Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not getting ipv6 address on WAN unless prefix delegation size is set to none

    Scheduled Pinned Locked Moved IPv6
    11 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpgsense251
      last edited by

      ISP: telenet (Belgium)
      ABO: ExpressNet
      pfsense: 2.4.3-RELEASE (amd64) built on Mon Mar 26 18:02:04 CDT 2018 FreeBSD 11.1-RELEASE-p7

      According to this (https://www2.telenet.be/nl/klantenservice/ipv6-bij-telenet-technische-uitleg/) and this(https://www.stroobant.be/telenet-ipv6-pfsense-configuratie) document, I should set 'DHCPv6 Prefix Delegation size' to 56

      However, when setting 'DHCPv6 Prefix Delegation size' (interface WAN) to 56, I DON'T get an ipv6 address.
      When setting 'DHCPv6 Prefix Delegation size' to none, I DO get an ipv6 address.

      On the LAN(s), the option to 'track interface', becomes meaningless, because, even though the WAN can be selected under 'Track IPv6 interface', the IPv6 Prefix ID can only be 0.

      The following errors are in the DHCP log, but according to 'the web', they are codmetic:
      May 10 11:36:45 dhcp6c 45232 failed initialize control message authentication
      May 10 11:36:45 dhcp6c 45232 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

      Anybody, who knows why I don't get an IPv6 address with prefix 56?

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        mrsunfire
        last edited by

        Remember you also have to set "Send IPv6 prefix hint". If you only request a /64 than of course you only can track 1 subnet (Prefix ID0). Thats no problem for private usage.

        Netgate 6100 MAX

        1 Reply Last reply Reply Quote 0
        • J
          jpgsense251
          last edited by

          If I enable 'Send IPv6 prefix hint' with 'DHCPv6 Prefix Delegation size' set to 'none', I get an error while saving:
          The following input errors were detected:
          DHCPv6 Prefix Delegation size must be provided when Send IPv6 prefix hint flag is checked

          If I enable 'Send IPv6 prefix hint' with 'DHCPv6 Prefix Delegation size' set to '56', I can successfully save, but I don't get an IP address.

          I've tried all available prefix sizes from the drop down list, I only get an IP address when selecting none.

          1 Reply Last reply Reply Quote 0
          • M
            mrsunfire
            last edited by

            Do a reboot after hitting save.

            Netgate 6100 MAX

            1 Reply Last reply Reply Quote 0
            • J
              jpgsense251
              last edited by

              Tried a reboot after saving the settings, no IPv6 address received…

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What does your ISP have to say?

                The entire exercise here is to make the router do what THEY require. It'd be nice if they said what they need.

                Really, all you can do is set the PD request to 56, kick the DUID to something new, and reboot.

                Be sure you enable the DHCP6c debug logs in the WAN configuration. You can see exactly what dhcp6c client thought about the lease process by going to Status > System Logs, DHCP and filtering on process dhcp6c.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • J
                  jpgsense251
                  last edited by

                  @Derelict and anyone else who wants to help me

                  I've already submitted a technical question to my ISP, but haven't received an answer yet (long weekend here in Belgium - replies only guaranteed? in two working days.

                  As I said, I've tried all possible PD's, only receive an IPv6 if 'none'

                  However, since I already activated 'debug', I saw the message that the server was reading an existing DUID from file.

                  You say to 'kick the DUID', how do I do that?

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Something like this:

                    https://forum.pfsense.org/index.php?topic=147798.msg802802#msg802802

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      jpgsense251
                      last edited by

                      @Derelict: Thank you so much

                      I did exactly what is recommended and now have an IPv6 (PD 56) on my WAN (igb0), two LAN (igb2 & igb3) interface tracking the WAN

                      So in summary for other users:

                      1. power off your cable modem
                      2. Save the /56 prefix request WAN configuration as shown in the other thread. Be sure DHCP6 debug output is checked.
                      3. Put one of the inside interfaces on Track Interface
                      4. Go to System > Advanced, Networking and be sure the DUID is set to be saved. The default format is DUID-LLT. You can increment that time in seconds by one or figure out what the current number would be based on the current time. The point is to use a new DUID the next time it requests a PD.
                      5. Halt the system and power it off
                      6. Power on the cable modem and let it go green
                      7. Power on the firewall.
                      When it settles in, look at the logs in Status > System Logs, DHCP. Filter on command dhcp6c. That will tell you exactly what happened.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Great to hear. Glad it worked.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          modi @Derelict
                          last edited by

                          @Derelict the URL is not working

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.