Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?

    IPv6
    5
    13
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • leresL
      leres
      last edited by

      I recently upgraded from AT&T dual-dsl to fiber. Everything works great but I noticed my WAN is getting an autoconf address I'm not expecting (to be clear this is almost certainly the way it was with dsl):

      pylon 65 # ifconfig mvneta0.4090
      mvneta0.4090: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
              description: WAN
              options=3<RXCSUM,TXCSUM>
              ether f0:ad:4e:09:15:0e
              inet6 fe80::f2ad:4eff:fe09:150e%mvneta0.4090 prefixlen 64 scopeid 0x10
              inet6 2600:1700:ab1b:6800:f2bd:4eff:fe03:140c prefixlen 64 autoconf
              inet6 2600:1700:ab1b:6800::28 prefixlen 128
              inet 99.100.60.3 netmask 0xfffffe00 broadcast 99.100.60.255
              groups: vlan
              vlan: 4090 vlanpcp: 0 parent interface: mvneta0
              media: Ethernet 1000baseT <full-duplex>
              status: active
              nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
      

      Since the autoconf address is the first non-local address, it's used as the outgoing ip address.

      WAN is configured for IPv4 DHCP/IPv6 DHCP6. DHCPv6 Prefix Delegation size is set to None.

      (I'm not clear if this impacts WAN but Services -> DHCPv6 Server & RA -> LAN -> Router Advertisements is set to managed.)

      Is there a way for me to end up with mvneta0.4090 not having the autoconf IPv6 address?

      JKnottJ keyserK 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @leres
        last edited by

        @leres said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

        DHCPv6 Prefix Delegation size is set to None.

        That should be whatever size prefix your ISP provides. Mine is 56.

        (I'm not clear if this impacts WAN but Services -> DHCPv6 Server & RA -> LAN -> Router Advertisements is set to managed.)

        Mine's set to unmanaged, as I do not use DHCPv6 on the LAN.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @leres
          last edited by

          @leres I have the EXACT same problem, and I have described it here in this thread: https://forum.netgate.com/topic/177533/dhcpv6-address-ignored-on-wan

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • Bob.DigB
            Bob.Dig LAYER 8
            last edited by

            I don't see the problem yet.

            1 Reply Last reply Reply Quote 0
            • leresL
              leres
              last edited by

              I set the DHCPv6 prefix delegation size to 64 and when I applied the change, I watched WAN (mvneta0.4090) discard all addresses. Next the IPv4 address popped in. Then the DHCPv6 (/128) appeared. But before I could exclaim "success!" the slaac /64 address reappeared...

              I tried a bunch of changes but none (including setting the prefix delegation size to 64, 60, or 56) helped. Updating the WAN interface config without rebooting pfsense sometimes resulted in the DHCPv6 coming before the slaac address but it's pretty random.

              I think the problem is that the AT&T router advertisement message is setting the "auto" flag:

              12:48:37.155725 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 136) fe80::d2fc:d0ff:fe50:e1c1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 136
                      hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
                        prefix info option (3), length 32 (4): 2600:1700:ab1b:6800::/64, Flags [onlink, auto], valid time 3600s, pref. time 3600s
                        route info option (24), length 24 (3): 2600:1700:ab1b:6800::/60, pref=high, lifetime=3600s
                        rdnss option (25), length 24 (3):  lifetime 600s, addr: 2600:1700:ab1b:6800::1
                        dnssl option (31), length 24 (3):  lifetime 600s, domain(s): attlocal.net.
                        mtu option (5), length 8 (1):  1500
                        source link-address option (1), length 8 (1): d0:fc:d0:52:c1:e1
              

              When pfsense sees this, it adds the slaac address.

              The best idea I can come up with so far is to rig up a dhclient hook script that sets prefer_source to the DHCPv6 address when it's added.

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @leres
                last edited by

                @leres

                There's an AT&T forum, where it appears they're discussing a similar problem. Maybe you can check in there.
                https://forums.att.com/conversations/att-fiber-equipment/ipv6-prefix-delegation/6398b0655bc9827e14681578

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • leresL
                  leres
                  last edited by

                  That forums.att.com thread seems to be about prefix delegation, not autoconf/slaac. I'm zeroing in on my problem and it's that the router is telling me to use slaac. I guess I see why they do that, it gives the customer the best chance of a working IPv6 config.

                  At this point I think I should draft a feature request to automatically add prefer_source when DHCPv6 is selected for an interface (or at least make it an option). /etc/rc.newwanipv6 already does quite a bit...

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @leres
                    last edited by

                    @leres

                    Maybe you can ask them about their experiences with pfSense. The thread I referred to is about OPNsense, which is a fork of pfSense.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    keyserK 1 Reply Last reply Reply Quote 0
                    • keyserK
                      keyser Rebel Alliance @JKnott
                      last edited by

                      @jknott said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

                      @leres

                      Maybe you can ask them about their experiences with pfSense. The thread I referred to is about OPNsense, which is a fork of pfSense.

                      OPNsense uses a patched version of dhcp6c that also allows for RAW dhcp options, which is required with lots of ISP's across europe. This is one reason why I'm forced to use OPNsenses dhcp6c on my pfSense (replaced it) in fx. France.
                      pfSense's dhcp6c is not really cutting it in most scenarios I encounter.

                      I will investigate if my own ISP here in Denmark is also asking me to use Slaac in their RA, even though DHCP6 is the only supported access method. It might be a misconfiguration on their side.

                      But it would be a VERY welcome add-on to pfSense if it would actually prefer the address method you selected for the interface (DHCP6 instead of Slaac).

                      Love the no fuss of using the official appliances :-)

                      1 Reply Last reply Reply Quote 0
                      • leresL
                        leres
                        last edited by leres

                        I notice now that the DHCPv6 address I receive is a /128. Which according to rfc3484 gives it the highest precedence for source address selection based on the default FreeBSD/pfsense policy table:

                        pylon 33 # ip6addrctl
                        Prefix                          Prec Label      Use
                        ::1/128                           50     0        0
                        ::/0                              40     1    37588
                        ::ffff:0.0.0.0/96                 35     4        0
                        2002::/16                         30     2        0
                        2001::/32                          5     5        0
                        fc00::/7                           3    13        0
                        ::/96                              1     3        0
                        fec0::/10                          1    11        0
                        3ffe::/16                          1    12        0
                        

                        Certainly after all the testing and rebooting I've done recently the desired source address is being used. So perhaps something different with dsl vs. fiber. (With dsl I had a bgw210 and now my gateway is a bgw320 and both report the same 3.20.5 firmware version...) Anyway I think the DHCPv6 address I had been receiving was a /64.

                        Anyway I guess I no longer care about the gratuitous slaac address.

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @leres
                          last edited by

                          @leres

                          That /128 is not used for routing. You can use it for connecting directly to the pfSense box.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • T
                            tibere86
                            last edited by

                            @keyser said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

                            https://forum.netgate.com/topic/177533/dhcpv6-address-ignored-on-wan

                            Hello @keyser and @leres .Were either of you able to resolve this issue? I am seeing the same thing with my AT&T Fiber connection. I have WAN set to dhcpv6 and delegation size to /60. I also enable "Send IPv6 prefix hint" and "Do not wait for a RA". My pfSense instance receives a SLAAC address for some weird reason which causes IPv6 DNS and NTP to not work. Another symptom is I cannot access Netgate's software upgrade nor package manager servers.

                            As additional information, my LAN is setup as SLAAC. Devices on my LAN have IPv6 access but cannot access local IPv6 DNS resolver. IPv4 resolves fine via DNS resolver.

                            leresL 1 Reply Last reply Reply Quote 0
                            • leresL
                              leres @tibere86
                              last edited by

                              @tibere86 said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

                              Hello @keyser and @leres .Were either of you able to resolve this issue?

                              I to get both DHCP6 and autoconf addresses with the autoconf address usually before the DHCP6 address so it's the one that gets used. I found I can change the order by manually removing and adding ones of the addresses but this reverts after awhile so I gave up and just live with the order I end up with.

                              [anonymized addresses]

                              pylon 724 # ifconfig mvneta0
                              mvneta0: flags=1008b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
                                      description: WAN
                                      options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
                                      ether 58:9c:fc:01:02:03
                                      inet 99.105.88.5 netmask 0xfffffe00 broadcast 99.105.88.255
                                      inet6 fe80::29c:fcff:fe01:7f15%mvneta0 prefixlen 64 scopeid 0x1
                                      inet6 2600:1700:c01b:5700:29c:fcff:fe01:7f15 prefixlen 64 autoconf pltime 3600 vltime 3600
                                      inet6 2600:1700:c01b:5700::36 prefixlen 128 pltime 3600 vltime 3600
                                      media: Ethernet autoselect (1000baseT <full-duplex>)
                                      status: active
                                      nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
                              
                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.