Static IPv6rd but no joy with DHCPv6 RA
-
Problem
pfSense 2.4.5-RELEASE-p1 is configured with a static IPv4 and IPv6rd address via PPPoE. IPv6 clients on interfaces are pulling public routable IPv6 SLAAC addresses but ignore my DHCPv6 server. What have I overlooked? How can I conduct a client side test to force it to attempt to pull from my pfSense DHCPv6 server?
Relevant pfSense Settings:
/Interfaces/WAN:
- "IPv4 Configuration type" --> PPPoE
- "IPv6 Configuration Type" --> 6rd Tunnel
- "6RD PRefix" --> 2602::/24
- "6RD Border Relay" --> 205.171.2.64
- "6RD IPv4 Prefix Length" --> 0
/Interfaces/LAN:
- "IPv6 Configuration Type" --> Track Interface
- "IPv6 Interface" --> WAN
- "IPv6 Prefix ID" -> 5
/Services/DHCPv6 Server & RA/LAN/DHCPv6 Server
- "Enable DHCPV6 server on interface LAN" --> True
- Range --> [ ::5:5:dd:0 to ::5:5:dd:ffff ]
/Services/DHCPv6 Server & RA/LAN/Router Advertisements
- "Router Mode" --> Assisted
- "Router Priority" --> Normal
Observations
Assume my WAN's static IPv6rd is 2602:d8:aaaa:e300:: and the LAN's routable IPv6 address is 2602:d8:aaaa:e305::1.
I'm expecting DHCPv6 capable clients of being randomly assigned by the LAN's DHCPv6 server a routable IPv6 from the range:
- start: 2602:d8:aaaa:e305:5:5:dd:0001
- end : 2602:d8:aaaa:e305:5:5:dd:ffff.
But all of the LAN DHCP clients -- iOS, macOS, MSFT Win10, or ubuntu -- are successfully acquiring public routable IPv6 SLAAC assignments from the LAN's 2602:d8:aaaa:e305:: assignment with a 10/10 score from test-ipv6.com. But none of those clients get an assignment from my pfSense LAN DHCPv6 server's range. Indeed, if I manually configure a macOS client's IPv6 address to an entry in from the DHCPv6 range (say 2602:d8:aaaa:e305:5:5:dd:0002), that macOS client scores 10/10 on test-ipv6.com too.
-
@chase said in Static IPv6rd but no joy with DHCPv6 RA:
"Router Mode" --> Assisted
PS. When I set "Router Mode" --> Managed, none of the LAN's DHCPv6 clients obtain a IPv6.
-
I have it set to Assisted and it works fine.
-
With thanks to Netgate tech support, the solution was to turn off my interface's
Block private networks and loopback addresses
. Upon reflection, this does make sense and with it disabled, my DHCPv6 server with RA set to eithermanaged
orassisted
is now responding to DHCPv6 client requests and issuing assignments.And yet, I will submit a feature request such that when the DHCPv6 Server is enabled, an alert should be posted saying "but you need to disable
Block private networks and loopback addresses
on the interface, otherwise the DHCPv6 server will never receive the incoming IPv6 client's request for a local RA server..."