DHCP-PD available

databeestje · Aug 22, 2011, 7:37 PM

Hi,

I've just added DHCP-PD "Prefix Delegation" support to the pfsense 2.1 tree. I've tested basic functionality for both PPPoE and ethernet setups and it appears to work as it should.

I would like some feedback with regards to the dhcp6 support. Ideally people that have a PPPoE with IPv6 support or cable ISPs that have also do IPv6 by DHCP6.

pbnet · Nov 10, 2011, 10:45 AM

Hello,

My ISP uses IPv6 via PPPoE.
I activate the IPv6 stack using a specific string in the PPPoE service name.
I still have issues configuring DHCPv6-PD.

Anyone has more information on how to configure it ?

Thanks a lot.

databeestje · Nov 10, 2011, 12:35 PM

Have you enabled the dhcp6 option for the ipv6 configuration of your wan interface? After enqbling that you should see the ipv6 address on your interfaces status page.

If that checks out you can select if you want prefix.delegation and what size. Then on the lan interface you can select the network number of the prefix delegation.

pbnet · Nov 12, 2011, 6:02 AM

I have enabled DHCPv6 on the WAN interface. I get an IPv6 address on the WAN.
Here are the interfaces:

[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ifconfig
rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 00:e0:4c:72:f8:af
inet 172.17.77.100 netmask 0xffffff00 broadcast 172.17.77.255
inet6 fe80::2e0:4cff:fe72:f8af%rl0 prefixlen 64 scopeid 0x1
inet6 fe80::1%rl0 prefixlen 64 scopeid 0x1
nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:08:02:c7:c7:81
inet6 fe80::208:2ff:fec7:c781%fxp0 prefixlen 64 scopeid 0x2
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
inet6 fe80::bc1a:3721%pppoe0 prefixlen 64 scopeid 0x8
inet 188.26.55.33 –> 10.0.0.1 netmask 0xffffffff
inet6 2a02:2f01:104d:f004::bc1a:3721 prefixlen 64 autoconf
nd6 options=3 <performnud,accept_rtadv>[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2):

The problem is that I cannot get an IPv6 on the LAN side…
You can choose the PD on the LAN side, but not the network number as you suggest

In my opinion, the DHCP configuration on the PPPoe Interface is somehow wrong

cat /var/etc/dhcp6c_wan.conf

interface pppoe0 {
send ia-na 0; # request stateful address
send ia-pd 0; # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers pleas33e
};
id-assoc na 0 { };
id-assoc pd 0 {
};

and I think it should be:

interface pppoe0 {
send ia-na 0; # request stateful address
send ia-pd 0; # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers pleas33e
};
id-assoc na 0 { };
id-assoc pd 0 {
prefix-interface rl0{
sla-id 0;
sla-len 0;
};
};

The problem is that the DHCP config file changes upon reboot, so I cannot be sure of that.

Any help would be greatly appreciated.</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu></up,broadcast,running,simplex,multicast>

databeestje · Nov 12, 2011, 9:25 AM

On the LAN interface you should be able to select a prefix delegation number. That should setup the proper dhcp6 config.

Under static IPv6 configuration on the lan interface should be a drop down.
"DHCPv6 Prefix Delegation ID This ID sets the delegated DHCP-PD prefix number which will be used to setup the interface. "

pbnet · Nov 13, 2011, 2:25 PM

Unfortunately I cannot find the ID you are talking about.
Here are some screenshots of my setup:

Wan side:

Lan side:

databeestje · Nov 13, 2011, 5:47 PM

aha, that looks like a off by one. With a prefix length of 64 it should have set the field to id 0, but instead it's set to "None".

That is something that I can fix.

pbnet · Nov 14, 2011, 5:24 AM

Thanks a lot.
Please let me know where can I download a new ISO with the fix included or just simply a fix for this.

databeestje · Nov 14, 2011, 7:10 PM

fix or replace interfaces.php with the version from here.

https://github.com/bsdperimeter/pfsense/commit/643c9f9f4e5c46f7b80779c10f0f9f0234035bb2#diff-0

That should work.

pbnet · Nov 15, 2011, 5:04 PM

Hello,

Thank you for your quick reply and fix.
I think I'm still missing something.

Now, I have the choice between 0 and none for the prefix delegation ID.
I chose 0, but I still don't get an IPv6 address on the PC behind the router.

[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ifconfig
rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 00:e0:4c:72:f8:af
inet 172.17.77.100 netmask 0xffffff00 broadcast 172.17.77.255
inet6 fe80::2e0:4cff:fe72:f8af%rl0 prefixlen 64 scopeid 0x1
inet6 fe80::1%rl0 prefixlen 64 scopeid 0x1
nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:08:02:c7:c7:81
inet6 fe80::208:2ff:fec7:c781%fxp0 prefixlen 64 scopeid 0x2
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
inet6 fe80::524d:6299%pppoe0 prefixlen 64 scopeid 0x8
inet6 2a02:2f01:104d:f002::524d:6299 prefixlen 64 autoconf
inet 82.77.98.153 –> 10.0.0.1 netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2):

Thanks for any help that you can provide.
Andrei</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu></up,broadcast,running,simplex,multicast>

databeestje · Nov 15, 2011, 5:28 PM

can you see if the dhcp6c client is active?

ps auxw|grep dhcp6 on the command prompt page.

it should also now start a rtadvd daemon, that should be visible too in a process list.

pbnet · Nov 16, 2011, 5:27 AM

It seems that the DHCPv6 server is active.
I cannot see the RTADVD

[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ps auxw|grep dhcp6
root 52263 0.0 0.3 3316 1368 ?? Ss 7:22AM 0:00.00 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf pppoe0
root 3730 0.0 0.2 1848 808 0 R+ 7:25AM 0:00.00 grep dhcp6
[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2): ps
PID TT STAT TIME COMMAND
4825 v0 Is 0:00.02 login [pam] (login)
5039 v0 I 0:00.01 -sh (sh)
6754 v0 I+ 0:00.01 /bin/sh /etc/rc.initial
50096 v0- IN 0:00.03 /bin/sh /var/db/rrd/updaterrd.sh
2750 0 S 0:00.02 /bin/tcsh
4053 0 R+ 0:00.00 ps
47193 0 Is 0:00.01 -sh (sh)
47829 0 I 0:00.01 /bin/sh /etc/rc.initial
[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(3):

Do I need to setup something else?

databeestje · Nov 16, 2011, 6:33 AM

This sounds odd, but has a reboot helped?

pbnet · Nov 16, 2011, 8:30 AM

Rebooted the PFsense router.
Everything is OK on the WAN side (IPv4 + IPv6).
Still the same issues on the LAN side.

To be honest, I don't know if I've missconfigured something or not.

databeestje · Nov 16, 2011, 5:40 PM

would you mind giving me access to the box to investigate? You can send details to my email address seth.mos@dds.nl

pbnet · Nov 17, 2011, 5:42 AM

Hello Seth,

You have the details via e-mail.

Thanks a lot.

databeestje · Nov 19, 2011, 12:42 PM

I've managed to fix his installation and committed a few patches to the repo.

The biggest issue is that the bogonsv6 table might be lagging on your installation, although we update that table very frequently at files.pfsense.org it might still be out of date.

If you do run into issues with the dhcp6 client not aquiring a address and the dhcp6 requests ending up in the firewall logs as [fe80::something]:547 or [fe80::something]:546 it is probably hitting the bogons filter.

After disabling the bogons on the WAN interface it succesfully acquired a DHCP-PD prefix for the LAN.