Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] LAN IPv6 Clients not getting pfSense LAN IPv6 tracked IP for DNSForward

    Scheduled Pinned Locked Moved IPv6
    12 Posts 3 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ChrisLynchC Offline
      ChrisLynch
      last edited by

      I have DNSForward configured on my pfSense 2.3.3RELEASE-p1 firewall, however my IPv6 capable clients will never get the LAN's tracked IPv6 address as a DNS server.  I have tried Unmanaged -RA Flags and Stateless DHCP in the DHCPv6 & RA settings (no I do not have DHCPv6 enabled in pfSense).  I am obviously missing something, but cannot figure out what.
      ![LAN Interface.png](/public/imported_attachments/1/LAN Interface.png)
      ![LAN Interface.png_thumb](/public/imported_attachments/1/LAN Interface.png_thumb)
      ![DHCPV6_RA Config.png](/public/imported_attachments/1/DHCPV6_RA Config.png)
      ![DHCPV6_RA Config.png_thumb](/public/imported_attachments/1/DHCPV6_RA Config.png_thumb)

      1 Reply Last reply Reply Quote 0
      • B Offline
        bimmerdriver
        last edited by

        What exactly are you trying to do? It's not clear why you don't have dhcpv6 enabled. I use dhcpv6 with assisted mode and it works as it should, supporting leases or slaac.

        1 Reply Last reply Reply Quote 0
        • ChrisLynchC Offline
          ChrisLynch
          last edited by

          Because you need to specify a prefix range in order to configure DHCPv6, and I do not know if the IPv6 prefix my ISP (COX) would ever change it if I rebooted my cable modem, or on a reset.  All I want is pfSense to help advertise DNS services for IPv6, which is the only step that fails when I use test-ipv6.com to validate my IPv6 configuration.

          1 Reply Last reply Reply Quote 0
          • H Offline
            hda
            last edited by

            Fill out addressnumbers on the page on System > GeneralSetup > DNS Server Settings.
            And for Forwarder: allow -all- interfaces (but your WAN is default blocked ofcourse) to listen, (incl. Link-Local's IPv6 & localhost).

            1 Reply Last reply Reply Quote 0
            • B Offline
              bimmerdriver
              last edited by

              @ChrisLynch:

              Because you need to specify a prefix range in order to configure DHCPv6, and I do not know if the IPv6 prefix my ISP (COX) would ever change it if I rebooted my cable modem, or on a reset.  All I want is pfSense to help advertise DNS services for IPv6, which is the only step that fails when I use test-ipv6.com to validate my IPv6 configuration.

              The dhcpv6 range for the lan does not change if the prefix changes. Set your pfsense lan to track the wan interface based on the prefix that your isp edge router provides. Others have reported that it's possible to get working.

              1 Reply Last reply Reply Quote 0
              • ChrisLynchC Offline
                ChrisLynch
                last edited by

                Thanks for the feedback here.  Configuring DHCPv6 in pfSense was a bit confusing to me.  I didn't quite understand the Prefix Delegation Range, and why I would need to set that for a home network (I just took the prefix from the LAN int, and appended /64 with it.  Once I did that, I added my firewall's tracked IPv6 IP, and my internal DNS server's Link Local address to DNS1 and DNS2.  Then my clients started getting their DHCPv6 lease, including DNS.  I had to add "do-ipv6: yes" to the custom settings for DNS Resolver on the firewall, and now 10/10 tests pass with test-ipv6.com.

                1 Reply Last reply Reply Quote 0
                • B Offline
                  bimmerdriver
                  last edited by

                  Not sure what you're referring to wrt "prefix delegation range". Is it the field LAN / IPV6 Prefix ID? That field is a maximum of 8 bits (0x00 to 0xff). It is used to pad the delegated prefix to /64 and select which of the up to 256 subnets that you want to use in the LAN. 256 only applies if the delegated prefix is a /56. If it's larger (numerically), then the range would be less than 256. If the prefix is smaller (numerically), then presumably pfsense pads the remaining bits with 0. My ISP only offers one prefix size, /56, so I haven't tried any other configurations.

                  1 Reply Last reply Reply Quote 0
                  • ChrisLynchC Offline
                    ChrisLynch
                    last edited by

                    pfSense DHCPv6 requires the Prefix Delegation Range to be set, which is completely different from what I know about DHCPv6 in other systems (say Windows Server 2012R2 or 2016 DHCPv6 services).  See the attached screenshot.  Where in pfSense do I see what prefix delegation has been assigned to my from my IPv6 Tracked LAN interface?  My provider is COX and they are less then helpful in obtaining this information.

                    [Edit]
                    After reading up on Prefix Delegation, I have no intention of internal routing with IPv6 subnets.  So I'm confused as to why a Prefix Delegation in DHCPv6 is required.
                    [/Edit]

                    ![DHCPv6 Settings.png](/public/imported_attachments/1/DHCPv6 Settings.png)
                    ![DHCPv6 Settings.png_thumb](/public/imported_attachments/1/DHCPv6 Settings.png_thumb)

                    1 Reply Last reply Reply Quote 0
                    • H Offline
                      hda
                      last edited by

                      Range start from 0001, not 0.
                      No need for data in "prefix delegation range", unless You want to delegate.

                      1 Reply Last reply Reply Quote 0
                      • ChrisLynchC Offline
                        ChrisLynch
                        last edited by

                        Hmm….  When I attempted to specify the range, pfSense kept error out saying that the Delegated Prefix Range was invalid, even when I was not specifying a value.  It could have been that I was using the wrong DHCPv6 range From and To values.  Either way, after your suggestion, I was able to remove the delegated prefix range value.

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          bimmerdriver
                          last edited by

                          @ChrisLynch:

                          pfSense DHCPv6 requires the Prefix Delegation Range to be set, which is completely different from what I know about DHCPv6 in other systems (say Windows Server 2012R2 or 2016 DHCPv6 services).  See the attached screenshot.  Where in pfSense do I see what prefix delegation has been assigned to my from my IPv6 Tracked LAN interface?  My provider is COX and they are less then helpful in obtaining this information.

                          [Edit]
                          After reading up on Prefix Delegation, I have no intention of internal routing with IPv6 subnets.  So I'm confused as to why a Prefix Delegation in DHCPv6 is required.
                          [/Edit]

                          Sorry, I didn't realize that's what you were asking about. If you're using pfsense as the router for your lan, you don't need to set the prefix delegation. Leave it blank.

                          Please post your wan, lan and dhcp configurations.

                          1 Reply Last reply Reply Quote 0
                          • ChrisLynchC Offline
                            ChrisLynch
                            last edited by

                            My original issue is resolved.  But if you really wanted to know:

                            WAN: DHCPv4 and DHCPv6 client
                            LAN: Static IPv4, Tracking WAN IPv6

                            You've seen the DHCPv6 configuration in the screenshots above (I changed the From to :0001).

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.