IPv6 DHCP client with ATT Fiber without gateway -- Working

jmmm · Jun 11, 2024, 8:33 PM

Following the instrucitons posted here: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html
I struggled to get IPv6 working with ATT Fiber. It is extremely finickly, and I do not know why in some instances it works while in other seemily identical instances it does not obtain an IP address. However, I do have it working now. Here is what I think is important to know to get it working:

In the instructions at [https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html], section Add Modem-WAN Bridge Rule, the instructions say to set Protocol
Any. If you do this, the DHCP6 requests from the modem will be forwarded through PFSENSE to the ONT and cause XID mismatch errors. This should instead be set for Protocol IEEE 802.1X.

For some reason, any time you make any changes to the WAN IPv6 configuration, you must reboot pfsense. If you don't reboot PFSENSE, the DHCP6 client dhcp6c will never work properly.

Follow the instructions to set DHCP6 Client Configuration to:
DHCPv6 Prefix Delegation size /60.
Send IPv6 prefix hint: Selected
Do not wait for a RA: Selected.

In LAN and other interfaces where you want IPV6 public addresses set track interfaces and select a prefix ID from 0 to f

Save and reboot PFSENSE. Though sometimes this did not work and I have no idea what settings were corrupted.

You should on reboot get an IP address for the WAN interface in the range of
2001:0506:xxxx:xxxx::1
and you should get a /60 prefix in the range of 2600:1700:xxxx:0:: to 2600:1700:xxxx:f::

If you make any IPv6 DHCP client or track interfaces changes, you need to rexboot PFSENSE for IPV6 to work.

if this does not work. reset everything and try again. Something gets corrupted and sometimes it does not work.

For convienince, here is gen-duid.sh script converted into powershell. Save as a *.ps1 file to use.

function ascii2hex($inputString) {
    $output = ""
    $chars = $inputString.ToCharArray()
    foreach ($char in $chars) {
        $output += "{0:x}" -f [int]$char
    }
    return $output
}

function printhexstring($hexString) {
    $output = ""
    for ($i = 0; $i -lt $hexString.Length - 1; $i += 2) {
        $output += $hexString.Substring($i, 2) + ":"
    }
    return $output.TrimEnd(":")
}

Write-Host "`nStep 1) RG information`n"

do {
    $mfg = Read-Host "  Manufacturer [1=Pace, 2=Motorola/Arris]"
} while ($mfg -ne "1" -and $mfg -ne "2")

do {
    $serial = Read-Host "  Serial number"
} while ([string]::IsNullOrWhiteSpace($serial))

Write-Host ""

if ($mfg -eq "1") { $mfg = "00D09E" } else { $mfg = "001E46" }
Write-Host "Identifier: "
$identifier = ascii2hex "$mfg-$serial"
Write-Host (printhexstring $identifier)

Write-Host @"
`nStep 2) Navigate to System->Advanced->Networking in webConfigurator.

IPv6 Options
    DHCP6 DUID: DUID-EN
    DUID-EN
        Enterprise Number: 3561
        Identifier: As shown above

Click Save.

Step 3) Navigate to Interfaces->WAN in webConfigurator.

General Configuration
    IPv6 Configuration Type: DHCP6
    MAC Address: Same as MAC address of RG

Other options are probably needed, so set those too.

Click Save. This will finally save dhcp6c's DUID file and start the client.

Step 4) Finished, hopefully.

Good luck!
"@
# Wait for the user to press Enter before closing
Read-Host -Prompt "Press Enter to exit"

tibere86 · Dec 28, 2024, 5:37 PM

This post is deleted!