pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...

kiokoman

i'm replicating your config on my virtual machine, i have the same behavior.
ipv4 work on all interface, ipv6 only on LAN

kiokoman

i get an adress if i configure a /64 but dhcpv6 still not working idk if it's a bug or what

tomeq82

@kiokoman exactly. Only slac works and only for /64 prefixes (which is obvious) DHCPv6 works only on first interface of the bridge

kiokoman

i can't find a way out ...
what i found with packet capture is that there is no answer from dhcp
from console i use struss against the running dhcp. it see request coming from dhclient -4 but it see nothing coming from dhclient -6

tomeq82

@kiokoman when you assign shorter network for each one of the interfaces from the bridge it will work. But will work randomly. This is apparently a bug but...

Derelict

Interfaces get a /64. Anything else is nonsense.

kiokoman

yes, well i was testing with prefix set to /64 for the interface but i don't understand why dhcpv6 is unreacheable

tomeq82

Yes, despite the prefix set (/64 or any else) DHCPv6 doesn't work over bundled interfaces. It should normally as it does for DHCPv4. I have floating rule allowing all traffic in the lan area so it is no issue either here...

BTW, shorter prefixes are used widely in the enterprises, this is not nonsense.

JKnott

@tomeq82 said in pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...:

BTW, shorter prefixes are used widely in the enterprises, this is not nonsense.

Not on the LAN, where /64 must be used. The shorter prefixes are split by routers, eventually winding up at /64s. For example, I get a /56 from my ISP, which I can split up into 256 /64s. I could, if needed, spit it into other prefixes, for routing elsewhere, before getting to the /64s.

tomeq82

@JKnott Correct, nevertheless - in this scenario it doesn't really matter. /64 is not hard limit in any kind (only if you use SLAAC it is "must")

JKnott

@tomeq82 said in pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...:

@JKnott Correct, nevertheless - in this scenario it doesn't really matter. /64 is not hard limit in any kind (only if you use SLAAC it is "must")

From RFC4291

" For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long and to be
constructed in Modified EUI-64 format."

Derelict

@tomeq82 well aware that interfaces may be set to prefixes longer than /64 in certain router-to-router links, etc. That is not what is being discussed here. Interfaces with hosts on them need to be /64.