Native IPv6 on PPPoE dhcp6c transmit failed: Operation not permitted

basn

My ISP uses PPPoE IPv4 and  DHCP6 IPv6 (/48) dual-stack.
IPv4 is working perfectly. also when using the FritzBox from the isp (xs4all) it is working ok.

my lan interface is configured to "Track Interface IPv6" linked to the WAN interface.

Here is my problem: i won't get an ipv6 ip. the DHCP6 client seems to be failing.

i am running the latest release version 2.2

2.2-RELEASE (amd64)
built on Thu Jan 22 14:03:54 CST 2015
FreeBSD 10.1-RELEASE-p4

/var/log/dhcpd.log :
Jan 26 23:49:23 vm-fw-01 dhcp6c[71850]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jan 26 23:49:23 vm-fw-01 dhcp6c[71850]: failed initialize control message authentication
Jan 26 23:49:23 vm-fw-01 dhcp6c[71850]: skip opening control port
Jan 26 23:49:23 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:49:24 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:49:27 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:49:31 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:49:40 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:49:57 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted
Jan 26 23:50:32 vm-fw-01 dhcp6c[71884]: transmit failed: Operation not permitted

/var/etc/dhcp6c_wan.conf:
interface pppoe1 {
        send ia-na 0;  # request stateful address
        send ia-pd 0;  # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
        prefix ::/48 infinity;
        prefix-interface em1 {
                sla-id 0;
                sla-len 16;
        };
};

running the dhcp6 manually:
/usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_pppoe1.pid pppoe1

Jan/27/2015 00:19:46: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:1b:db:b2:4a:00:50:56:b0:70:8a
Jan/27/2015 00:19:46: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jan/27/2015 00:19:46: failed initialize control message authentication
Jan/27/2015 00:19:46: skip opening control port
SNIP
Jan/27/2015 00:19:46: called
Jan/27/2015 00:19:46: called
Jan/27/2015 00:19:46: reset a timer on pppoe1, state=INIT, timeo=0, retrans=383
Jan/27/2015 00:19:46: a new XID (397bca) is generated
Jan/27/2015 00:19:46: set client ID (len 14)
Jan/27/2015 00:19:46: set identity association
Jan/27/2015 00:19:46: set elapsed time (len 2)
Jan/27/2015 00:19:46: set option request (len 4)
Jan/27/2015 00:19:46: set IA_PD prefix
Jan/27/2015 00:19:46: set IA_PD
Jan/27/2015 00:19:46: transmit failed: Operation not permitted
Jan/27/2015 00:19:46: reset a timer on pppoe1, state=SOLICIT, timeo=0, retrans=1088
Jan/27/2015 00:19:47: set client ID (len 14)
Jan/27/2015 00:19:47: set identity association
Jan/27/2015 00:19:47: set elapsed time (len 2)
Jan/27/2015 00:19:47: set option request (len 4)
Jan/27/2015 00:19:47: set IA_PD prefix
Jan/27/2015 00:19:47: set IA_PD
Jan/27/2015 00:19:47: transmit failed: Operation not permitted
Jan/27/2015 00:19:47: reset a timer on pppoe1, state=SOLICIT, timeo=1, retrans=2151
…

can somebody point me in the right direction ?

hda

Provide you talk PPPoE to them, XS4ALL needs in check in WAN:

• Use IPv4 connectivity as parent interface
• Request only a IPv6 prefix
• DHCPv6 Prefix Delegation size

MTU 1492

basn

thanks , i have changed the settings in the web interface to:

MTU 1492

Use IPv4 connectivity as parent interface ON
Request only a IPv6 prefix ON
DHCPv6 Prefix Delegation size /48
Send IPv6 prefix hint OFF

still it doesn't work  same error message:  transmit failed: Operation not permitted

checking the dhcp6c_wan.conf the /48 prefix isn't saved.

i have added it manually:

interface pppoe1 {
        send ia-pd 0;  # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
        prefix ::/48 infinity;
        prefix-interface em1 {
                sla-id 0;
                sla-len 16;
        };
};

still i get the same error.

hda

How does your hardware line-up look like ?

A first: System: Advanced: Networking: Allow IPv6, OK ?

Also no firewall blocking issues ?

Talk PPPoE straight to the NTU/DSLAM, not through a FB7xxx, yes ?

Set the WAN just in the page, no Advanced or Override, like I wrote.
Then try with a LAN/64 Static IPv6, i.s.o. the Tracking Interface, (you already know what address you get and keep  ;) )

basn

First of all thanks! it is working now

for future reference the changes i have made:

System: Advanced: Networking: Allow IPv6
Firewall:
  Wan Allow DHCP6 UDP from port 547 to 546 (would be nice to make it more specific/secure..)
  LAN  Allow IPV6 from LAN to any

hardware lineup:
Fiber NTU > HP 1810 switch to split up Vlan's to TV's (vlan4) and pfSense (Vlan6 PPPoE)
then the pfSense is running on VMware esxi using 2 vswitches (one connected to the HP1810)