IPv6 PPPoE Telmex Wan Interface receives private address
-
pfSense version 2.4.4-release-p3, running as 1-armed-bandit.
My ISP is providing FC00:: addresses for the PPPoE connection and routeable address via DHCP6-PD. All the host on the internal network can access IPv6 hosts correctly via the delegated addresses and the RA.
The processes in the pfSense machine attempt to use the FC00:: address as their bind-to/from/source address, this doesn't work so well in the wild ;) I can manually delete the FC00:: address from the interface as the routing is using the FE80:: address for the upstream gateway - then things work correctly on the firewall. This also happens on a linux box I tested the PPPoE service.
If I delete the address or set it to deprecated, the kernel level address selection process selects the -PD address which functions correctly. Is there a way to configure pfSense to deprecate or remove the address automatically?
I tried blocking them with a firewall rule, but it doesn't appear to have any effect.
-
Answering my own question:
This post:
https://forum.netgate.com/topic/112802/disable-accepting-ra-advertisements-on-an-interface
has a suggestion to edit /etc/inc/interface.inc and add a minus ( - ) in front of the accept_rtadv for the WAN interface. This fixed the FC00:: problem. Had to uncheck the "Wait for RA" option in the DHCP6-PD section.Telmex also requires the DHCP6-PD queries to happen over IPv4.
A side note: Telmex IPv6 uses a smaller MTU to stay stable. I used 1412 thought 1467 may work as well. Discovered this when ping -6 worked but TLS would have broken/missing packets in Wireshark.