ipv6 issues, setup described

cpf

TLDR; ipv6 setup over pppoe unable to access ipv6 addresses from inside LAN network.

Setup:
1 pfsense router, with 4 interfaces. 1xWAN, 3xOPT (bridged to LAN)
WAN setup is PPPoE + DHCP6, needed to turn on "Use IPv4 connectivity as parent interface" to receive an ipv6 address.
WAN also requests a /56 prefix, /60 also seems to work (To as far as I can get it to work at least)
Whether or not I send a prefix hint doesn't matter it seems
LAN setup is tracked to WAN for ipv6
Basically all ipv6 is allowed on WAN (unsafe, but at least I'm sure there then)

Both WAN & LAN received an ipv6 address, though they seem to be in different subnets.
WAN defines a /64 subnet, the network part being (generalized):
2a02:1234:5678:9abc::
LAN defines a /60 subnet, the network part being (generalized again):
2a02:1234:5abc:def0::
I kept the same parts the same, but don't want to expose the network part too much.
Starting from /36 it seems to differ. Meaning (As I got to understand ipv6, different networks)

Problems:
When going from 2.4.4 to 2.6.0, I noticed my ipv6 setup was broken, so I started tinkering.
Multiple full factory resets later, and an upgrade to 2.7.0-DEVEL (Tue May 17 06:19:29 UTC 2022) I had managed to get ipv6 fully running. The local network was able to access/ping ipv6 addresses, and received appropriate leases (From what I assume was the dhcpv6 server)
Unfortunately, I didn't take too many notes & I didn't feel like continuing on the DEVEL branch at the time. I tried to replicate the setup on 2.6.0 again (After a factory reset)
There it started failing again, though the setup looked pretty much exactly the same. The failure was the fact my LAN network never got any ipv6 assigned.
After some trial and error (going back to 2.5.2 to check out if it was a bug in 2.6.0), no success.

By now, I'm back on the 2.7.0 branch (Same build), with the same setup for as far as I can see, but still it isn't working.
The setup listed above is accurate for my current situation.
Both WAN & LAN have an ipv6 address now, but the internal network no longer receives any ipv6 addresses.

When tracking down what could be the cause for the internal network not receiving any dhcp6 leases, I stumbled upon the error message:
The specified range lies outside of the current subnet. Skipping DHCP6 entry.

The range defined in the dhcpv6 server is the default (From: "::1000", To: "::2000")
The dhcpv6 server identifies the prefix delegation as being:
2a02:1234:5abc:def0::/60 (The same network as the LAN bridge)
The Subnet mask defined is 64 bits there though. Since it should be part of the overall subnet of LAN, it should work though.
I have no prefix delegation setup (This is a fairly simple home setup)

Full disclosure: This is my first time doing some ipv6. I learned a lot, but it all seems very fiddly still. I'm not very confident this will continue to work even if it would work at some point.

If someone can cast an eye on this, and see what I'm doing wrong, it would be massively appreciated.

Bob.Dig

@cpf Your LAN should be /64. Why is it different with you? Have you looked at Status - Interfaces - LAN?

cpf

@bob-dig That's where I get the /60 information from

Bob.Dig

@cpf If LAN is on Track Interface, it should be a /64. If not, something seems fundamentally broken in your config.

cpf

@bob-dig A couple of (edited) screenshots:

Bob.Dig

@cpf I have no experience with bridges, but with track interface it is always a /64. So I think there is something broken in your config/machine.

cpf

@bob-dig When I tried with a regular link (So one of the 4 OPTS alone), it behaved similarly or didn't work at all.
No matter what I fiddle with, the same ipv6 come back all the time.
With 2.7.0 it at least manages an ipv6 for LAN.
It also worked at some point (Screenshot I took back then here)

cpf

@bob-dig Is there some way to figure out where the LAN interface got its address from? Whether or not it was given through the provider's DHCP or something self-generated (SLAAC?)
I'm really not sure how it could have come to this.

NogBadTheBad

@cpf What exactly has your ISP given you, there should be two ranges a ND for the WAN and a PD.

Normally the ND woukld be a /64.

cpf

@nogbadthebad Doing that, a couple of things changed (I just reassigned the same ip static on the LAN network)
First, the interface for the dhcpv6 server changed, it now mentions the subnet in the available range, whereas it previously mentioned "available range :: to ::ffff:ffff:ffff:ffff" it now mentions "available range subnet:: to subnet::ffff:ffff:ffff:ffff"
However, the dhcpv6 server still complains about the specified range being outside the current subnet, which is interesting, since now the subnets should match.

/edit
Also, in 2.6.0 (which matches 22.01 I think) the LAN network never got an ipv6 to begin with, with the same settings

cpf

I just now found a small config in the bridge advanced setting:

My local hosts now have an autoconfigured ip in the LAN-range (At least, I assume it's auto-configured, since the dhcp6 server isn't working still)
Routing is still all broken though, so it's only a small boon (And probably isn't helping the hosts in question at all, having to realize ipv6 isn't an option after timeout)
Still - Wanted to keep you guys posted, if this could trigger something