Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 PPPoE Telmex Wan Interface receives private address

    Scheduled Pinned Locked Moved IPv6
    2 Posts 1 Posters 747 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluteze
      last edited by fluteze

      pfSense version 2.4.4-release-p3, running as 1-armed-bandit.

      My ISP is providing FC00:: addresses for the PPPoE connection and routeable address via DHCP6-PD. All the host on the internal network can access IPv6 hosts correctly via the delegated addresses and the RA.

      The processes in the pfSense machine attempt to use the FC00:: address as their bind-to/from/source address, this doesn't work so well in the wild ;) I can manually delete the FC00:: address from the interface as the routing is using the FE80:: address for the upstream gateway - then things work correctly on the firewall. This also happens on a linux box I tested the PPPoE service.

      If I delete the address or set it to deprecated, the kernel level address selection process selects the -PD address which functions correctly. Is there a way to configure pfSense to deprecate or remove the address automatically?

      I tried blocking them with a firewall rule, but it doesn't appear to have any effect.

      1 Reply Last reply Reply Quote 0
      • F
        fluteze
        last edited by

        Answering my own question:

        This post:
        https://forum.netgate.com/topic/112802/disable-accepting-ra-advertisements-on-an-interface
        has a suggestion to edit /etc/inc/interface.inc and add a minus ( - ) in front of the accept_rtadv for the WAN interface. This fixed the FC00:: problem. Had to uncheck the "Wait for RA" option in the DHCP6-PD section.

        Telmex also requires the DHCP6-PD queries to happen over IPv4.

        A side note: Telmex IPv6 uses a smaller MTU to stay stable. I used 1412 thought 1467 may work as well. Discovered this when ping -6 worked but TLS would have broken/missing packets in Wireshark.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.