Change from DHCPv6 to SLAAC on Cox Internet Not Working

areckethennu

I've finally given up and accepted that Android will never implement DHCPv6. So, I'm trying to switch my pfSense setup from that to SLAAC. This is a home network with pfSense being my only router and I'm connecting to the internet via Cox with an SB8200 cable modem. After making what I thought were the proper changes, the IPv6 WAN Gateway remains at Unknown.

Here's what I did. I went to Interfaces > WAN and changed my IPv6 Configuration from DHCPv6 to SLAAC:

EDIT: Never mind the following. I had the wrong address anyway, so I removed it. The gateway is still unknown.

The one thing that bothers me there is the Reject Leases From line. I had that in there to stop my cable modem from somehow managing to pass IPv4 leases in (that being the address of my cable modem). Could that be stopping the interface from coming up?

/EDIT: OK, the rest is still valid.

Next, I went to Services > DHCPv6 Server & RA > LAN > Router Advertisements and changed the Router Mode to Unmanaged:

And, finally, off to Services > DHCPv6 Server & RA > LAN > DHCPv6 Server and disabled the DHCPv6 Server:

I'm wondering about the Range from ::1000 to ::2000 and the Prefix Delegation Size of 48. I don't remember setting those, so I'm assuming they're default and will work.

Is there something else I should have done? Anything obviously wrong with what I have done? I can't find any official information anywhere on what Cox supports for IPv6. But, I have seen one or two posts indicating people have gotten SLAAC working through them.

JKnott

@areckethennu

I think you have things backwards. You have to set the WAN to DHCPv6, not SLAAC. You then set the LAN to track interface etc. You have no need to be on the DHCPv6 server page, you do what you need on the RA page.

areckethennu

@jknott @jknott AFAIK, Android devices do not support DHCPv6. So, Android devices won't get IPv6 addresses from systems using DHCPv6. From what I've read, I need a pure SLAAC system. Which means disabling DHCPv6 and Unmanaged in RA. Is that wrong?

EDIT: I'm going to reset this back to my DHCPv6 setting and think about the WAN/LAN thing. Any device using my DHCP is going to be on the LAN side. So, I've got to ponder your statement some more and experiment with the LAN interface.

JKnott

@areckethennu

Yes, I know Android devices don't work with DHCPv6. IIRC, I told you that. However, your screen capture shows you have SLAAC selected on the WAN side, which is wrong, unless that's what COX is providing. Generally, you'd use DHCPv6 on the WAN and then configure the LAN for SLAAC.

areckethennu

@jknott OK. I put the WAN Interface's IPv6 Configuration Type back to DHCP6. No problem. Then in the LAN Interface, I left the IPv4 Configuration Type at Static IPv4 and changed the IPv6 Configuration Type to SLAAC. When I tried to save that, I got an error saying the DHCP6 Server and the Router Advertisement were active on the interface and I needed to disable the services:

So, back on Services > DHCPv6 Server & RA > LAN > DHCPv6 Server/Router Advertisements, I disabled them. At that point, I could save the new LAN Interface settings.

I then went back to Router Advertisements to set it to Unmanaged (since everything I've seen says to do that), but was greeted with the message "The DHCPv6 Server can only be enabled on interfaces configured with a static IPv6 address. This system has none:"

Looking at the Dashboard, I now have a LAN_SLAAC Gateway that's Unknown and my local Windows computers don't get IPv6 addresses:

areckethennu

@areckethennu I put everything back to the way it was and things are just as they were. Does anyone have a link to actual step by step instructions on how to get pfSense set up in a pure SLAAC setup? Specifically to handle Android and Windows devices. And on Cox if it makes a difference.

EDIT: I guess I'm specifying a solution to the problem instead of asking for a solution to the problem. So, let me rephrase that. Can anyone point me to step-by-step instructions on how to set pfSense up to work nicely with both Android's and Windows 11's IPv6 requirements?

areckethennu

@areckethennu OK. I THINK it's working now. I went back to my normal WAN (DHCP/DHCP6) and LAN (Static IPv4/Track Interface) configurations and simply went to Services > DHCPv6 Server & RA > LAN. On the Router Advertisements tab, I set Router Mode to Unmanaged and on the DHCPv6 Server tab, I disabled DHCPv6 Server. I rebooted pfSense and my Windows machine and it looks like it's working. My Android phone now has proper IPv6 addresses and doing ipconfig /all on my Windows machine shows a similar set there.

Maybe the reboots helped. Anyway, thanks for the help.

EDIT: Let me add that I think the problems I was having were because I kept seeing posts all over the internet saying Android required SLAAC. So, I kept looking for thing about setting up SLAAC. For whatever reason, pfSense mentions SLAAC on the interfaces (which, apparently, is not where what I needed to do is done) but not in RA. Instead, it has its own terms (which I'm sure are fully technically justified) for the various RA modes. None of which helps a Joe Bag 'o Donuts guy like me.

JKnott

@areckethennu

What made it work was configuring it properly. As I said from the start, Android doesn't support DHCPv6. Then as I pointed out, you had SLAAC on the wrong interface.

You can thank some genius at Google for not supporting DHCPv6 and that decision causes a lot of problems. Some companies are going for iPhones, because they need DHCPv6, so this stupidity is costing Android phone companies sales. I have seen his stated reasons for not supporting DHCPv6 and don't see anything that wouldn't also apply to SLAAC. Every other OS that I'm aware of supports DHCPv6, including Linux, which Android is based on. I suspect he's just being an ignorant jerk about this.

areckethennu

@jknott Unless I've got this set up wrong again, SLAAC isn't on ANY interface. Yes, absolutely, the WAN is the wrong place to add it (at least for my home/Cox situation). But, if I turn it on for the LAN, it still doesn't work. If I leave the interfaces alone and just turn off the DHCPv6 server and change the RA mode to Unmanaged, it seems to work.

JKnott

@areckethennu

You configure Router Advertisements on the Router Advertisements page for each interface. Take a look at what's on the wire with Packet Capture, filtering on ICMP6. You should see RAs.

areckethennu

And now, about 2 hours later, the phones no longer have IPv6 addresses. Either I've got something wrong somewhere buried where no normal person can find it, SLAAC is broken on pfSense, or SLAAC is broken on Android. I give up. I'm putting it back to regular old DHCPv6 and forgetting about it.

JKnott

@areckethennu

SLAAC works fine for me, including Android. Sometimes the best thing to do is start over from scratch, as you may have misconfigured something.

areckethennu

@jknott I went back and looked things over for a couple of day. Looking at Wireshark, I wasn't seeing any ICMPv6 traffic at all coming over to the wired side of my network from the wireless side. So, I assumed it was something wrong with bridge mode on that Amplifi HD wireless router. I ordered a small netgear wireless access point to replace it with. But, today, as I was preparing for that WAP, I noted my prefix in the WAN interface wasn't what I thought it was. I used to have it set up for a /56. But, it was set for /64 and wasn't even set to send a hint. I changed that and now have IPv6 addresses on the phones. I made no other changes. Oh, well. Sorry for the trouble. Thanks for the help.