Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6 PD, static internal addresses [SOLVED]

    Scheduled Pinned Locked Moved IPv6
    14 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brummi
      last edited by

      Greetings,

      a few weeks ago i switched to a new provider and after realising that my poor m0n0wall is not able to provider the full throughput i built a new system and also made the switch from m0n0 to pfSense.  My provider assigned a static prefix (2a02:168:40xx::/48) of which i would like to assign a /64 to my internal network (all devices will get static addresses). Please see this image for a more visual representation of what i'd like to achieve: https://www.dropbox.com/s/7bdwuaxd7s2hhyt/ipv6.png

      My provider told me that i have to use DHCPv6 prefix delegation and that i could assign a static /64 to the lan adapter of my router. Ha, sounds easy, i'll get that done in five minutes!

      … hours passing, not working ... days passing, not working ...

      and here we are, i'm out of ideas and need your help :)

      What i've done:

      • Interfaces:

      • WAN:

        • IPv6 Configuration Type: DHCP
        • Request only a IPv6 prefix: check
        • DHCPv6 Prefix Delegation size: 48
        • Send IPv6 prefix hint: check
      • LAN:

        • IPv6 Configuration Type: Static
        • IPv6 address: 2a02:168:40xx:1::1 / 64
      • Router advertisements:

        • Router advertisements: Router only
        • Router Priority: Normal
        • RA Subnet: 2a02:168:4008:1:: / 64
      • Client (for testing):

        • fixed IP: 2a02:168:40xx:1::2 / 64

      What does work: the internal traffic. I can ping the pfSense from the client and vice versa.
      What does not work: communication/traffic from/to the internet.

      Now my ultimate question is: is this setup even possible? Based on my (poor) knowledge about IPv6 this should work … And if it does work, what the ... am i doing wrong?

      Will be very, very, very thankful for any ideas, hints or even a "you stupid!"  :D


      Solution in post #12.

      1 Reply Last reply Reply Quote 0
      • H
        hda
        last edited by

        @Brummi:

        …
        Router advertisements:
        ...

        • RA Subnet: 2a02:168:4008:1:: / 64
          ...

        This is not needed in my config.

        No typo's in static IP for LAN ?

        Do you need to use a PPPoE IPv4 connection to ask the IPv6/48 ?

        And… allowance or firewall issues ?

        1 Reply Last reply Reply Quote 0
        • B
          Brummi
          last edited by

          Thanks for your hints hda!

          I remove the subnet from the RA config and, as far i know, i don't need a PPPoE connection, but i'll ask the provider.
          The firewall shouldn't be a problem too, as i don't filter outgoing connections while doing this ipv6-config-thingie.

          Here's the output of a tracepath try:

          tracepath6 2404:6800:400a:801::1003
          1?: [LOCALHOST]                      pmtu 1500
          1:  2a02:168:4008:1::1                        0.640ms
          1:  2a02:168:4008:1::1                        0.605ms
          2:  no reply
          3:  no reply
          4:  no reply

          When doing a tracepath from outside it always (ipv4/v6) ends at the same router on the providers side, so it really seems to be a problem *) with the pfSense config, right?

          *) problem = stupid user trying to configure ipv6 :D

          1 Reply Last reply Reply Quote 0
          • H
            hda
            last edited by

            The config looks good. So…

            You did set:  System: Advanced: Networking: Allow IPv6 ?

            Allowed for WAN IPv6 ICMP I/O ?

            1 Reply Last reply Reply Quote 0
            • B
              Brummi
              last edited by

              Yes, allow IPv6 is checked and there's a rule to allow ICMP (v4+v6) on the WAN interface.

              1 Reply Last reply Reply Quote 0
              • R
                razzfazz
                last edited by

                Have you tried if it works if you actually use PD (i.e., set IPv6 to "track interface" in the LAN config)? Won't give you the desired static addresses, but maybe a good first step to make sure everything else is in order?

                1 Reply Last reply Reply Quote 0
                • R
                  razzfazz
                  last edited by

                  Also, what's the deal with 4008 vs. 40xx? In your config above, the "xx" will have to be "08" or it won't work for sure.

                  1 Reply Last reply Reply Quote 0
                  • B
                    Brummi
                    last edited by

                    Good morning,

                    i switched the "IPv6 Configuration Type" to "Track Interface" and rebooted (just to be sure). Now the lan interface has only the link local address but doesn't show any others. Does that mean that the pd doesn't work?

                    (and sorry for the xx, it was a feeble attempt to obfuscate the address  :) )

                    1 Reply Last reply Reply Quote 0
                    • R
                      razzfazz
                      last edited by

                      It would appear so. Anything relevant in the logs?

                      1 Reply Last reply Reply Quote 0
                      • B
                        Brummi
                        last edited by

                        The dhcp log is quite inconspicuous, just the messages regarding the assignment of the ipv4 address, but i found the following lines in the router log:

                        radvd[18174]: IPv6 forwarding setting is: 0, should be 1
                        radvd[18174]: IPv6 forwarding seems to be disabled, but continuing anyway.
                        radvd[18174]: no auto-selected prefix on interface em0, disabling advertisements
                        radvd[18374]: sendmsg: Can't assign requested address

                        erm … ipv6 forwarding seems to be disabled? I checked it again, ipv6 is enabled in the system -> advanced -> network settings. Is there any other checkbox i didn't see?

                        1 Reply Last reply Reply Quote 0
                        • H
                          hda
                          last edited by

                          If running LAN all static, then one need  Services: Router advertisements(Router Only)

                          Have DNS-servers override if DHCP-PD to ISP ?

                          How do you request your IP's (IPv4&6) from ISP. Do you have an IPv6 showing in Status: Interfaces ?
                          Is it a public /64 or /128 ? or a local fe80:: ?

                          1 Reply Last reply Reply Quote 0
                          • B
                            Brummi
                            last edited by

                            @hda:

                            If running LAN all static, then one need  Services: Router advertisements(Router Only)

                            Yes, "Router Advertisements" is on "Router Only".

                            @hda:

                            Have DNS-servers override if DHCP-PD to ISP ?

                            Sorry, don't know what you mean. But what impact could dns servers have on such a low level?

                            @hda:

                            How do you request your IP's (IPv4&6) from ISP. Do you have an IPv6 showing in Status: Interfaces ?
                            Is it a public /64 or /128 ? or a local fe80:: ?

                            Straight from the interface status page:
                            IPv6 Link Local    fe80::6a05:caff:fe2e:4dc7
                            IPv6 address      fe80::6a05:caff:fe2e:4dc7
                            Subnet mask IPv6  64
                            Gateway IPv6      fe80::223:33ff:fe74:6e3f

                            1 Reply Last reply Reply Quote 0
                            • B
                              Brummi
                              last edited by

                              Problem solved dance :D

                              i was browsing the forum and found the following in another thread (https://forum.pfsense.org/index.php?topic=65724.15):

                              • I would also uncheck the "Block bogon networks" box on both the WAN and the LAN, as there have been issues with these being overly broad for IPv6 and blocking legitimate (and required) traffic.

                              I unchecked the boxed and voilà:

                              ping6 2a02:168:4008:1::1
                              PING 2a02:168:4008:1::1(2a02:168:4008:1::1) 56 data bytes
                              64 bytes from 2a02:168:4008:1::1: icmp_seq=1 ttl=52 time=26.6 ms
                              64 bytes from 2a02:168:4008:1::1: icmp_seq=2 ttl=52 time=27.3 ms
                              64 bytes from 2a02:168:4008:1::1: icmp_seq=3 ttl=52 time=26.5 ms
                              64 bytes from 2a02:168:4008:1::1: icmp_seq=4 ttl=52 time=26.6 ms
                              64 bytes from 2a02:168:4008:1::1: icmp_seq=5 ttl=52 time=26.5 ms
                              (pinged from an external host)

                              Thank you all for your help and assistance, really appreciate it!

                              1 Reply Last reply Reply Quote 0
                              • H
                                hda
                                last edited by

                                Good for you. So a lack of register  ;)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.