IPv6 connectivity NAT

Bob.Dig

@artafinde said in IPv6 connectivity NAT:

i just need to be able to route IPv6 traffic outside to the internet

Why is that? There is no IPv6-only-internet, as far as I know.

Technically, you could NAT IPv6 the same way as IPv4. But it doesn't make much sense.

Gertjan

@Bob-Dig said in IPv6 connectivity NAT:

Why is that? There is no IPv6 only internet, as far as I know.

Interesting.
After reading this IPv6 description - and if you accept that what's said over there as 'probably exact' you have a choice to make.
Edit that page.
Or accepts that

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP)

thus one might sat that IPv6 is an important part (and still growing) of the Internet.

artafinde

@Bob-Dig said in IPv6 connectivity NAT:

Why is that? There is no IPv6-only-internet, as far as I know.

I need to be able to connect to servers which have only IPv6 ip through SSH.

Bob.Dig

@artafinde said in IPv6 connectivity NAT:

I need to be able to connect to servers which have only IPv6 ip through SSH

If everything else already mentioned here doesn't work for you, you could

• switch Outbound NAT to hybrid
• take a look, what pfSense is doing for Outbound NAT on IPv4 and then replicate that manually to IPv6. For that you will have to add ULA to your LAN.

JKnott

@artafinde said in IPv6 connectivity NAT:

I don't need public IPv6 addresses to my LAN - i just need to be able to route IPv6 traffic outside to the internet.

Why not find out how to put your modem into bridge mode and do things properly. NAT was created to get around the IPv4 address shortage. No need for it with IPv6.

artafinde

@Gertjan
Thanks for the details reply! I followed your steps but something is missing still. See below

First made sure the router gets an IPv6 on WAN interface with a proper prefix:
<snips from ssh>

 WAN (wan)       -> igb0       -> v4/DHCP4: 10.0.0.2/24
                                  v6/DHCP6: 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024/64

Then as you suggested (lan) interface gets to track WAN IPv6

and

but this gets a /128 as you see below:

MAN (lan)       -> igb1       -> v4: 10.120.10.1/24
                                  v6/t6: ::10.10.10.1/128

Is that ok I wonder..

I've setup DHCPv6 for lan interface

And I've set the Router Advertisement as below

I see in the logs the below error:

/status_services.php: The command '/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog' returned exit code '1', the output was '/var/etc/radvd.conf:12 error: syntax error'

The radvd.conf is like below so it complains about prefix ::a0a:a01/128 ?

# Automatically Generated, do not edit
# Generated for DHCPv6 Server lan
interface igb1 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvDefaultLifetime 1800;
        AdvLinkMTU 1500;
        AdvDefaultPreference medium;
        AdvManagedFlag off;
        AdvOtherConfigFlag on;
        prefix ::a0a:a01/128 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
        };
        route ::/0 {
                AdvRoutePreference medium;
                RemoveRoute on;
        };
};

Not sure what's the error or where i messed up but workstation doesn't get an IP from pfsense.

PS:I've tried connected to the ISP router with laptop and IPv6 works 100%. (gets assigned a /64 IPv6).

Bob.Dig

@artafinde Your router doesn't delegate so you can't do what Gertjan has done.

Gertjan

@artafinde said in IPv6 connectivity NAT:

First made sure the router gets an IPv6 on WAN interface with a proper prefix

WAN (wan)     -> ix3    -> v4/DHCP4: 192.168.10.4/24
                           v6/DHCP6: 2a01:dead:beef:a600:92ec:77ff:fe29:392a/64
LAN (lan)     -> igc0   -> v4: 192.168.1.1/24
                           v6/t6: 2a01:cb19:dead:beef:a6eb:92ec:77ff:fe29:392c/64
......

The WAN IPv6 '2a01:dead:beef:a600:92ec:77ff:fe29:392a/64" looks like a prfix, but its just an IPv6 in the "00" range as "a600" is just the first prefix from my /56 from my upstream ISP router.

The "0/0" I selected for my LAN, is the "eb" or "a6eb"
Btw : 2a01:cb19:dead:beef:a6eb:92ec:77ff:fe29:392c/64 is my auto assigned / attributed IPv6 for the pfSense LAN interface.
( why can't I chose 2a01:cb19:dead:beef:a6eb::1/64 ?? )

@artafinde said in IPv6 connectivity NAT:

v6/t6: ::10.10.10.1/128

Dono what it is.
When I see 10.10.10.1 I think about pfBockerng as that is the default Ipv4 it used for the totally useless DNSBL web server. Its .. not sure ... converted into something that looks and smells as an IPv6 by addding :: in front of it. I'm not sure.

My advise : need answers ? Ask question !
With pfSense, to no surprise, you do this by activating this :
System > Advanced > Networking

so from now on the dhcp6c client, the process that gets an IPv6 for WAN, and prefixe(s).
The answers are shown in the DHCP log.

@artafinde said in IPv6 connectivity NAT:

The radvd.conf is like below so it complains about prefix ::a0a:a01/128 ?

of course. That line is wrong. radvd agrees with me. "::a0a:a01/128" is ::10.10.10.1 in hex.
Get a real prefix if possible, and everything starts working.

I have installed the system patches package and activated all the patches ?

Lets see what the dhpc6c client log tells us.

@artafinde said in IPv6 connectivity NAT:

Internally the workstation it getting IPv4 normally and everything works on that but tcan't figure out the IPv6 settings. Do i need to run DHCP6 or can relay that ? Has anyone a similar setup and got it working?

DHCP is for "IPv4" lease handling.
DHCP6C is for a WAN IPv6 'lease' handling, and, if need, it will also handle the request for a, one, or more prefix(s).

Some magic words :

Hyperoptic IPv6 pfSense

No AI here, just click on the link.

The very first link, you'll see this :

and there you go : it looks nice and all that, but there error or misconception there.

IMHO : there is no prefix id for the WAN interface.
pfSense has a WAN right ? This WAN interface is like every other device connected to your ISP equipment. So pfSense does what every other device (phone, pad, Windows PC, whatever) does : it ask for an IPv6/128 and bingo, connected. Done.

But pfSense, unlike all your other devices, is a router.
So it has one, ore more LAN's.
The new DHCP6 role now is : it should also ask for a so called "prefix". It will do so if you set at least one of the pfSense LANs to "IPv6 tracking"

As in my IPv6 settings, you might say that prefix "00" :

is used for the pfSense WAN - my "00" is the prefix used on the ISP equipment LAN (thus pfSense WAN IPv6)
My pfSense also asked for a (1) prefix, to be used on my LAN :

so under the LAN settings I had to set :

and I obtained prefix number "eb". ( Why not "01" ? )

and that part shows my big issue with Orange (ISP) in France : whatever I do, my ISP DHCP6 server in the Orange ISP box will only grant my pfSense with "1" one prefix, whatever I do. It's a know bug. It has a /56 or 256 prefixes, and it only gives me one.
When I set up a second pfSense LAN to tracking, so it will ask for a second prefix, my entire IPv6 setup breaks. I guess its time to go to Paris and burn thing down again.

Btw : I can see in my box that my one and only IPS Box LAN device = pfSEnse has asked for a prefix. Do you have the same info ? It tells me that the DHCP6c pfSense request for a prefix was received, understood, accepted, and granted.

artafinde

@Gertjan said in IPv6 connectivity NAT:

My advise : need answers ? Ask question !
With pfSense, to no surprise, you do this by activating this :
System > Advanced > Networking

OK I agree let's start from top. I did assume the WAN interface was getting a correct IPv6 since I could ping -6 ipv6.google.com when I ssh to the pfsense.

2.7.2-RELEASE][root@pfSense.lan]/root: ping -6 ipv6.google.com
PING6(56=40+8+8 bytes) 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024 --> 2a00:1450:4009:821::200e
16 bytes from 2a00:1450:4009:821::200e, icmp_seq=0 hlim=251 time=2.219 ms
16 bytes from 2a00:1450:4009:821::200e, icmp_seq=1 hlim=251 time=2.039 ms
16 bytes from 2a00:1450:4009:821::200e, icmp_seq=2 hlim=251 time=2.005 ms

So with settings like the below in pfsense for WAN interface:

I'm getting the below:

WAN (wan)       -> igb0       -> v4/DHCP4: 10.0.0.2/24
                                 v6/DHCP6: 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024/64

The DHCP6C logs are:

[..]
Feb 17 18:25:23 pfSense dhcp6c[867]: picked a server (ID: 00:03:00:06:04:20:84:0b:a2:d3)
Feb 17 18:25:23 pfSense dhcp6c[867]: Sending Request
Feb 17 18:25:23 pfSense dhcp6c[867]: a new XID (c3fc4) is generated
Feb 17 18:25:23 pfSense dhcp6c[867]: set client ID (len 14)
Feb 17 18:25:23 pfSense dhcp6c[867]: set server ID (len 10)
Feb 17 18:25:23 pfSense dhcp6c[867]: set IA address
Feb 17 18:25:23 pfSense dhcp6c[867]: set identity association
Feb 17 18:25:23 pfSense dhcp6c[867]: set elapsed time (len 2)
Feb 17 18:25:23 pfSense dhcp6c[867]: set option request (len 4)
Feb 17 18:25:23 pfSense dhcp6c[867]: transmit failed: Network is down
Feb 17 18:25:23 pfSense dhcp6c[867]: reset a timer on igb0, state=REQUEST, timeo=0, retrans=909
Feb 17 18:25:24 pfSense dhcp6c[867]: Sending Request
Feb 17 18:25:24 pfSense dhcp6c[867]: set client ID (len 14)
Feb 17 18:25:24 pfSense dhcp6c[867]: set server ID (len 10)
Feb 17 18:25:24 pfSense dhcp6c[867]: set IA address
Feb 17 18:25:24 pfSense dhcp6c[867]: set identity association
Feb 17 18:25:24 pfSense dhcp6c[867]: set elapsed time (len 2)
Feb 17 18:25:24 pfSense dhcp6c[867]: set option request (len 4)
Feb 17 18:25:24 pfSense dhcp6c[867]: transmit failed: Network is down
Feb 17 18:25:24 pfSense dhcp6c[867]: reset a timer on igb0, state=REQUEST, timeo=1, retrans=1737
Feb 17 18:25:24 pfSense dhcp6c[867]: removing an event on igb0, state=REQUEST
Feb 17 18:25:24 pfSense dhcp6c[867]: removing server (ID: 00:03:00:06:04:20:84:0b:a2:d3)
Feb 17 18:25:24 pfSense dhcp6c[867]: executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Feb 17 18:25:24 pfSense dhcp6c[867]: script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Feb 17 18:25:24 pfSense dhcp6c[867]: exiting
Feb 17 18:25:25 pfSense dhcp6c[26116]: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2d:10:c2:dd:00:0d:b9:4f:b0:24
Feb 17 18:25:25 pfSense dhcp6c[26116]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Feb 17 18:25:25 pfSense dhcp6c[26116]: failed initialize control message authentication
Feb 17 18:25:25 pfSense dhcp6c[26116]: skip opening control port
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[interface] (9)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <5>[igb0] (4)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>begin of closure [{] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[send] (4)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[ia-na] (5)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[0] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>comment [# request stateful address] (26)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[send] (4)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[ia-pd] (5)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[0] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>comment [# request prefix delegation] (27)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[request] (7)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[domain-name-servers] (19)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[request] (7)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[domain-name] (11)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[script] (6)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>["/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh"] (46)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>comment [# we'd like nameservers and RTSOLD to do all the work] (53)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of closure [}] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[id-assoc] (8)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>[na] (2)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>[0] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>begin of closure [{] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of closure [}] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[id-assoc] (8)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>[pd] (2)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>[0] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <13>begin of closure [{] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[prefix] (6)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[::] (2)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[/] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[64] (2)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>[infinity] (8)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of closure [}] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: <3>end of sentence [;] (1)
Feb 17 18:25:25 pfSense dhcp6c[26116]: called
Feb 17 18:25:25 pfSense dhcp6c[26116]: called
Feb 17 18:25:25 pfSense dhcp6c[26428]: reset a timer on igb0, state=INIT, timeo=0, retrans=891
Feb 17 18:25:26 pfSense dhcp6c[26428]: Sending Solicit
Feb 17 18:25:26 pfSense dhcp6c[26428]: a new XID (dcb931) is generated
Feb 17 18:25:26 pfSense dhcp6c[26428]: set client ID (len 14)
Feb 17 18:25:26 pfSense dhcp6c[26428]: set identity association
Feb 17 18:25:26 pfSense dhcp6c[26428]: set elapsed time (len 2)
Feb 17 18:25:26 pfSense dhcp6c[26428]: set option request (len 4)
Feb 17 18:25:26 pfSense dhcp6c[26428]: set IA_PD prefix
Feb 17 18:25:26 pfSense dhcp6c[26428]: set IA_PD
Feb 17 18:25:26 pfSense dhcp6c[26428]: transmit failed: Network is down
Feb 17 18:25:26 pfSense dhcp6c[26428]: reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1091
Feb 17 18:25:27 pfSense dhcp6c[26428]: Sending Solicit
Feb 17 18:25:27 pfSense dhcp6c[26428]: set client ID (len 14)
Feb 17 18:25:27 pfSense dhcp6c[26428]: set identity association
Feb 17 18:25:27 pfSense dhcp6c[26428]: set elapsed time (len 2)
Feb 17 18:25:27 pfSense dhcp6c[26428]: set option request (len 4)
Feb 17 18:25:27 pfSense dhcp6c[26428]: set IA_PD prefix
Feb 17 18:25:27 pfSense dhcp6c[26428]: set IA_PD
Feb 17 18:25:27 pfSense dhcp6c[26428]: transmit failed: Network is down
Feb 17 18:25:27 pfSense dhcp6c[26428]: reset a timer on igb0, state=SOLICIT, timeo=1, retrans=2083
Feb 17 18:25:29 pfSense dhcp6c[26428]: Sending Solicit
Feb 17 18:25:29 pfSense dhcp6c[26428]: set client ID (len 14)
Feb 17 18:25:29 pfSense dhcp6c[26428]: set identity association
Feb 17 18:25:29 pfSense dhcp6c[26428]: set elapsed time (len 2)
Feb 17 18:25:29 pfSense dhcp6c[26428]: set option request (len 4)
Feb 17 18:25:29 pfSense dhcp6c[26428]: set IA_PD prefix
Feb 17 18:25:29 pfSense dhcp6c[26428]: set IA_PD
Feb 17 18:25:29 pfSense dhcp6c[26428]: send solicit to ff02::1:2%igb0
Feb 17 18:25:29 pfSense dhcp6c[26428]: reset a timer on igb0, state=SOLICIT, timeo=2, retrans=3982
Feb 17 18:25:29 pfSense dhcp6c[26428]: receive advertise from fe80::1%igb0 on igb0
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option client ID, len 14
Feb 17 18:25:29 pfSense dhcp6c[26428]:   DUID: 00:01:00:01:2d:10:c2:dd:00:0d:b9:4f:b0:24
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option server ID, len 10
Feb 17 18:25:29 pfSense dhcp6c[26428]:   DUID: 00:03:00:06:04:20:84:0b:a2:d3
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option identity association, len 40
Feb 17 18:25:29 pfSense dhcp6c[26428]:   IA_NA: ID=0, T1=32851, T2=52561
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option IA address, len 24
Feb 17 18:25:29 pfSense dhcp6c[26428]:   IA_NA address: 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024 pltime=65702 vltime=80102
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option preference, len 1
Feb 17 18:25:29 pfSense dhcp6c[26428]:   preference: 7
Feb 17 18:25:29 pfSense dhcp6c[26428]: get DHCP option DNS, len 16
Feb 17 18:25:29 pfSense dhcp6c[26428]: server ID: 00:03:00:06:04:20:84:0b:a2:d3, pref=7
Feb 17 18:25:29 pfSense dhcp6c[26428]: reset timer for igb0 to 0.907529
Feb 17 18:25:30 pfSense dhcp6c[26428]: picked a server (ID: 00:03:00:06:04:20:84:0b:a2:d3)
Feb 17 18:25:30 pfSense dhcp6c[26428]: Sending Request
Feb 17 18:25:30 pfSense dhcp6c[26428]: a new XID (689d33) is generated
Feb 17 18:25:30 pfSense dhcp6c[26428]: set client ID (len 14)
Feb 17 18:25:30 pfSense dhcp6c[26428]: set server ID (len 10)
Feb 17 18:25:30 pfSense dhcp6c[26428]: set IA address
Feb 17 18:25:30 pfSense dhcp6c[26428]: set identity association
Feb 17 18:25:30 pfSense dhcp6c[26428]: set elapsed time (len 2)
Feb 17 18:25:30 pfSense dhcp6c[26428]: set option request (len 4)
Feb 17 18:25:30 pfSense dhcp6c[26428]: send request to ff02::1:2%igb0
Feb 17 18:25:30 pfSense dhcp6c[26428]: reset a timer on igb0, state=REQUEST, timeo=0, retrans=1025
Feb 17 18:25:30 pfSense dhcp6c[26428]: receive reply from fe80::1%igb0 on igb0
Feb 17 18:25:30 pfSense dhcp6c[26428]: get DHCP option client ID, len 14
Feb 17 18:25:30 pfSense dhcp6c[26428]:   DUID: 00:01:00:01:2d:10:c2:dd:00:0d:b9:4f:b0:24
Feb 17 18:25:30 pfSense dhcp6c[26428]: get DHCP option server ID, len 10
Feb 17 18:25:30 pfSense dhcp6c[26428]:   DUID: 00:03:00:06:04:20:84:0b:a2:d3
Feb 17 18:25:30 pfSense dhcp6c[26428]: get DHCP option identity association, len 40
Feb 17 18:25:30 pfSense dhcp6c[26428]:   IA_NA: ID=0, T1=32850, T2=52560
Feb 17 18:25:30 pfSense dhcp6c[26428]: get DHCP option IA address, len 24
Feb 17 18:25:30 pfSense dhcp6c[26428]:   IA_NA address: 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024 pltime=65701 vltime=80101
Feb 17 18:25:30 pfSense dhcp6c[26428]: get DHCP option DNS, len 16
Feb 17 18:25:30 pfSense dhcp6c[26428]: dhcp6c Received REQUEST
Feb 17 18:25:30 pfSense dhcp6c[26428]: nameserver[0] fe80::1
Feb 17 18:25:30 pfSense dhcp6c[26428]: make an IA: NA-0
Feb 17 18:25:30 pfSense dhcp6c[26428]: create an address 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024 pltime=65701, vltime=34359818469
Feb 17 18:25:30 pfSense dhcp6c[26428]: add an address 2a01:4b00:xxxx:de00:20d:b9ff:fe4f:b024/128 on igb0
Feb 17 18:25:30 pfSense dhcp6c[26428]: executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Feb 17 18:25:30 pfSense dhcp6c[70040]: dhcp6c REQUEST on igb0 - running rtsold
Feb 17 18:25:30 pfSense dhcp6c[26428]: script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Feb 17 18:25:30 pfSense dhcp6c[26428]: removing an event on igb0, state=REQUEST
Feb 17 18:25:30 pfSense dhcp6c[26428]: removing server (ID: 00:03:00:06:04:20:84:0b:a2:d3)
Feb 17 18:25:30 pfSense dhcp6c[26428]: got an expected reply, sleeping.
[..]

Gertjan

@artafinde said in IPv6 connectivity NAT:

DHCP6C logs

A WAN interface, igb0, became active, so dhcp6c starts doing its work :
The first part, where dhcp6c has process ID 867, goes well up until something/someone pulls the plug :

dhcp6c[867]: transmit failed: Network is down

So, djcp6c starts again : .... process ID is now 26116. It also ... vanishes.
New process again :

dhcp6c[26428]: transmit failed: Network is down

but 26428 manages to get everything right : an IPv6, a prefix
Reaching this phrase :

got an expected reply, sleeping
means all is well.

I'm not saying that these multiple restarts with 7 second are not normal, maybe you can set up an initial "10 seconds or so" hold off, see the dhcp4 parameters ? (not sure if the dhcp6 process has the same process option, you'll need to see the man ?)

I've this :

= nothing checked as you can see and it works fine for me.