How to release/renew DHCP6 IPv6 (to move from /64 -> /60)?

nicholfd

Hello all,

Before posting, I found this thread:  https://forum.pfsense.org/index.php?topic=85014.msg466471#msg466471 .  It's old (> 90 days) and unanswered.

I basically have the same issue.  I configured pfSense for a /64 IPv6 with Comcast.  It worked beautifully.  I later learned that I can get a /60.  However, I must first release (or wait for timeout maybe?) the /64, before Comcast will issue me the requested /60.

I'm not asking/looking for button in pfSense to do this, as the poster in the above thread (but wouldn't object to a button…)

Does anyone know how to release/renew an IPv6 at the command line?

Thanks in advance,
Frank

cmb

You can do that under Status>Interfaces.

nicholfd

Thanks for the quick reply!

I didn't think to look there.

I am currently remote.  From this page:  https://doc.pfsense.org/index.php/Interface_Status , it looks like it is a "toggle".  If I release it, it will wait until I renew it.  it will also release/renew ALL IP's.

2 x issues:
1. In my case, I'm remote.  I won't be able to renew if all (IPv4 & IPv6) are released and not automatically renewed.
2. I don't want to interrupt IPv4 (in production & I'm remote ;^) )

Can this be done from the command line or PHP Execute interface to automatically release/renew as a single command?  Can it be done for only the IPv6? If it has to be both IPv4 & IPv6, it would probably be quick enough, as long as I don't lose complete connectivity after the renew…

Thanks,
Frank

nicholfd

In looking at the Status -> Interfaces screen, I have the "Release" button on the WAN interface.

The WAN interface is receiving an IPv6 address.  The LAN interface is not (when requesting /60, after initially requesting /64).

The LAN interface is set for with a static IPv4.  It is set for a "Tracking" for IPv6.  It is the IPv6 on LAN that is not receiving an address.

Do we think that releasing/renewing the WAN IPv6 will manage the LAN IPv6 "Tracking" setting?

Thanks,
Frank

MikeV7896

Comcast's IPv6 prefix delegation is based on the DUID of your system as generated when it was first being set up.

I don't know where the file containing the DUID is located in pfSense, but that would need to be removed and re-generated in order to have Comcast issue you a new prefix for your LAN. Or you could disable IPv6 on your WAN and wait the 7 days needed for the existing delegation to expire. IPv6 needs to be disabled because otherwise DHCP will renew the lease at 3.5 days, resetting the 7 day clock.

Of course, you can always try your hand with Comcast customer service and see if they can delete your IPv6 prefix lease… if you can find someone that understands what you want to do. :)

nicholfd

Now that I'm on site, the "Release" button on the WAN interface & then the "Renew" button worked like a charm!

I now have an IPv6/64 address on my primary LAN interface and a sequentially higher IPv6/64 address on my secondary LAN interface - WOOT!

I set the primary LAN interface to "IPv6 Prefix ID" 0 & the LAN6T interface "IPv6 Prefix ID" to 2, just to test.  See attached screenshot.

Thanks!


nicholfd

@virgiliomi:

I don't know where the file containing the DUID is located in pfSense

It's located here:

/var/db/dhcp6c_duid

See my previous post - the "Release" & then "Renew" button on the WAN interface in the Status -> Interfaces page did the trick.

Thanks,
Frank

cmb

Glad that worked. Yeah there isn't an easy way to accomplish that if you're offsite unless you have another WAN to get in, as any way you do it will drop the connection before bringing it back up (though a reboot might accomplish the same end result anyway).

nicholfd

@cmb:

(though a reboot might accomplish the same end result anyway).

I tried a reboot remotely (when I thought I had no other alternative), and it didn't get the job done.  Comcast requires an explicit DHCP release, before they'll acknowledge any change for the IPv6 request/renew.

razzfazz

You can do it from the command line by deleting the DUID file and killing & restarting dhcp6c manually.

SteveITS

@razzfazz:

You can do it from the command line by deleting the DUID file and killing & restarting dhcp6c manually.

Thanks for that tidbit…I renamed the file and (since it said service dhcp6c wasn't running?) I restarted the router, and it did acquire an IPv6 block for the LAN as desired.