IPv6 PPPoE Telmex Wan Interface receives private address

  • pfSense version 2.4.4-release-p3, running as 1-armed-bandit.

    My ISP is providing FC00:: addresses for the PPPoE connection and routeable address via DHCP6-PD. All the host on the internal network can access IPv6 hosts correctly via the delegated addresses and the RA.

    The processes in the pfSense machine attempt to use the FC00:: address as their bind-to/from/source address, this doesn't work so well in the wild ;) I can manually delete the FC00:: address from the interface as the routing is using the FE80:: address for the upstream gateway - then things work correctly on the firewall. This also happens on a linux box I tested the PPPoE service.

    If I delete the address or set it to deprecated, the kernel level address selection process selects the -PD address which functions correctly. Is there a way to configure pfSense to deprecate or remove the address automatically?

    I tried blocking them with a firewall rule, but it doesn't appear to have any effect.

  • Answering my own question:

    This post:
    has a suggestion to edit /etc/inc/interface.inc and add a minus ( - ) in front of the accept_rtadv for the WAN interface. This fixed the FC00:: problem. Had to uncheck the "Wait for RA" option in the DHCP6-PD section.

    Telmex also requires the DHCP6-PD queries to happen over IPv4.

    A side note: Telmex IPv6 uses a smaller MTU to stay stable. I used 1412 thought 1467 may work as well. Discovered this when ping -6 worked but TLS would have broken/missing packets in Wireshark.

Log in to reply