DHCP-PD does not work properly. Route does not get created!
- 
 Hi I have now made a demo configuration only containing the relevant parts which demonstratates the problem. 
 I have attached the configuration file so you are able to test it out. Rename the configuration file from .txt to .xml.
 Login and password are set to default admin/pfsense.If you wonder what kind of addresses I have used then they are the documentation addresses for IPv4 and IPv6 so they are clearly safe to use with respect to sharing on this forum. Again, I could only make dhcp-pd partly work by manually adding a route to the sub-router. It kind of seems like a bug. 
 To add the route manually you can enter:
 route add -net -inet6 2001:db8:1234:<subnet id="">::/64 2001:db8:1234:: <last two="" byte="" blocks="" of="" interface="" id="">(Before I add the route manually I can only ping6 the WAN address of the sub-router. After I add the route I can ping6 the tablet through the sub-router.
 Besides that I can add that I use the amd64 NanoBSD version of pfSense 2.2 RC from the 6th of Jan. 2015.)Can someone help me out to say whether there is a bug in pfSense or whether I have made a mistake? Regards and thanks! Anders demo-configuration.txt</last></subnet> 
- 
 It seems that this closed feature #2347 might need a fix: https://redmine.pfsense.org/issues/2347 
 The title of the feature is "Add routes into the routing table for delegated IPv6 prefixes.", which seems to be where the problem I bump into is related to.
- 
 I am looking into it 
- 
 Can you try with tomorrow snapshot? 
- 
 Hi Ermal Thank you! 
 I have tried the pfSense build "2.2-RC (amd64) built on Fri Jan 09 01:08:06 CST 2015".
 First I tried with the demo configuration (that I attached above) and then afterwards my normal configuration.
 It didn't work with either configuration.
 I had to manually add the route to get connection to the IPv6 subnet of the sub-router as before.
 Please tell if I can do something to help you again with this issue.- Anders
 
- 
 This is working just fine for me, mine isn't a terribly complicated setup either. DHCPv6 server set to hand out from a /64 and then delegate some /60 blocks from my /48. I have pfSense VMs that hit that edge firewall and get prefixes and the delegated subnet routes show up fine for me. There may be something peculiar about the content of your /var/dhcpd/var/db/dhcpd6.leases file that is causing a problem. 
- 
 Hi Jim and Ermal The sub-router is on link with the LAN, but I guess everyone already figured that one out (I just mention it to be sure). In my normal configuration I also got a /48 block from the ISP. Like in your case Jim the DHCPv6 server hands out from a /64 but delegates out /64 blocks (not /60 or /56). 
 In the same way I have set the demo configuration into a clean installed pfSense and also sometimes into a factory reset pfSense (but with the same result). The demo configuration is set up from scratch, but contains the same Prefix Delegation Range, Prefix Delegation Size and DHCPv6 Server Range(well the interface ID part of the IPv6 range - http://www.roesen.org/files/ipv6_cheat_sheet.pdf ) as my normal configuration.I have saved the dhcpd6.leases file and some screenshots, because I might have made an error without knowing it. 
 Because of the many files I have PMed you both with a link to the files.(I haven't mentioned it earlier, but I am in the timezone GMT+1. So I guess the "Status DHCPv6 leases" page in pfSense reflects that (GMT+1) where as the leases file shows the time in GMT, but I guess that is perfectly ok and hopefully this is not the cause why the route is not created.) 
- 
 Hi Jim and Ermal I found were the bug resides. 
 It is in prefixes.php combined with my sub-router which is from D-Link.The possible solutions are either to: - take a part of the ia-na string and ia-pd string (see below) that corresponds to the DUID and remove/leaving out the first 4 blocks (1 block => \xxx) or
- forcing the first 4 blocks zeroed out (\000) or
- do and verify what the dhcpdv6 service or my D-Link sub-router does
 Maybe you have an idea which solution is the correct approach? So that was the 3 possible solutions, now to what the problem is more specific. The problem is a bit complicated. 
 The ia-na string and ia-pd are not equal. The result of that is that when we reach line 57 in prefixes.php:55 $routes = array(); 56 foreach ($duid_arr as $entry) { 57 if(!empty($entry['ia-pd'])) { 58 $routes[$entry['ia-na']] = $entry['ia-pd']; 59 } 60 }, and want to insert an entry into $routes in the next line then $entry['ia-na'] does not exist and the result is the empty string! Why? Because ia-na lies in another entry of the $duid_arr, because as I stated above the ia-na string is in my case != ia-pd. So now to the contents of those two octal strings (\xxx => censored by me): ia-na: ia-na "\273\240\300\034\000\003\000\001\300\240\273\034\xxx\xxx" { ia-na in hex: BB A0 C0 1C 00 03 00 01 C0 A0 BB 1C XX XX ia-pd: ia-pd "\000\000\000\000\000\003\000\001\300\240\273\034\xxx\xxx" { ia-pd in hex: 00 00 00 00 00 03 00 01 C0 A0 BB 1C XX XX mac address of the sub-router: c0 :a0 :bb :1c :xx :xxNow, I don't want to reveal all of the mac address, because it is not necessary to show what is wrong, so I censored the strings a bit, but you've got the entire dhcpd6.leases file in the PM I sent to you. So either the dhcpd6 service in pfSense or my D-Link sub-router take the WAN mac address of the sub-router and move the first 4 blocks of the mac address around to generate the ia-na string so that: c0 :a0 :bb :1c :xx :xx <-- MAC c0 :a0 :bb :1c <-- First 4 blocks of MAC BB A0 C0 1C <-- two blocks (first and third) switch placesThese 4 blocks are then prepended to the DUID and that becomes the ia-na string! Why it is so, I don't know. For sure it is not modified EUI-64 format ( http://www.roesen.org/files/ipv6_cheat_sheet.pdf ). Maybe it is described in some RFC (if it is not some strange D-Link way of doing it)? So back to the 3 possible solutions. I hope you have an idea which solution is the best! :-) 
- 
 I just added a bug report here: https://redmine.pfsense.org/issues/4206 
- 
 Could you get us a packet capture of the Dlink's DHCPv6 traffic in a pcap file? 
