IPv6 WAN configuration for static IP address range but gateway from RA message?
-
@jknott But in this case the ISP would need a mechanism to discover the correct link-local address to route the /48 to. There is no defined method for doing that.
-
That would depend on the connection method. With DHCPv6-DP, that's part of the process. There was also another thread recently, where the ISP assigned a link local address to be used.
-
@jknott This particular user does not have DHCP6. Nor have they stated that they were assigned anything specific to use on WAN.
-
Part of the problem is we have no idea what that ISP is doing (and maybe they don't either).
-
There's been a lot of small events here, but something happened that was so confounding as to make me think it was worth asking here.
Our ISP has set up a DHCPv6 server now, and when they attach a virtual machine running pfSense to the same subnet as us, everything works fine for them. But when we try to use DCHPv6 from our pfSense, it doesn't. Turning on client logging in both places, their log sees an RA message and ours doesn't.
Here's their log:
Mar 24 15:03:03 dhcp6c 46241 Sending Solicit
Mar 24 15:03:03 dhcp6c 46241 set client ID (len 14)
Mar 24 15:03:03 dhcp6c 46241 set identity association
Mar 24 15:03:03 dhcp6c 46241 set elapsed time (len 2)
Mar 24 15:03:03 dhcp6c 46241 set option request (len 4)
Mar 24 15:03:03 dhcp6c 46241 send solicit to ff02::1:2%vtnet0
Mar 24 15:03:03 dhcp6c 46241 reset a timer on vtnet0, state=SOLICIT, timeo=15, retrans=118860
Mar 24 15:03:03 dhcp6c 46241 receive advertise from fe80::xxxx:xxxx:xxxx:2e00%vtnet0 on vtnet0
Mar 24 15:03:03 dhcp6c 46241 get DHCP option identity association, len 60
Mar 24 15:03:03 dhcp6c 46241 IA_NA: ID=0, T1=0, T2=0
Mar 24 15:03:03 dhcp6c 46241 get DHCP option status code, len 44
Mar 24 15:03:03 dhcp6c 46241 status code: no addresses
Mar 24 15:03:03 dhcp6c 46241 get DHCP option client ID, len 14
Mar 24 15:03:03 dhcp6c 46241 DUID: 00:01:00:01:27:ed:xx:xx:xx:xx:xx:xx:xx:xx
Mar 24 15:03:03 dhcp6c 46241 get DHCP option server ID, len 14
Mar 24 15:03:03 dhcp6c 46241 DUID: 00:01:00:01:26:ad:xx:xx:xx:xx:xx:xx:xx:xx
Mar 24 15:03:03 dhcp6c 46241 get DHCP option DNS, len 32
Mar 24 15:03:03 dhcp6c 46241 get DHCP option domain search list, len 19
Mar 24 15:03:03 dhcp6c 46241 server ID: 00:01:00:01:26:ad:xx:xx:xx:xx:xx:xx:xx:xx, pref=-1
Mar 24 15:03:03 dhcp6c 46241 advertise contains no address/prefixAnd here's ours:
Mar 24 16:24:49 dhcp6c 68621 Sending Solicit
Mar 24 16:24:49 dhcp6c 68621 a new XID (561ccc) is generated
Mar 24 16:24:49 dhcp6c 68621 set client ID (len 14)
Mar 24 16:24:49 dhcp6c 68621 set elapsed time (len 2)
Mar 24 16:24:49 dhcp6c 68621 send solicit to ff02::1:2%igb0
Mar 24 16:24:49 dhcp6c 68621 reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1006
Mar 24 16:24:50 dhcp6c 68621 Sending Solicit
Mar 24 16:24:50 dhcp6c 68621 set client ID (len 14)
Mar 24 16:24:50 dhcp6c 68621 set elapsed time (len 2)
Mar 24 16:24:50 dhcp6c 68621 send solicit to ff02::1:2%igb0
Mar 24 16:24:50 dhcp6c 68621 reset a timer on igb0, state=SOLICIT, timeo=1, retrans=2004
Mar 24 16:24:52 dhcp6c 68621 Sending SolicitBut here's the really strange thing. Doing a packet capture on our pfSense (only ICMPv6, only on the WAN interface), we see that a router advertisement message is being sent, the same type as warrants a "receive advertise" line in their log. Adding a firewall rule to WAN which allows all ICMPv6 and logs it does not result in any logs nor any built-up state.
Are there any good leads as to what could cause this?
-
@jespertreetop Where do you see RAs there?
RAs really have nothing to do with DHCP6. Unlike IPv4 the addressing from DHCP6 and acquiring the router/gateway settings are two distinct processes.
-
@derelict Of course, it was one of the DHCPv6 messages. That makes a lot of sense. (I thought this was RA-related since as discussed before, the DHCPv6 mode is the only way aside from SLAAC to make pfSense pick the gateway from the RA message.) So we're back to not receiving the DHCPv6 messages at all. I added similar rules for DHCPv6 messages, and we just don't see them at all. But that's not an issue for this thread.