DHCP6-PD Proper Setup?

steve1515

@jknott From what I've seen, this is pretty standard with Comcast Business static IPs. They give you a /56 and you can PD a /59 which can be split up into 32 /64s. My though was to use some of the 32 /64's on a few of the firewall interfaces and VPN networks.

If I were to PD /64's instead, how would I ask multiple for each of my interfaces and VPN networks?

JKnott

@steve1515

If you request multiple, you'd then have to split again to get /64s. Is that what you plan? If so, I'd get the entire /56 and then route portions of it to downstream routers. Or is Comcast expecting you to have multiple routers connected directly to them? Again, a /59 for a DHCP server is a bit much, given any LAN will be a /64. I haven't worked with Comcast, let alone Comcast Business.

steve1515

@jknott
My plan was to request one /59 and then break that up between my different interfaces and VPN's. For example, I'd request xxxx:xxxx:xxxx:20::/59 and then assign xxxx:xxxx:xxxx:21::/64 to the LAN, xxxx:xxxx:xxxx:22::/64 to OPT1, xxxx:xxxx:xxxx:23::/64 to OpenVPN, xxxx:xxxx:xxxx:24::/64 to WireGuard, etc.

I can't request the /56 because the modem's interface (the one connected to pfSense WAN) has the first /64 of the first /59 assigned to it.

I also tried requesting a /60 like people say works on Comcast's residential service and I get the same results.

Should I see a message somewhere in pfSense showing that the prefix requested has been acquired? I don't see any reference to it anywhere. Is there a command line command I can enter to show what pfSense acquired?

I'm thinking this might be a broken implementation in pfSense, but I have not way of knowing that. I would have thought that I'd at least see a "release" button show up in Status -> Interfaces.

JKnott

@steve1515

I don't know. What you're describing is foreign to me. Maybe someone else here has experience with Comcast.

steve1515

I've been looking into this a little more...

I captured the DHCPv6 exchanges on the WAN interface and I can see that the modem does in fact assign the requested IP and Prefix to the pfSense dhcp6c client. When I look around in pfSense, I see no reference to the assigned address or prefix. There is also no route for the prefix shown on the routes status page. This seems like something is broken in pfSense to me as it appears to completely ignore the assigned information.

Can someone confirm where an assigned prefix would be shown in pfSense? It's possible I'm looking in the wrong place.

jabbera

@steve1515 Did you every solve this? I'm having the same issue.

steve1515

@jabbera Unfortunately, no, I did not. I think the DHCP6-PD implementation in pfSense is broken.

JKnott

@steve1515 said in DHCP6-PD Proper Setup?:

I think the DHCP6-PD implementation in pfSense is broken.

It's been working here for 7 years and many others have no problem with it.
Either there's a problem with what your ISP provides or you configured something wrong.

steve1515

@jknott Yeah, I'm not sure what's going on. I feel something is broken because, I can do a packet capture and see that pfSense correctly requests the prefix and IP that I enter/request and the modem responds with the correct allocation. The issue is pfSense doesn't seem to do anything with this data that's returned from the modem. I see zero references to the requested allocations in the pfSense GUI. I'm not really sure what else to do or try. I was hoping 23.01 which is supposed to come out this month would possibly fix the issue.

JKnott

@steve1515

Sometimes the solution is to start from scratch, as you may have set something and not realized it.