Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5
-
On your AT&T RG, what does it say for your WAN connection (Settings -> Broadband -> Status)?
On mine, I have IPv6 Internet Connection with the following data:
IPv6 Internet Address: 2001:506:xxxx:xxxx::1
IPv6 Default Gateway: fe80::xxxx:xxxx:xxxx:xxxx
IPv6 Delegated Prefix: 2600:1700:xxxx:xxxx::/60Also under Settings -> LAN -> Status, there is IPv6 Status:
LAN Status: Up
Link Local Address: fe80:xxxx:xxxx:xxxx:xxxx
Delegated Address: 2600:1700:xxxx:xxxx::1Where the delegated address is inside the IPv6 delegated prefix range in the section above.
Check DHCP (Settings -> LAN -> DHCP) under DHCP6 Configuration:
Prefix Delegation: Enabled (checkmark)
Address Assignment: Enabled (checkmark)Lastly ensure IPv6 is enabled in the LAN (Settings -> LAN -> IPv6):
IPv6 LAN Enabled: Enable (checkmark)
... the important takeaways are the broadband status page shows the IPv6 Delegated prefix is both present and has a /60 at the end. If the RG is set up correctly as above or if you've made changes to these settings, try a reboot. If it still doesn't get a /60 you may need to talk to AT&T and ask why that is the case.
As far as I'm aware, all AT&T RGs get a /60 and the device itself needs and reserves multiple /64s from the /60 just for its base functionality to work (Guest Wifi, U-Verse TV, Internet Phone).
-
@ttmcmurry said in Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5:
IPv6 Default Gateway: fe80::xxxx:xxxx:xxxx:xxxx
No need to hide a link local address, as it's unreachable from beyond the local link.
-
Habit from work. :) Policy is always obscure IP Addresses.
-
@ttmcmurry Yeah when I log into my RG the only thing I see is this:
So nothing shows up under the ipv6 delegated prefix subnet. And I checked the other settings, and rebooted the RG.I spoke on chat with AT&T which I feel that their knowledge of ipv6 is probably even less than mine, not that its their fault, i'm sure its just not many people really deal with it that much. But they stated, and their manager stated that i'm only allocated a /64, and if I wanted more I needed to pay $15 dollars a month for static ip's to get a larger allocation. which seems a little crazy, but I guess i'm kinda stuck unless I go the RG bypass route and set pfsense as the primary connection to actually see what i'm getting from the AT&T side. Again thanks for the help, just not sure why ipv6 is completely down for me now after updating to 2.5.0 because before I could at least get 1 ipv6 network running with tracking the wan interface, but now I get nothing. I'll keep plugging away on my end until I figure out something.
-
@ttmcmurry Ok so, I made a little bit of progress, there is something definitely different with pfsense. So I disabled everything IPv6 within pfsense, and ssh'd into the box and killed all dhcp6c processes, I then proceeded to manually run the dhcp6c client on my WAN interface with the following command:
/usr/local/sbin/dhcp6c -D -c /usr/local/etc/rc.d/att-rg-dhcpv6-pd.conf igb0when I did that, amazingly I was able to pull ipv6 addresses on all my interfaces as was originally expected. However, now that I have everything turned off, the DHCP6 servers and RA's aren't on, but still, a little bit of progress.
Any thoughts of where to look next, i'm just poking around in the dark at this point.
Thanks Again!
-
@ttmcmurry Is it possible that through the chains of scripts being ran since we call this script within yours:
/var/etc/dhcp6c_wan_dhcp6withoutra_script.shthen that script calls:
/var/etc/rtsold_igb0_script.shwhich should be starting dhcp6c client. along with setting a few other things, but after tinkering around, i've fond that I start to see this in the logs:
XID mismatchWhich makes me wonder, is it somehow calling dhcp6c client to run multiple times? Because if I comment out the dhcp6c_wan_dhcp6withoutra_script.sh from your script dhcp6c still starts and assigns addresses.
-
So idk how much this will help you @ttmcmurry but on my pfsense 2.5 Installation this script worked without any changes at all.
-
@lilchancep Which script is that you used for 2.5? I've seen a few different posts of scripts and am a bit unsure of which to use now. Thanks
-
@mitsurugi78 Here is all the steps taken from this thread and cleaned up.
https://github.com/lilchancep/att-pfsense-ipv6
-
@lilchancep thanks greatly appreciated!
-
-
@ttmcmurry thank you so much for your work on this! One of my biggest irritations with AT&T was the inability to pull more than one /64, while on Spectrum I can get a /56 PD with no issues at all. I have this working on 2.5 -- I had some issues at first and then discovered it was because things do not behave well with IPv6 enabled on multiple WAN interfaces at the same time (I still have the Spectrum modem connected until service cancels out at the end of the month).
I am on VDSL and therefore am unable to attempt bypassing the gateway.
-
@ttmcmurry I've got a Humax BGW320-500 with my symmetric 1G service from AT&T and its NAT State Table size is 8192. Here are my RG details, copied from the device status page:
Manufacturer: HUMAX
Model Number: BGW320-500
Software Version: 2.14.4
Hardware Version: 02001F0046005 -
I have attempted to do this on "21.05.2-RELEASE" to no avail; the script simply doesnt seem to work anymore.
this is the error i get:
Dec 2 20:40:00 Scimitar dhcp6c[58269]: /var/etc/dhcp6c_wan.conf 20: syntax error Dec 2 20:40:00 Scimitar dhcp6c[58269]: /var/etc/dhcp6c_wan.conf 20: fatal parse failure: exiting (1 errors) Dec 2 20:40:00 Scimitar dhcp6c[58269]: failed to parse configuration file Dec 2 20:40:00 Scimitar rtsold[58345]: Starting dhcp6 client for interface wan(igb0) Dec 2 20:40:01 Scimitar reboot[98400]: rebooted by root Dec 2 20:40:01 Scimitar syslogd: exiting on signal 15 -
my config is as such:
interface igb0 { send ia-na 0; send ia-pd 0; send ia-pd 1; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { }; id-assoc pd 0 { prefix-interface ix0 { sla-id 0; sla-len 0; }; }; id-assoc pd 1 { prefix-interface ix1 { sla-id 0; sla-len 0; }; }; -
I wanted to chime in and thank you for all your info on this thread.
I followed your guide via the GitHub adaptation and it worked no problem on 2.5.2-RELEASE (amd64) and the AT&T BGW320 modem/gateway.
interface em0 { send ia-na 0; send ia-pd 0; send ia-pd 1; send ia-pd 2; send ia-pd 3; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { }; id-assoc pd 0 { prefix-interface igb0 { sla-id 0; sla-len 0; }; }; id-assoc pd 1 { prefix-interface igb0.11 { sla-id 0; sla-len 0; }; }; id-assoc pd 2 { prefix-interface igb0.12 { sla-id 0; sla-len 0; }; }; id-assoc pd 3 { };Thanks & Happy New Year!
-
@dmac1418 lucky you; i gave up on making it work on the SG-5100
-
Hello!
I'm running pfsense 2.6.0-release, and am trying to get ipv6 to work with multiple VLANs.
I've been able to implement all steps except step 7, enabling the DHCPv6 server and testing. When I go to dhcpv6 server & ra, dhcpv6 server, enable, save it kicks back "A valid range must be specified for any mode except Stateless DHCP."
I put in a range of :: to ::ffff:ffff:ffff:ffff, and that made it happy. Might want to update the... github.
Note that I was able to retireve an ipv6 address without this. I assume this is because SLAAC is being passed through to the residential gateway, and it's assigning the IPv6 address instead?
Thanks for all the hard work documenting this! I certainly wasn't going to figure this all out on my own!
-
@styxl i finally got mine to work, my config was wrong;
interface igb0 { send ia-na 0; send ia-pd 0; send ia-pd 1; send ia-pd 2; send ia-pd 3; send ia-pd 4; send ia-pd 5; send ia-pd 6; request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; }; id-assoc na 0 { }; id-assoc pd 0 { prefix-interface ix0 { sla-id 0; sla-len 0; }; }; id-assoc pd 1 { prefix-interface ix1.101 { sla-id 0; sla-len 0; }; }; id-assoc pd 2 { }; id-assoc pd 3 { }; id-assoc pd 4 { }; id-assoc pd 5 { }; id-assoc pd 6 { }; id-assoc pd 7 { }; -
@thekorn Updated the repo, let me know if you have anything else you think I should add.
