ipv6 prefix delegation to second pfsense



  • Hi,
    ipv6 really does seem to be more challenging than ipv4. I'm sorry to have to ask for help again but I'm stuck and I'm either misunderstanding the other posts I've read (probably) or the other posts aren't touching on the problem I am having. I really appreciate any help you can give. The problem I am having is my second pfsense isn't getting an address; just a link local.

    I have 2 pfsense devices; one that connects to my ISP (lets call it edge-pf) and another that provides my internal networks (lets call it internal-pf). With some very generous help from this forum I configured edge-pf to get a static /56 delegation from my ISP. edge-pf has it's LAN configured to track the WAN and gets prefix ID 0. It's address looks like this, 2001:F234:5678:C900::1

    edge-pf LAN physically connects to the internal-pf WAN.

    internal-pf WAN is configured like this:
    General Configuration, IPv6 Configuration Type = DHCP6
    DHCP6 Client Configuration, Prefix Delegation Size = 64
    DHCP6 Client Configuration, Send IPv6 prefix hint = enabled
    DHCP6 Client Configuration, Debug = enabled
    DHCP6 Client Configuration (everything else) = disabled

    edge-pf has router advertisements enabled in Managed mode with a high priority on LAN; with all the other settings left empty. the DHCPv6 server is configured like this:
    subnet = prefix delegation
    subnet mask = :: to ::ffff:ffff:ffff:ffff
    range = ::0000 to ::00FF
    prefix delegation range = 2001:F234:5678:C901:: to 2001:F234:5678:C9FF::
    prefix delegation size = 64
    all other settings are empty

    I'm trying to tell edge-pf to delegate 255 /64 subnets (C901 to C90FF). I'm not sure if this is the correct way to do break up a /56 delegation for a 2nd router to administer. However I'm not even getting to step 1; internal-pf isn't getting an address assignment from edge-pf. I was expecting internal-pf to get an address something like this, 2001:F234:5678:C900::2 Instead it gets a link local address.

    Any help/advice/guidance would be great.

    btw. I have temporarily created firewall rules to enable all traffic on the edge-pf LAN and internal-pf WAN interfaces. So I'm hoping there isn't anything hidden that would disrupt the traffic between the devices.


  • LAYER 8 Netgate

    This is what I do to assign an interface address and a /56 prefix delegation to downstream lab routers:

    Screen Shot 2019-04-25 at 12.51.15 AM.png

    This is covered here:

    https://docs.netgate.com/pfsense/en/latest/book/services/ipv6-dhcp-server-and-router-advertisements.html



  • Thanks @Derelict I think I have it working now. I had a couple of problems with the way I was trying to do it.

    I ended up having edge-pf delegate /60 subnets so that internal-pf could use /64 subnets on its lans. The biggest catch, that had me scratching my head for ages, is the dhcpd service seems to need to be restarted; or a reboot. I'm not exactly sure which situation requires which but just saving a new configuration or restarting an interface isn't enough.

    After I have all this working I'll post my config to help the next novice like me.


Log in to reply