Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5

cbennett2010

So, I updated to 2.5.0 and attempted to implement this hoping I could get ipv6 running on my individual internal vlans. That being said, I setup the script as above and it looks something like this:

interface igb0 {
	send ia-na 0;
	send ia-pd 0;
	send ia-pd 1;
	send ia-pd 2;
	request domain-name-servers;
	request domain-name;
	script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc na 0 { };
id-assoc pd 0 {
	prefix-interface igb1.100 {
		sla-id 0;
		sla-len 0;
	};
};
id-assoc pd 1 {
	prefix-interface igb1.110 {
		sla-id 0;
		sla-len 0;
	};
};
id-assoc pd 2 { 
	prefix-interface igb1.200 {
		sla-id 0;
		sla-len 0;
	};
};

However, I WAN is the only interface to pull a ipv6 address, and I am seeing this in the logs:

dhcp6c[64417]: unexpected interface (1)

been having some trouble with ipv6 after updating to 2.5.0 but you're script has given me a little bit of progress. Any help would be appreciated, and if you need more details please let me know and I'll update as soon as possible.

deet

@cbennett2010 if you go to Status > interfaces, do the interface names all exist and match?

cbennett2010

@deet Yes they match. here's whats shown under status below:

ttmcmurry

@cbennett2010

In your example, WAN interface igb0 is calling
script "/var/etc/dhcp6c_wan_script.sh";

Have you tried using the code from the first post instead?
script "var/etc/dhcp6c_wan_dhcp6withoutra_script.sh";

I recently moved to 2.5 and I opted to not have my WAN interface request domain-name and domain-name servers in my ipv6 script. That said, I specify these values elsewhere.

My current config is listed below. Maybe that will help. Also, dhcpd is sensitive to syntax, tabs, etc. I'll also post a screenshot from notepad++ with all characters displayed, perhaps that will help.

interface hn0 {
	send ia-na 0;
	send ia-pd 0;
	send ia-pd 1;
	send ia-pd 2;
	script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh";
};
id-assoc na 0 { };
id-assoc pd 0 {
	prefix-interface hn1.50 {
		sla-id 0;
		sla-len 0;
	};
};
id-assoc pd 1 {
	prefix-interface hn1.40 {
		sla-id 0;
		sla-len 0;
	};
};
id-assoc pd 2 {
	prefix-interface hn2 {
		sla-id 0;
		sla-len 0;
	};
};

cbennett2010

@ttmcmurry Thank you for the reply while I try to figure this out. So I made the modifications to change the script that is running, and verified the Text Syntax:

but alas still seeing the same error:

Feb 28 16:41:46 dhcp6c[23870]: Sending Solicit
Feb 28 16:41:46 dhcp6c[64417]: unexpected interface (1)

I'm beginning to wonder if AT&T really only did allocate a /64 to me. Because looking at my RG device and seeing what is allocated to it, I see this:

Global Unicast IPv6 Address	****:****:****:7a90::1
Link-local IPv6 Address	fe80::8a96:4eff:fe89:6d70
IPv6 Addressing Subnet (including length)	****:****:****:7a90::/64
IPv6 Delegated Prefix Subnet (including length)

And this is the address that I see on my WAN:

****:****:****:7a90:92e2:baff:fe80:c6f8

So not sure why i'm not seeing a Delegated Prefix Subnet on my AT&T RG.

Thanks for all the help so far!

ttmcmurry

@cbennett2010

On your AT&T RG, what does it say for your WAN connection (Settings -> Broadband -> Status)?

On mine, I have IPv6 Internet Connection with the following data:

IPv6 Internet Address: 2001:506:xxxx:xxxx::1
IPv6 Default Gateway: fe80::xxxx:xxxx:xxxx:xxxx
IPv6 Delegated Prefix: 2600:1700:xxxx:xxxx::/60

Also under Settings -> LAN -> Status, there is IPv6 Status:

LAN Status: Up
Link Local Address: fe80:xxxx:xxxx:xxxx:xxxx
Delegated Address: 2600:1700:xxxx:xxxx::1

Where the delegated address is inside the IPv6 delegated prefix range in the section above.

Check DHCP (Settings -> LAN -> DHCP) under DHCP6 Configuration:

Prefix Delegation: Enabled (checkmark)
Address Assignment: Enabled (checkmark)

Lastly ensure IPv6 is enabled in the LAN (Settings -> LAN -> IPv6):

IPv6 LAN Enabled: Enable (checkmark)

... the important takeaways are the broadband status page shows the IPv6 Delegated prefix is both present and has a /60 at the end. If the RG is set up correctly as above or if you've made changes to these settings, try a reboot. If it still doesn't get a /60 you may need to talk to AT&T and ask why that is the case.

As far as I'm aware, all AT&T RGs get a /60 and the device itself needs and reserves multiple /64s from the /60 just for its base functionality to work (Guest Wifi, U-Verse TV, Internet Phone).

JKnott

@ttmcmurry said in Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5:

IPv6 Default Gateway: fe80::xxxx:xxxx:xxxx:xxxx

No need to hide a link local address, as it's unreachable from beyond the local link.

ttmcmurry

@jknott

Habit from work. :) Policy is always obscure IP Addresses.

cbennett2010

@ttmcmurry Yeah when I log into my RG the only thing I see is this:

So nothing shows up under the ipv6 delegated prefix subnet. And I checked the other settings, and rebooted the RG.

I spoke on chat with AT&T which I feel that their knowledge of ipv6 is probably even less than mine, not that its their fault, i'm sure its just not many people really deal with it that much. But they stated, and their manager stated that i'm only allocated a /64, and if I wanted more I needed to pay $15 dollars a month for static ip's to get a larger allocation. which seems a little crazy, but I guess i'm kinda stuck unless I go the RG bypass route and set pfsense as the primary connection to actually see what i'm getting from the AT&T side. Again thanks for the help, just not sure why ipv6 is completely down for me now after updating to 2.5.0 because before I could at least get 1 ipv6 network running with tracking the wan interface, but now I get nothing. I'll keep plugging away on my end until I figure out something.

cbennett2010

@ttmcmurry Ok so, I made a little bit of progress, there is something definitely different with pfsense. So I disabled everything IPv6 within pfsense, and ssh'd into the box and killed all dhcp6c processes, I then proceeded to manually run the dhcp6c client on my WAN interface with the following command:

/usr/local/sbin/dhcp6c -D -c /usr/local/etc/rc.d/att-rg-dhcpv6-pd.conf  igb0

when I did that, amazingly I was able to pull ipv6 addresses on all my interfaces as was originally expected. However, now that I have everything turned off, the DHCP6 servers and RA's aren't on, but still, a little bit of progress.

Any thoughts of where to look next, i'm just poking around in the dark at this point.

Thanks Again!

cbennett2010

@ttmcmurry Is it possible that through the chains of scripts being ran since we call this script within yours:

/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh

then that script calls:

/var/etc/rtsold_igb0_script.sh

which should be starting dhcp6c client. along with setting a few other things, but after tinkering around, i've fond that I start to see this in the logs:

XID mismatch

Which makes me wonder, is it somehow calling dhcp6c client to run multiple times? Because if I comment out the dhcp6c_wan_dhcp6withoutra_script.sh from your script dhcp6c still starts and assigns addresses.

lilchancep

So idk how much this will help you @ttmcmurry but on my pfsense 2.5 Installation this script worked without any changes at all.

mitsurugi78

@lilchancep Which script is that you used for 2.5? I've seen a few different posts of scripts and am a bit unsure of which to use now. Thanks

lilchancep

@mitsurugi78 Here is all the steps taken from this thread and cleaned up.

https://github.com/lilchancep/att-pfsense-ipv6

mitsurugi78

@lilchancep thanks greatly appreciated!

ttmcmurry

@mitsurugi78

I think we're also highlighting some bugs - see redmine #11187 and #11454

@lilchancep

It might be time to start a 2.5 thread. :)

slab_bulkhead

@ttmcmurry thank you so much for your work on this! One of my biggest irritations with AT&T was the inability to pull more than one /64, while on Spectrum I can get a /56 PD with no issues at all. I have this working on 2.5 -- I had some issues at first and then discovered it was because things do not behave well with IPv6 enabled on multiple WAN interfaces at the same time (I still have the Spectrum modem connected until service cancels out at the end of the month).

I am on VDSL and therefore am unable to attempt bypassing the gateway.

djdawson

@ttmcmurry I've got a Humax BGW320-500 with my symmetric 1G service from AT&T and its NAT State Table size is 8192. Here are my RG details, copied from the device status page:

Manufacturer: HUMAX
Model Number: BGW320-500
Software Version: 2.14.4
Hardware Version: 02001F0046005

styxl

I have attempted to do this on "21.05.2-RELEASE" to no avail; the script simply doesnt seem to work anymore.

this is the error i get:

Dec  2 20:40:00 Scimitar dhcp6c[58269]: /var/etc/dhcp6c_wan.conf 20: syntax error
Dec  2 20:40:00 Scimitar dhcp6c[58269]: /var/etc/dhcp6c_wan.conf 20: fatal parse failure: exiting (1 errors)
Dec  2 20:40:00 Scimitar dhcp6c[58269]: failed to parse configuration file
Dec  2 20:40:00 Scimitar rtsold[58345]: Starting dhcp6 client for interface wan(igb0)
Dec  2 20:40:01 Scimitar reboot[98400]: rebooted by root
Dec  2 20:40:01 Scimitar syslogd: exiting on signal 15

styxl

my config is as such:

interface igb0 {
	send ia-na 0;
	send ia-pd 0;
	send ia-pd 1;
	request domain-name-servers;
	request domain-name;
	script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc na 0 { };
id-assoc pd 0 {
	prefix-interface ix0 {
		sla-id 0;
		sla-len 0;
	};
};
id-assoc pd 1 { 
	prefix-interface ix1 {
		sla-id 0;
		sla-len 0;
	};
};