DHCP-PD available



  • Hi,

    I've just added DHCP-PD "Prefix Delegation" support to the pfsense 2.1 tree. I've tested basic functionality for both PPPoE and ethernet setups and it appears to work as it should.

    I would like some feedback with regards to the dhcp6 support. Ideally people that have a PPPoE with IPv6 support or cable ISPs that have also do IPv6 by DHCP6.



  • Hello,

    My ISP uses IPv6 via PPPoE.
    I activate the IPv6 stack using a specific string in the PPPoE service name.
    I still have issues configuring DHCPv6-PD.

    Anyone has more information on how to configure it ?

    Thanks a lot.



  • Have you enabled the dhcp6 option for the ipv6 configuration of your wan interface? After enqbling that you should see the ipv6 address on your interfaces status page.

    If that checks out you can select if you want prefix.delegation and what size. Then on the lan interface you can select the network number of the prefix delegation.



  • I have enabled DHCPv6 on the WAN interface. I get an IPv6 address on the WAN.
    Here are the interfaces:

    [2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ifconfig
    rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=8 <vlan_mtu>ether 00:e0:4c:72:f8:af
            inet 172.17.77.100 netmask 0xffffff00 broadcast 172.17.77.255
            inet6 fe80::2e0:4cff:fe72:f8af%rl0 prefixlen 64 scopeid 0x1
            inet6 fe80::1%rl0 prefixlen 64 scopeid 0x1
            nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:08:02:c7:c7:81
            inet6 fe80::208:2ff:fec7:c781%fxp0 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    enc0: flags=0<> metric 0 mtu 1536
    pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
            inet6 fe80::bc1a:3721%pppoe0 prefixlen 64 scopeid 0x8
            inet 188.26.55.33 –> 10.0.0.1 netmask 0xffffffff
            inet6 2a02:2f01:104d:f004::bc1a:3721 prefixlen 64 autoconf
            nd6 options=3 <performnud,accept_rtadv>[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2):

    The problem is that I cannot get an IPv6 on the LAN side…
    You can choose the PD on the LAN side, but not the network number as you suggest

    In my opinion, the DHCP configuration on the PPPoe Interface is somehow wrong

    cat /var/etc/dhcp6c_wan.conf

    interface pppoe0 {
            send ia-na 0;  # request stateful address
            send ia-pd 0;  # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers pleas33e
    };
    id-assoc na 0 { };
            id-assoc pd 0 {
    };

    and I think it should be:

    interface pppoe0 {
    send ia-na 0; # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers pleas33e
    };
    id-assoc na 0 { };
    id-assoc pd 0 {
    prefix-interface rl0{
    sla-id 0;
    sla-len 0;
    };
    };

    The problem is that the DHCP config file changes upon reboot, so I cannot be sure of that.

    Any help would be greatly appreciated.</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu></up,broadcast,running,simplex,multicast>



  • On the LAN interface you should be able to select a prefix delegation number. That should setup the proper dhcp6 config.

    Under static IPv6 configuration on the lan interface should be a drop down.
    "DHCPv6 Prefix Delegation ID This ID sets the delegated DHCP-PD prefix number which will be used to setup the interface. "



  • Unfortunately I cannot find the ID you are talking about.
    Here are some screenshots of my setup:

    Wan side:

    Lan side:



  • aha, that looks like a off by one. With a prefix length of 64 it should have set the field to id 0, but instead it's set to "None".

    That is something that I can fix.



  • Thanks a lot.
    Please let me know where can I download a new ISO with the fix included or just simply a fix for this.



  • fix or replace interfaces.php with the version from here.

    https://github.com/bsdperimeter/pfsense/commit/643c9f9f4e5c46f7b80779c10f0f9f0234035bb2#diff-0

    That should work.



  • Hello,

    Thank you for your quick reply and fix.
    I think I'm still missing something.

    Now, I have the choice between 0 and none for the prefix delegation ID.
    I chose 0, but I still don't get an IPv6 address on the PC behind the router.

    [2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ifconfig
    rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=8 <vlan_mtu>ether 00:e0:4c:72:f8:af
            inet 172.17.77.100 netmask 0xffffff00 broadcast 172.17.77.255
            inet6 fe80::2e0:4cff:fe72:f8af%rl0 prefixlen 64 scopeid 0x1
            inet6 fe80::1%rl0 prefixlen 64 scopeid 0x1
            nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=2009 <rxcsum,vlan_mtu,wol_magic>ether 00:08:02:c7:c7:81
            inet6 fe80::208:2ff:fec7:c781%fxp0 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    enc0: flags=0<> metric 0 mtu 1536
    pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
            inet6 fe80::524d:6299%pppoe0 prefixlen 64 scopeid 0x8
            inet6 2a02:2f01:104d:f002::524d:6299 prefixlen 64 autoconf
            inet 82.77.98.153 –> 10.0.0.1 netmask 0xffffffff
            nd6 options=3 <performnud,accept_rtadv>[2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2):

    Thanks for any help that you can provide.
    Andrei</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu></up,broadcast,running,simplex,multicast>



  • can you see if the dhcp6c client is active?

    ps auxw|grep dhcp6 on the command prompt page.

    it should also now start a rtadvd daemon, that should be visible too in a process list.



  • It seems that the DHCPv6 server is active.
    I cannot see the RTADVD

    [2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(1): ps auxw|grep dhcp6
    root  52263  0.0  0.3  3316  1368  ??  Ss    7:22AM  0:00.00 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf pppoe0
    root    3730  0.0  0.2  1848  808  0  R+    7:25AM  0:00.00 grep dhcp6
    [2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(2): ps
      PID  TT  STAT      TIME COMMAND
    4825  v0  Is    0:00.02 login [pam] (login)
    5039  v0  I      0:00.01 -sh (sh)
    6754  v0  I+    0:00.01 /bin/sh /etc/rc.initial
    50096  v0- IN    0:00.03 /bin/sh /var/db/rrd/updaterrd.sh
    2750  0  S      0:00.02 /bin/tcsh
    4053  0  R+    0:00.00 ps
    47193  0  Is    0:00.01 -sh (sh)
    47829  0  I      0:00.01 /bin/sh /etc/rc.initial
    [2.1-DEVELOPMENT][root@PBBNET.localdomain]/root(3):

    Do I need to setup something else?



  • This sounds odd, but has a reboot helped?



  • Rebooted the PFsense router.
    Everything is OK on the WAN side (IPv4 + IPv6).
    Still the same issues on the LAN side.

    To be honest, I don't know if I've missconfigured something or not.



  • would you mind giving me access to the box to investigate? You can send details to my email address seth.mos@dds.nl



  • Hello Seth,

    You have the details via e-mail.

    Thanks a lot.



  • I've managed to fix his installation and committed a few patches to the repo.

    The biggest issue is that the bogonsv6 table might be lagging on your installation, although we update that table very frequently at files.pfsense.org it might still be out of date.

    If you do run into issues with the dhcp6 client not aquiring a address and the dhcp6 requests ending up in the firewall logs as [fe80::something]:547 or [fe80::something]:546 it is probably hitting the bogons filter.

    After disabling the bogons on the WAN interface it succesfully acquired a DHCP-PD prefix for the LAN.


Log in to reply