DHCPv6 Server help



  • Hi there,

    I'm pretty new when it comes to ipv6 and I still don't fully understand it so bear with me.

    I have a static /56 ipv6 from my ISP, all works fine using dhcp6c on WAN and track interface on LAN: 2406:e001:1:300::/56

    What I'm wanting to do is configure a static ipv6 on my LAN so that I can use the dhcpv6 server to dish out addresses. The problem I'm having is that clients seem to be receiving a /128 in a different subnet to what I have configured.

    E.g.
    LAN IPV6 address: 2406:e001:1:301::1/64
    DHCPv6 range: 2406:e001:1:301::100 - 200
    RA: Managed
    Priority:High

    The problem is my clients, e.g. Mac, gets 2406:e001:1:300::13ac/128 as its address. I can set my mac to statically use 2406:e001:1:301::2 and access internet ipv6 stuff.

    What am I doing wrong? :(

    Screenshots of config:





  • There is a RA of (path to) other DHCP6-server (MoDem-Rtr) ? Try RA Router Only i.s.o. Managed.



  • I tried router only but the clients receive no ipv6 address.

    My connection consists of a VDSL2 modem bridged to pfsense



  • if your WAN has a fe80…, try the LAN on subnet 300 ?

    We have to find out how the dhcp6-server is supposed to work. (I have read no successfull stories sofar...)



  • If I use subnet 300 it works, however the clients aren't obtaining an ipv6 address from the dhcp6 server on pfsense. The client assignments are outside the ipv6 scope I've defined. This is what led me to trying a different subnet.

    https://www.youtube.com/watch?v=qnEv51G-0_A this youtube video seems to indicate it should just work?



  • @raab:

    If I use subnet 300 it works, however the clients aren't obtaining an ipv6 address from the dhcp6 server on pfsense. The client assignments are outside the ipv6 scope I've defined.

    Right, your ISP from assigned 1st subnet of your /56.

    video seems to indicate it should just work?

    It's telling that it might work eventually if there is not a FU with the DHCPv6-server of your ISP…

    So, why is it that pfSense cannot intercept the dhcp6c from the LAN workstation (and does pass/slip request to ISP) ?

    My test is with a RPi/Linux/dhcp6c on a 2nd LAN & switch, no success yet with DHCPv6-server/ RA Managed.
    But Static IP, SLAAC (RA Router Only, RA Unmanaged) works.



  • I'm in the same boat as you then :/



  • @raab:

    I'm in the same boat as you then :/

    No not really, I prefer the Static(Router Only) method for servers and security. I just set up a test to verify your setup and video report. ;)



  • Well, in terms of dhcpv6 not working :p

    I can assign static no problems but for non server devices I can't be bothered doing that



  • @hda:


    So, why is it that pfSense cannot intercept the dhcp6c from the LAN workstation...?

    My test is with a RPi/Linux/dhcp6c on a 2nd LAN & switch, no success yet with DHCPv6-server/ RA Managed.
    ...

    Made a .cap-file. The DHCPv6-server does not respond. (there is no firewall block in RPi)



  • Factor is bogon networks, FF02 broadcast/solicits from workstation are refused.
    Solution is "Interfaces: LAN" > Private networks > Block bogon networks = UN-checked.



  • I already have that option unchecked



  • @raab:

    I already have that option unchecked

    Result?, questions?

    You trying to convey explicitly that bogon-networks LAN is un-checked & bogon-networks WAN is checked ?

    N.B.
    DHCPv6-Server, on LAN with RA(Managed & priority=normal) & (DNS as DHCPv6 server)=checked, works as expected.



  • Yes, it was never checked in the first place, bogon networks on WAN is checked



  • Well, with pfSense 2.2.2 DHCPv6-server/RA should work like I tested & indicated.

    Try folowing config for your ISP connection over PPPoE:
    WAN IPv6 > DHCP6 client configuration > Advanced >
    Send Options = ia-pd 0; Identity Association Statement / prefix delegation = checked.



  • Seems to work configuring it like that, thanks

    Only devices that don't pick up an address are Android devices



  • @raab:

    Only devices that don't pick up an address are Android devices

    Which is because Android only uses SLAAC (for addressing) and RDNSS (for IPv6 DNS servers). It will not use DHCPv6 as it doesn't have a DHCPv6 client.

    More info: https://code.google.com/p/android/issues/detail?id=32621 … see the post on 12/7/2014 from a Google employee on their current reasoning for failing to support DHCPv6 in Android.



  • Ah yeah, of course.

    I had actually disabled ipv6 because of this bug https://code.google.com/p/android/issues/detail?id=79576



  • but I had use PF2.1.X version , ipv6 work in andriod.  only PF2.2.X IPV6 not work.


Log in to reply