Prefix delegation to second router.

Derelict

A proper PD from the first router should also create a route for that PD to the downstream router's WAN interface.

My DHCP6 server is 2.3.2_1, however. Should be 2.4 real soon now. In fact. This is as good a time as any.

Guest

A proper PD from the first router should also create a route for that PD to the downstream router's WAN interface.

My DHCP6 server is 2.3.2_1, however. Should be 2.4 real soon now. In fact. This is as good a time as any.

Running 2.4 on both routers, not there yet or if it is, mine doesnt work!

Derelict

Haven't gotten there yet but also have not heard oany problems there so it's probably something you've done.

Guest

@marjohn did you get to the bottom of this ?

Guest

Nix…

MikeV7896

It should be noted that if router 1 gets its IPv6 prefix from your ISP via DHCPv6-PD, pfSense is not set up to subdelegate parts of that prefix to downstream routers (unless this has changed in 2.4; it doesn't work in 2.3.2).

For example… if you get a /56 or /60 from your ISP via DHCPv6-PD, you can't sub-delegate /64's to downstream routers on your network.

Derelict

I don't see why you couldn't slice out a piece of the delegated prefix for dhcpv6 downstream PD.

You would need at least one interface outside that set as track interface or the PD will not happen.

You would also have to manually change the DHCPv6 PD config if the ISP gave you a different PD.

Haven't tested though. All my DHCPv6 server PDs are from a static /48 here. (HE)

Guest

@Derelict:

I don't see why you couldn't slice out a piece of the delegated prefix for dhcpv6 downstream PD.

You would need at least one interface outside that set as track interface or the PD will not happen.

You would also have to manually change the DHCPv6 PD config if the ISP gave you a different PD.

Haven't tested though. All my DHCPv6 server PDs are from a static /48 here. (HE)

And indeed you can, but you'll need to manually set that route and gateway up. I've been through 2.4's code and I cannot see anywhere where DHCPD or any hooks from dhcpd will set up that route and gateway for you.

As I said, not a major issue or me anyway, and I know for a fact that the ISP's supplied routers are not capable of anything like that at present. Maybe down the road it will happen.

Derelict

Not a problem in 2.4.

Just routed a /56 to a 2.4 VM and set up /60 PDs behind it. Client is also 2.4.

Routing table:
2001:470:xxxx:7df0::/60 2001:470:xxxx:7e01::32a2 UGS 0 1500 xn0

DHCPv6 leases:
2001:470:xxxx:7df0::/60
Routed To: 2001:470:xxxx:7e01::32a2

Guest

I take it back :)

The question is then, what I am I doing wrong that you are doing right, or maybe it just won't work were LAN IPv6 tracks the WAN interface.

Derelict

The client VM there is a default config with DHCPv6 on WAN and tracking LAN.

Guest

So what does your prefix delegation range entry look like on the dhcp6 server and RA when you have selected /60 as the prefix delegation size?

Derelict

Routed subnet: 2001:470:xxxx:7d00::/56

Prefix delegation range:
From: 2001:470:xxxx:7d00:: To: 2001:470:xxxx:7df0::
Prefix delegation size: 60

Guest

Ah, I think I see the error of my ways.

I'll confirm that shortly.

Guest

Indeed yes… Thank you Derelict. Simple error on my part.

Guest

Care to share your settings in the GUI ?

Guest

What for IPv6? or are you still trying to get v4 to work arse backwards? :P

Guest

IPv6

I realised after your tutoring that my IPv4 looback idea would just stupid :-)

Guest

Not too difficult though. You could forward port 80 on the Wan of the second router to the lan address of the 2nd router, you'll need to create the relevent rules.

Why you would want to do it is what i am unsure about.

I can think of a more secure way of doing it though. Port forward 'x' port on the primary to 'x' port on the secondary and have openvpn listen on that 'x' port on the secondary, then you'll have a vpn to the secondary LAN side and can do whatever you like.

Elv

@marjohh:

I can manually add a gateway and route to the primary router, then it works, is that the norm or am I completely wide of the mark?

edit:

Think I am getting my head around this. dhcp6c puts a /64 prefix on the LAN, which means that in my case, with a /56 prefix the last eight bits of the prefix on my LAN are always going to be 0. Any /64 prefix delegation on my LAN will be be using those eight bits, thus giving my my 256 sub nets.

I have exact the same problem. Data going through WAN into internet and answers are received on WAN and not forwarding to LAN. Can you explain the gateway and route you have added in detail, please?