Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6 Server help

    Scheduled Pinned Locked Moved IPv6
    19 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raab
      last edited by

      Hi there,

      I'm pretty new when it comes to ipv6 and I still don't fully understand it so bear with me.

      I have a static /56 ipv6 from my ISP, all works fine using dhcp6c on WAN and track interface on LAN: 2406:e001:1:300::/56

      What I'm wanting to do is configure a static ipv6 on my LAN so that I can use the dhcpv6 server to dish out addresses. The problem I'm having is that clients seem to be receiving a /128 in a different subnet to what I have configured.

      E.g.
      LAN IPV6 address: 2406:e001:1:301::1/64
      DHCPv6 range: 2406:e001:1:301::100 - 200
      RA: Managed
      Priority:High

      The problem is my clients, e.g. Mac, gets 2406:e001:1:300::13ac/128 as its address. I can set my mac to statically use 2406:e001:1:301::2 and access internet ipv6 stuff.

      What am I doing wrong? :(

      Screenshots of config:



      1 Reply Last reply Reply Quote 0
      • H
        hda
        last edited by

        There is a RA of (path to) other DHCP6-server (MoDem-Rtr) ? Try RA Router Only i.s.o. Managed.

        1 Reply Last reply Reply Quote 0
        • R
          raab
          last edited by

          I tried router only but the clients receive no ipv6 address.

          My connection consists of a VDSL2 modem bridged to pfsense

          1 Reply Last reply Reply Quote 0
          • H
            hda
            last edited by

            if your WAN has a fe80…, try the LAN on subnet 300 ?

            We have to find out how the dhcp6-server is supposed to work. (I have read no successfull stories sofar...)

            1 Reply Last reply Reply Quote 0
            • R
              raab
              last edited by

              If I use subnet 300 it works, however the clients aren't obtaining an ipv6 address from the dhcp6 server on pfsense. The client assignments are outside the ipv6 scope I've defined. This is what led me to trying a different subnet.

              https://www.youtube.com/watch?v=qnEv51G-0_A this youtube video seems to indicate it should just work?

              1 Reply Last reply Reply Quote 0
              • H
                hda
                last edited by

                @raab:

                If I use subnet 300 it works, however the clients aren't obtaining an ipv6 address from the dhcp6 server on pfsense. The client assignments are outside the ipv6 scope I've defined.

                Right, your ISP from assigned 1st subnet of your /56.

                video seems to indicate it should just work?

                It's telling that it might work eventually if there is not a FU with the DHCPv6-server of your ISP…

                So, why is it that pfSense cannot intercept the dhcp6c from the LAN workstation (and does pass/slip request to ISP) ?

                My test is with a RPi/Linux/dhcp6c on a 2nd LAN & switch, no success yet with DHCPv6-server/ RA Managed.
                But Static IP, SLAAC (RA Router Only, RA Unmanaged) works.

                1 Reply Last reply Reply Quote 0
                • R
                  raab
                  last edited by

                  I'm in the same boat as you then :/

                  1 Reply Last reply Reply Quote 0
                  • H
                    hda
                    last edited by

                    @raab:

                    I'm in the same boat as you then :/

                    No not really, I prefer the Static(Router Only) method for servers and security. I just set up a test to verify your setup and video report. ;)

                    1 Reply Last reply Reply Quote 0
                    • R
                      raab
                      last edited by

                      Well, in terms of dhcpv6 not working :p

                      I can assign static no problems but for non server devices I can't be bothered doing that

                      1 Reply Last reply Reply Quote 0
                      • H
                        hda
                        last edited by

                        @hda:

                        …
                        So, why is it that pfSense cannot intercept the dhcp6c from the LAN workstation...?

                        My test is with a RPi/Linux/dhcp6c on a 2nd LAN & switch, no success yet with DHCPv6-server/ RA Managed.
                        ...

                        Made a .cap-file. The DHCPv6-server does not respond. (there is no firewall block in RPi)

                        1 Reply Last reply Reply Quote 0
                        • H
                          hda
                          last edited by

                          Factor is bogon networks, FF02 broadcast/solicits from workstation are refused.
                          Solution is "Interfaces: LAN" > Private networks > Block bogon networks = UN-checked.

                          1 Reply Last reply Reply Quote 0
                          • R
                            raab
                            last edited by

                            I already have that option unchecked

                            1 Reply Last reply Reply Quote 0
                            • H
                              hda
                              last edited by

                              @raab:

                              I already have that option unchecked

                              Result?, questions?

                              You trying to convey explicitly that bogon-networks LAN is un-checked & bogon-networks WAN is checked ?

                              N.B.
                              DHCPv6-Server, on LAN with RA(Managed & priority=normal) & (DNS as DHCPv6 server)=checked, works as expected.

                              1 Reply Last reply Reply Quote 0
                              • R
                                raab
                                last edited by

                                Yes, it was never checked in the first place, bogon networks on WAN is checked

                                1 Reply Last reply Reply Quote 0
                                • H
                                  hda
                                  last edited by

                                  Well, with pfSense 2.2.2 DHCPv6-server/RA should work like I tested & indicated.

                                  Try folowing config for your ISP connection over PPPoE:
                                  WAN IPv6 > DHCP6 client configuration > Advanced >
                                  Send Options = ia-pd 0; Identity Association Statement / prefix delegation = checked.

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    raab
                                    last edited by

                                    Seems to work configuring it like that, thanks

                                    Only devices that don't pick up an address are Android devices

                                    1 Reply Last reply Reply Quote 0
                                    • MikeV7896M
                                      MikeV7896
                                      last edited by

                                      @raab:

                                      Only devices that don't pick up an address are Android devices

                                      Which is because Android only uses SLAAC (for addressing) and RDNSS (for IPv6 DNS servers). It will not use DHCPv6 as it doesn't have a DHCPv6 client.

                                      More info: https://code.google.com/p/android/issues/detail?id=32621 … see the post on 12/7/2014 from a Google employee on their current reasoning for failing to support DHCPv6 in Android.

                                      The S in IOT stands for Security

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        raab
                                        last edited by

                                        Ah yeah, of course.

                                        I had actually disabled ipv6 because of this bug https://code.google.com/p/android/issues/detail?id=79576

                                        1 Reply Last reply Reply Quote 0
                                        • Y
                                          yon
                                          last edited by

                                          but I had use PF2.1.X version , ipv6 work in andriod.  only PF2.2.X IPV6 not work.

                                          If you are interested in free peering for clearnet and dn42,contact me !

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.