Static IPv6 over PPPoE

kobold

Hi all,

My new ISP (XS4ALL) provides me with a /48 IPv6 subnet. Since I have multiple subnets I would like to use static IPv6 as I do with IPv4.
I started with the following settings on the PPPoE interface:

• IPv6 Configuration Type: DHCP6
• Use IPv4 connectivity as parent interface: ticked
• Request only an IPv6 prefix: ticked
• DHCPv6 Prefix Delegation size: 48

After applying I received a fe80 IPv6 address with another fe80 address as gateway.
Using the shell I'm able to ping the fe80 gateway address.

After this I went in to one of the subnet interfaces and configured the following settings:

• IPv6 Configuration Type: Static IPv6
• IPv6 address: <my public="" ipv6="" subnet="" part="">::1/64

For testing purposes I've allowed all IPv6 traffic in the firewall.

Unfortunately when I try to ping6 google (or any other site) it doesn't seem to work.
Now I've read that there are some issues with IPv6 on 2.2.5 and tried many things like:

• disconnect - connect PPPoE
• Interface Tracking on LAN interface
• Enable: Send IPv6 prefix hint
• Use different IPv6 configuration types on the WAN and LAN interface

When I look at the netstat all seems just fine as there is a default route to the fe80 gateway address.
Internet6:
Destination                      Gateway                      Flags      Netif Expire
default                          fe80

However I'm still unable to use IPv6 at all for WAN traffic, internal LAN traffic works like it should.
Does any of you have an idea?</my>

hda

Use Interfaces-WAN with DHCP6 and DHCP6c conf:

Check, Request a IPv6 prefix/information through the IPv4 connectivity link
Check, Only request an IPv6 prefix, do not request an IPv6 address
DHCPv6 Prefix Delegation size == 48
Check, Send an IPv6 prefix hint to indicate the desired prefix size for delegation

& Advanced config, it is no more than:
(send options(ia-pd 0) and Prefix delegation = checked only).

Yes there are issues with 2.2.5. The unclear design || effect of PHP-code execution is not reliable.
More at https://forum.pfsense.org/index.php?topic=101967.msg570519#msg570519

When PPPoE Disconnected always check (ps ax | grep dhcp6c) if dhcp6c is flushed, else all (kill -9 $PID). After a (re)boot you have (w.r.t. 2.2.4) to Disconnect/Connect twice, just as a routine with Status:Interfaces.

The original (re)boot fe80::"privateextension" will not survive the 2 hour lease renewal. Basically you have to assure to have the fe80::(NIC MAC EUI) for both IPv6 LinkLocal & Address AND no more than 1 instance of dhcp6c running.

kobold

Thanks hda for you reply.

Does this mean that after setting up the WAN interface / (re)boot, I always have to disconnect and connect the PPPoE twice?

hda

@kobold:

Does this mean that after setting up the WAN interface / (re)boot, I always have to disconnect and connect the PPPoE twice?

Yes. And control the process with (kill -9 PID).

First time you will get rid of the "privateextension"-address (good), but there seems no proper/reliable cleanup of old PID dhcp6c. (bad). Therefore second time will assure you one valid PID on the proper fe80::, so to keep the hourly & mandatory 2-hourly lease renewal with ISP on fe80:"MAC".

FYI: something strange in Status-Interfaces(PPPoE) are the value's for Link-Local & Address. I would expect Address to be based on pfSenseBox-WAN-MAC and Link-Local on the pfSenseBox-LAN-MAC. Now it is both on pfSenseBox-LAN-MAC (!?). In 2.2.4 Address was based on pfSenseBox-WAN-MAC. Typical design question…

Oh, and work with forced MTU 1492 (WAN & LAN's).