4. Complete noob and ia-pd configuration.

Complete noob and ia-pd configuration.

  • S

    So, near as I can understand it, my one ISP hands out a /56 prefix, then its up to the router (pfsense box in my case) to delegate the addresses to other devices inside the LAN.

    I've had to custom create a dhcp6c_wan.conf which mostly works, except it keeps looping.

    This is my config

    interface em0_vlan3 {
        send ia-pd 0;
       request domain-name-servers;
       request domain-name;
       script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 0 {
        prefix-interface em0_vlan5 {
        sla-id 0;
        sla-len 0;
        };
};

    When I run /usr/local/sbin/dhcp6c -dDf -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c.pid em0_vlan3

    It seems to get a prefix, but it keeps looping

    Oct/30/2015 16:17:39: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=386
Oct/30/2015 16:17:39: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 16:17:39: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 16:17:39: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 16:17:39: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:39: got an expected reply, sleeping.
Oct/30/2015 16:17:40: a new XID (4448c7) is generated
Oct/30/2015 16:17:40: set client ID (len 14)
Oct/30/2015 16:17:40: set elapsed time (len 2)
Oct/30/2015 16:17:40: set option request (len 4)
Oct/30/2015 16:17:40: set IA_PD
Oct/30/2015 16:17:40: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:40: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1049
Oct/30/2015 16:17:40: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:40: get DHCP option server ID, len 10
Oct/30/2015 16:17:40:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:40: get DHCP option client ID, len 14
Oct/30/2015 16:17:40:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:40: get DHCP option IA_PD, len 41
Oct/30/2015 16:17:40:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:40: get DHCP option IA_PD prefix, len 25
Oct/30/2015 16:17:40:   IA_PD prefix: 2001:56a:f3b1:2e00::/56 pltime=172800 vltime=345600
Oct/30/2015 16:17:40: get DHCP option DNS, len 32
Oct/30/2015 16:17:40: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 16:17:40: reset timer for em0_vlan3 to 0.994837
Oct/30/2015 16:17:41: picked a server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:41: a new XID (562947) is generated
Oct/30/2015 16:17:41: set client ID (len 14)
Oct/30/2015 16:17:41: set server ID (len 10)
Oct/30/2015 16:17:41: set elapsed time (len 2)
Oct/30/2015 16:17:41: set option request (len 4)
Oct/30/2015 16:17:41: set IA_PD prefix
Oct/30/2015 16:17:41: set IA_PD
Oct/30/2015 16:17:41: send request to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=REQUEST, timeo=0, retrans=964
Oct/30/2015 16:17:41: receive reply from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:41: get DHCP option server ID, len 10
Oct/30/2015 16:17:41:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:41: get DHCP option client ID, len 14
Oct/30/2015 16:17:41:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:41: get DHCP option IA_PD, len 48
Oct/30/2015 16:17:41:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:41: get DHCP option status code, len 32
Oct/30/2015 16:17:41:   status code: no prefixes
Oct/30/2015 16:17:41: get DHCP option DNS, len 32
Oct/30/2015 16:17:41: nameserver[0] 2001:568:ff09:10c::53
Oct/30/2015 16:17:41: nameserver[1] 2001:568:ff09:10d::53
Oct/30/2015 16:17:41: make an IA: PD-0
Oct/30/2015 16:17:41: status code for PD-0: no prefixes
Oct/30/2015 16:17:41: IA PD-0 is invalidated
Oct/30/2015 16:17:41: remove an IA: PD-0
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=421
Oct/30/2015 16:17:41: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 16:17:41: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 16:17:41: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 16:17:41: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:41: got an expected reply, sleeping.
Oct/30/2015 16:17:41: a new XID (7688d) is generated
Oct/30/2015 16:17:41: set client ID (len 14)
Oct/30/2015 16:17:41: set elapsed time (len 2)
Oct/30/2015 16:17:41: set option request (len 4)
Oct/30/2015 16:17:41: set IA_PD
Oct/30/2015 16:17:41: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1036
Oct/30/2015 16:17:41: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:41: get DHCP option server ID, len 10
Oct/30/2015 16:17:41:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:41: get DHCP option client ID, len 14
Oct/30/2015 16:17:41:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:41: get DHCP option IA_PD, len 41
Oct/30/2015 16:17:41:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:41: get DHCP option IA_PD prefix, len 25
Oct/30/2015 16:17:41:   IA_PD prefix: 2001:56a:f3b1:2e00::/56 pltime=172800 vltime=345600
Oct/30/2015 16:17:41: get DHCP option DNS, len 32
Oct/30/2015 16:17:41: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 16:17:41: reset timer for em0_vlan3 to 0.995560
^C

    So it grabs the prefix of 2001:56a:f3b1:2e00::/56 but then just keeps looping. I tried manually assigning an address of 2001:56a:f3b1:2e00::1 to the appropriate WAN interface, but was unable to ping6/traceroute6 from the PFSense box itself.

    Any tips/advice would be greatly appreciated.

    0
  • S

    So,

    I modified my config slightly

    
interface em0_vlan3 {
        send ia-pd 1;
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 1 {
        prefix-interface em0_vlan5 {
#        sla-id 1;
#       sla-len 56;
        };
};

    now this happens

    Oct/30/2015 21:07:26: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=383
Oct/30/2015 21:07:27: a new XID (9026a) is generated
Oct/30/2015 21:07:27: set client ID (len 14)
Oct/30/2015 21:07:27: set elapsed time (len 2)
Oct/30/2015 21:07:27: set option request (len 4)
Oct/30/2015 21:07:27: set IA_PD
Oct/30/2015 21:07:27: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 21:07:27: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1088
Oct/30/2015 21:07:27: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 21:07:27: get DHCP option server ID, len 10
Oct/30/2015 21:07:27:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 21:07:27: get DHCP option client ID, len 14
Oct/30/2015 21:07:27:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 21:07:27: get DHCP option IA_PD, len 41
Oct/30/2015 21:07:27:   IA_PD: ID=1, T1=86400, T2=144000
Oct/30/2015 21:07:27: get DHCP option IA_PD prefix, len 25
Oct/30/2015 21:07:27:   IA_PD prefix: 2001:56a:f3a8:a700::/56 pltime=172800 vltime=345600
Oct/30/2015 21:07:27: get DHCP option DNS, len 32
Oct/30/2015 21:07:27: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 21:07:27: reset timer for em0_vlan3 to 0.982435
Oct/30/2015 21:07:28: picked a server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 21:07:28: a new XID (68310) is generated
Oct/30/2015 21:07:28: set client ID (len 14)
Oct/30/2015 21:07:28: set server ID (len 10)
Oct/30/2015 21:07:28: set elapsed time (len 2)
Oct/30/2015 21:07:28: set option request (len 4)
Oct/30/2015 21:07:28: set IA_PD prefix
Oct/30/2015 21:07:28: set IA_PD
Oct/30/2015 21:07:28: send request to ff02::1:2%em0_vlan3
Oct/30/2015 21:07:28: reset a timer on em0_vlan3, state=REQUEST, timeo=0, retrans=977
Oct/30/2015 21:07:28: receive reply from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 21:07:28: get DHCP option server ID, len 10
Oct/30/2015 21:07:28:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 21:07:28: get DHCP option client ID, len 14
Oct/30/2015 21:07:28:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 21:07:28: get DHCP option IA_PD, len 41
Oct/30/2015 21:07:28:   IA_PD: ID=1, T1=86400, T2=144000
Oct/30/2015 21:07:28: get DHCP option IA_PD prefix, len 25
Oct/30/2015 21:07:28:   IA_PD prefix: 2001:56a:f3a8:a700::/56 pltime=172800 vltime=345600
Oct/30/2015 21:07:28: get DHCP option DNS, len 32
Oct/30/2015 21:07:28: nameserver[0] 2001:568:ff09:10c::53
Oct/30/2015 21:07:28: nameserver[1] 2001:568:ff09:10d::53
Oct/30/2015 21:07:28: make an IA: PD-1
Oct/30/2015 21:07:28: create a prefix 2001:56a:f3a8:a700::/56 pltime=140733193560832, vltime=140733193733632
Oct/30/2015 21:07:28: invalid prefix length 56 + 16 + 64
Oct/30/2015 21:07:28: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 21:07:28: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 21:07:28: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 21:07:28: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 21:07:28: got an expected reply, sleeping.

    so em0_vlan5 now gets assigned       
    inet6 2001:56a:f3a8:a700:20c:29ff:fe20:fd1c prefixlen 56

    however, if I try to ping

    ping6 google.ca
PING6(56=40+8+8 bytes) 2001:56a:f3a8:a700:20c:29ff:fe20:fd1c --> 2607:f8b0:400a:805::100f
ping6: sendmsg: Operation not permitted
ping6: wrote google.ca 16 chars, ret=-1

    but the routing table looks good

    [2.2.4-RELEASE][root@pfsense.wtf.local]/root: route -6 get google.ca
   route to: sea15s01-in-x03.1e100.net
destination: default
       mask: default
    gateway: node-1w7jra22wzwwdjzfq1cmmcqo0.ipv6.telus.net
        fib: 0
  interface: em0_vlan3
      flags: <up,gateway,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0</up,gateway,done,static>

    =\

    0
  • S

    So with this config file

    interface em0_vlan3 {
#       information-only;
        send ia-pd 1;
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 1 {
        prefix-interface em0_vlan5 {
        sla-id 1;
        sla-len 0;
        };

};

    It works. I get functional IPV6 on my router, however pfsense doesn't seem to want to let me advertise this to clients on my lan.

    Also, there seems to be no choices/combination of options to do PD on a normal WAN interface. in the 2.2.5 changelog, it said IA-PD changes were made for PPPoE users.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy