Complete noob and ia-pd configuration.

sheptard

So, near as I can understand it, my one ISP hands out a /56 prefix, then its up to the router (pfsense box in my case) to delegate the addresses to other devices inside the LAN.

I've had to custom create a dhcp6c_wan.conf which mostly works, except it keeps looping.

This is my config

interface em0_vlan3 {
        send ia-pd 0;
       request domain-name-servers;
       request domain-name;
       script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 0 {
        prefix-interface em0_vlan5 {
        sla-id 0;
        sla-len 0;
        };
};

When I run /usr/local/sbin/dhcp6c -dDf -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c.pid em0_vlan3

It seems to get a prefix, but it keeps looping

Oct/30/2015 16:17:39: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=386
Oct/30/2015 16:17:39: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 16:17:39: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 16:17:39: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 16:17:39: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:39: got an expected reply, sleeping.
Oct/30/2015 16:17:40: a new XID (4448c7) is generated
Oct/30/2015 16:17:40: set client ID (len 14)
Oct/30/2015 16:17:40: set elapsed time (len 2)
Oct/30/2015 16:17:40: set option request (len 4)
Oct/30/2015 16:17:40: set IA_PD
Oct/30/2015 16:17:40: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:40: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1049
Oct/30/2015 16:17:40: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:40: get DHCP option server ID, len 10
Oct/30/2015 16:17:40:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:40: get DHCP option client ID, len 14
Oct/30/2015 16:17:40:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:40: get DHCP option IA_PD, len 41
Oct/30/2015 16:17:40:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:40: get DHCP option IA_PD prefix, len 25
Oct/30/2015 16:17:40:   IA_PD prefix: 2001:56a:f3b1:2e00::/56 pltime=172800 vltime=345600
Oct/30/2015 16:17:40: get DHCP option DNS, len 32
Oct/30/2015 16:17:40: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 16:17:40: reset timer for em0_vlan3 to 0.994837
Oct/30/2015 16:17:41: picked a server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:41: a new XID (562947) is generated
Oct/30/2015 16:17:41: set client ID (len 14)
Oct/30/2015 16:17:41: set server ID (len 10)
Oct/30/2015 16:17:41: set elapsed time (len 2)
Oct/30/2015 16:17:41: set option request (len 4)
Oct/30/2015 16:17:41: set IA_PD prefix
Oct/30/2015 16:17:41: set IA_PD
Oct/30/2015 16:17:41: send request to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=REQUEST, timeo=0, retrans=964
Oct/30/2015 16:17:41: receive reply from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:41: get DHCP option server ID, len 10
Oct/30/2015 16:17:41:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:41: get DHCP option client ID, len 14
Oct/30/2015 16:17:41:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:41: get DHCP option IA_PD, len 48
Oct/30/2015 16:17:41:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:41: get DHCP option status code, len 32
Oct/30/2015 16:17:41:   status code: no prefixes
Oct/30/2015 16:17:41: get DHCP option DNS, len 32
Oct/30/2015 16:17:41: nameserver[0] 2001:568:ff09:10c::53
Oct/30/2015 16:17:41: nameserver[1] 2001:568:ff09:10d::53
Oct/30/2015 16:17:41: make an IA: PD-0
Oct/30/2015 16:17:41: status code for PD-0: no prefixes
Oct/30/2015 16:17:41: IA PD-0 is invalidated
Oct/30/2015 16:17:41: remove an IA: PD-0
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=421
Oct/30/2015 16:17:41: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 16:17:41: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 16:17:41: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 16:17:41: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 16:17:41: got an expected reply, sleeping.
Oct/30/2015 16:17:41: a new XID (7688d) is generated
Oct/30/2015 16:17:41: set client ID (len 14)
Oct/30/2015 16:17:41: set elapsed time (len 2)
Oct/30/2015 16:17:41: set option request (len 4)
Oct/30/2015 16:17:41: set IA_PD
Oct/30/2015 16:17:41: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 16:17:41: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1036
Oct/30/2015 16:17:41: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 16:17:41: get DHCP option server ID, len 10
Oct/30/2015 16:17:41:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 16:17:41: get DHCP option client ID, len 14
Oct/30/2015 16:17:41:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 16:17:41: get DHCP option IA_PD, len 41
Oct/30/2015 16:17:41:   IA_PD: ID=0, T1=86400, T2=144000
Oct/30/2015 16:17:41: get DHCP option IA_PD prefix, len 25
Oct/30/2015 16:17:41:   IA_PD prefix: 2001:56a:f3b1:2e00::/56 pltime=172800 vltime=345600
Oct/30/2015 16:17:41: get DHCP option DNS, len 32
Oct/30/2015 16:17:41: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 16:17:41: reset timer for em0_vlan3 to 0.995560
^C

So it grabs the prefix of 2001:56a:f3b1:2e00::/56 but then just keeps looping. I tried manually assigning an address of 2001:56a:f3b1:2e00::1 to the appropriate WAN interface, but was unable to ping6/traceroute6 from the PFSense box itself.

Any tips/advice would be greatly appreciated.

sheptard

So,

I modified my config slightly

interface em0_vlan3 {
        send ia-pd 1;
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 1 {
        prefix-interface em0_vlan5 {
#        sla-id 1;
#       sla-len 56;
        };
};

now this happens

Oct/30/2015 21:07:26: reset a timer on em0_vlan3, state=INIT, timeo=0, retrans=383
Oct/30/2015 21:07:27: a new XID (9026a) is generated
Oct/30/2015 21:07:27: set client ID (len 14)
Oct/30/2015 21:07:27: set elapsed time (len 2)
Oct/30/2015 21:07:27: set option request (len 4)
Oct/30/2015 21:07:27: set IA_PD
Oct/30/2015 21:07:27: send solicit to ff02::1:2%em0_vlan3
Oct/30/2015 21:07:27: reset a timer on em0_vlan3, state=SOLICIT, timeo=0, retrans=1088
Oct/30/2015 21:07:27: receive advertise from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 21:07:27: get DHCP option server ID, len 10
Oct/30/2015 21:07:27:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 21:07:27: get DHCP option client ID, len 14
Oct/30/2015 21:07:27:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 21:07:27: get DHCP option IA_PD, len 41
Oct/30/2015 21:07:27:   IA_PD: ID=1, T1=86400, T2=144000
Oct/30/2015 21:07:27: get DHCP option IA_PD prefix, len 25
Oct/30/2015 21:07:27:   IA_PD prefix: 2001:56a:f3a8:a700::/56 pltime=172800 vltime=345600
Oct/30/2015 21:07:27: get DHCP option DNS, len 32
Oct/30/2015 21:07:27: server ID: 00:03:00:01:0c:a4:02:23:f4:01, pref=-1
Oct/30/2015 21:07:27: reset timer for em0_vlan3 to 0.982435
Oct/30/2015 21:07:28: picked a server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 21:07:28: a new XID (68310) is generated
Oct/30/2015 21:07:28: set client ID (len 14)
Oct/30/2015 21:07:28: set server ID (len 10)
Oct/30/2015 21:07:28: set elapsed time (len 2)
Oct/30/2015 21:07:28: set option request (len 4)
Oct/30/2015 21:07:28: set IA_PD prefix
Oct/30/2015 21:07:28: set IA_PD
Oct/30/2015 21:07:28: send request to ff02::1:2%em0_vlan3
Oct/30/2015 21:07:28: reset a timer on em0_vlan3, state=REQUEST, timeo=0, retrans=977
Oct/30/2015 21:07:28: receive reply from fe80::ea4:2ff:fe23:f401%em0_vlan3 on em0_vlan3
Oct/30/2015 21:07:28: get DHCP option server ID, len 10
Oct/30/2015 21:07:28:   DUID: 00:03:00:01:0c:a4:02:23:f4:01
Oct/30/2015 21:07:28: get DHCP option client ID, len 14
Oct/30/2015 21:07:28:   DUID: 00:01:00:01:1b:d5:91:94:74:d0:2b:9d:84:9c
Oct/30/2015 21:07:28: get DHCP option IA_PD, len 41
Oct/30/2015 21:07:28:   IA_PD: ID=1, T1=86400, T2=144000
Oct/30/2015 21:07:28: get DHCP option IA_PD prefix, len 25
Oct/30/2015 21:07:28:   IA_PD prefix: 2001:56a:f3a8:a700::/56 pltime=172800 vltime=345600
Oct/30/2015 21:07:28: get DHCP option DNS, len 32
Oct/30/2015 21:07:28: nameserver[0] 2001:568:ff09:10c::53
Oct/30/2015 21:07:28: nameserver[1] 2001:568:ff09:10d::53
Oct/30/2015 21:07:28: make an IA: PD-1
Oct/30/2015 21:07:28: create a prefix 2001:56a:f3a8:a700::/56 pltime=140733193560832, vltime=140733193733632
Oct/30/2015 21:07:28: invalid prefix length 56 + 16 + 64
Oct/30/2015 21:07:28: executes /var/etc/dhcp6c_wan_script.sh
Oct/30/2015 21:07:28: script "/var/etc/dhcp6c_wan_script.sh" terminated
Oct/30/2015 21:07:28: removing an event on em0_vlan3, state=REQUEST
Oct/30/2015 21:07:28: removing server (ID: 00:03:00:01:0c:a4:02:23:f4:01)
Oct/30/2015 21:07:28: got an expected reply, sleeping.

so em0_vlan5 now gets assigned       
inet6 2001:56a:f3a8:a700:20c:29ff:fe20:fd1c prefixlen 56

however, if I try to ping

ping6 google.ca
PING6(56=40+8+8 bytes) 2001:56a:f3a8:a700:20c:29ff:fe20:fd1c --> 2607:f8b0:400a:805::100f
ping6: sendmsg: Operation not permitted
ping6: wrote google.ca 16 chars, ret=-1

but the routing table looks good

[2.2.4-RELEASE][root@pfsense.wtf.local]/root: route -6 get google.ca
   route to: sea15s01-in-x03.1e100.net
destination: default
       mask: default
    gateway: node-1w7jra22wzwwdjzfq1cmmcqo0.ipv6.telus.net
        fib: 0
  interface: em0_vlan3
      flags: <up,gateway,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0</up,gateway,done,static> 

=\

sheptard

So with this config file

interface em0_vlan3 {
#       information-only;
        send ia-pd 1;
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};

id-assoc pd 1 {
        prefix-interface em0_vlan5 {
        sla-id 1;
        sla-len 0;
        };

};

It works. I get functional IPV6 on my router, however pfsense doesn't seem to want to let me advertise this to clients on my lan.

Also, there seems to be no choices/combination of options to do PD on a normal WAN interface. in the 2.2.5 changelog, it said IA-PD changes were made for PPPoE users.