrence System explaining it (Just wanted to mention it).

The PD of /62 (just enough for the 4 PDs) is what you get from Upstream, right? And can you see in the system logs for dhcp6c that the PD ID are assigned to the VLANs?

mvuille

I looked at the radv.conf generated by the UI, and it is consistent with what I'm observing on the wire, but not with the fact that the LAN (VLAN 4093) is configured identically (except for Prefix ID) to the Wi-Fi VLANs (10, 20)

# Automatically Generated, do not edit
# Generated for DHCPv6 Server lan
interface mvneta0.4093 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvDefaultLifetime 1800;
        AdvLinkMTU 1500;
        AdvDefaultPreference medium;
        prefix <redacted>/64 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
        };
        route ::/0 {
                AdvRoutePreference medium;
                RemoveRoute on;
        };
};
# Generated config for dhcp6 delegation from wan on opt2
interface mvneta0.10 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix ::/64 {
                AdvOnLink on;
                AdvAutonomous on;
        };
};
# Generated config for dhcp6 delegation from wan on opt3
interface mvneta0.20 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix ::/64 {
                AdvOnLink on;
                AdvAutonomous on;
        };
};

mvuille

I only have TAC Lite support for this appliance, so Netgate can't drill into this problem too deeply, but they did suggest that the problem is due to the fact that the LAN interface has an IPv6 address but the Wi-Fi/VLAN interfaces do not.

However, as I mentioned in my original post, all the interfaces are configured the same, with "IPv6 Configuration Type" of "Track Interface" and "IPv6 Interface" of "WAN", and consecutive "IPv6 Prefix ID" of "0", "1", and so on.

mvuille

@patient0
You were on the right track.
After an additional nudge from Netgate support (going above and beyond), I changed PD from 62 to 56 and it's working now.