[SOLVED] LAN IPv6 Clients not getting pfSense LAN IPv6 tracked IP for DNSForward



  • I have DNSForward configured on my pfSense 2.3.3RELEASE-p1 firewall, however my IPv6 capable clients will never get the LAN's tracked IPv6 address as a DNS server.  I have tried Unmanaged -RA Flags and Stateless DHCP in the DHCPv6 & RA settings (no I do not have DHCPv6 enabled in pfSense).  I am obviously missing something, but cannot figure out what.
    ![LAN Interface.png](/public/imported_attachments/1/LAN Interface.png)
    ![LAN Interface.png_thumb](/public/imported_attachments/1/LAN Interface.png_thumb)
    ![DHCPV6_RA Config.png](/public/imported_attachments/1/DHCPV6_RA Config.png)
    ![DHCPV6_RA Config.png_thumb](/public/imported_attachments/1/DHCPV6_RA Config.png_thumb)



  • What exactly are you trying to do? It's not clear why you don't have dhcpv6 enabled. I use dhcpv6 with assisted mode and it works as it should, supporting leases or slaac.



  • Because you need to specify a prefix range in order to configure DHCPv6, and I do not know if the IPv6 prefix my ISP (COX) would ever change it if I rebooted my cable modem, or on a reset.  All I want is pfSense to help advertise DNS services for IPv6, which is the only step that fails when I use test-ipv6.com to validate my IPv6 configuration.



  • Fill out addressnumbers on the page on System > GeneralSetup > DNS Server Settings.
    And for Forwarder: allow -all- interfaces (but your WAN is default blocked ofcourse) to listen, (incl. Link-Local's IPv6 & localhost).



  • @ChrisLynch:

    Because you need to specify a prefix range in order to configure DHCPv6, and I do not know if the IPv6 prefix my ISP (COX) would ever change it if I rebooted my cable modem, or on a reset.  All I want is pfSense to help advertise DNS services for IPv6, which is the only step that fails when I use test-ipv6.com to validate my IPv6 configuration.

    The dhcpv6 range for the lan does not change if the prefix changes. Set your pfsense lan to track the wan interface based on the prefix that your isp edge router provides. Others have reported that it's possible to get working.



  • Thanks for the feedback here.  Configuring DHCPv6 in pfSense was a bit confusing to me.  I didn't quite understand the Prefix Delegation Range, and why I would need to set that for a home network (I just took the prefix from the LAN int, and appended /64 with it.  Once I did that, I added my firewall's tracked IPv6 IP, and my internal DNS server's Link Local address to DNS1 and DNS2.  Then my clients started getting their DHCPv6 lease, including DNS.  I had to add "do-ipv6: yes" to the custom settings for DNS Resolver on the firewall, and now 10/10 tests pass with test-ipv6.com.



  • Not sure what you're referring to wrt "prefix delegation range". Is it the field LAN / IPV6 Prefix ID? That field is a maximum of 8 bits (0x00 to 0xff). It is used to pad the delegated prefix to /64 and select which of the up to 256 subnets that you want to use in the LAN. 256 only applies if the delegated prefix is a /56. If it's larger (numerically), then the range would be less than 256. If the prefix is smaller (numerically), then presumably pfsense pads the remaining bits with 0. My ISP only offers one prefix size, /56, so I haven't tried any other configurations.



  • pfSense DHCPv6 requires the Prefix Delegation Range to be set, which is completely different from what I know about DHCPv6 in other systems (say Windows Server 2012R2 or 2016 DHCPv6 services).  See the attached screenshot.  Where in pfSense do I see what prefix delegation has been assigned to my from my IPv6 Tracked LAN interface?  My provider is COX and they are less then helpful in obtaining this information.

    [Edit]
    After reading up on Prefix Delegation, I have no intention of internal routing with IPv6 subnets.  So I'm confused as to why a Prefix Delegation in DHCPv6 is required.
    [/Edit]

    ![DHCPv6 Settings.png](/public/imported_attachments/1/DHCPv6 Settings.png)
    ![DHCPv6 Settings.png_thumb](/public/imported_attachments/1/DHCPv6 Settings.png_thumb)



  • Range start from 0001, not 0.
    No need for data in "prefix delegation range", unless You want to delegate.



  • Hmm….  When I attempted to specify the range, pfSense kept error out saying that the Delegated Prefix Range was invalid, even when I was not specifying a value.  It could have been that I was using the wrong DHCPv6 range From and To values.  Either way, after your suggestion, I was able to remove the delegated prefix range value.



  • @ChrisLynch:

    pfSense DHCPv6 requires the Prefix Delegation Range to be set, which is completely different from what I know about DHCPv6 in other systems (say Windows Server 2012R2 or 2016 DHCPv6 services).  See the attached screenshot.  Where in pfSense do I see what prefix delegation has been assigned to my from my IPv6 Tracked LAN interface?  My provider is COX and they are less then helpful in obtaining this information.

    [Edit]
    After reading up on Prefix Delegation, I have no intention of internal routing with IPv6 subnets.  So I'm confused as to why a Prefix Delegation in DHCPv6 is required.
    [/Edit]

    Sorry, I didn't realize that's what you were asking about. If you're using pfsense as the router for your lan, you don't need to set the prefix delegation. Leave it blank.

    Please post your wan, lan and dhcp configurations.



  • My original issue is resolved.  But if you really wanted to know:

    WAN: DHCPv4 and DHCPv6 client
    LAN: Static IPv4, Tracking WAN IPv6

    You've seen the DHCPv6 configuration in the screenshots above (I changed the From to :0001).