VDSL PPPoE with unknown IPv6 upstream configuration

junicast

Hi,

my provider gives out Fritz!Box devices which I witnessed gave LAN clients IPv6 addresses (no Teredo).
Now I want my pfsense 2.2.6 amd64 device to handle dialin as well as IPv6 connectivity.

I have a Draytek Vigor 130 as VDSL2 (profile 30a IIRC) Modem bridged to the Ethernet port to my pfsense's WAN port.

See screenshot for my WAN config. I also tried "Request a IPv6 prefix/information through the IPv4 connectivity link". Also tried different prefix lenghts in DHCPv6 client.

What I do know:

• IPv6 prefix assigned changes from time to time, I guess on dialin
• IPv6 prefix length was /48 when Fritz!Box was on.

Wat I don't know/understand:

• Only when I assign my LAN interface a static IPv6 address I can configure DHCPv6 Server for this interface. Because my prefix changes I cannot set static address of course. How do I do it then?
  I would want my LAN to have a network ID with SLAAC for the clients. What if I would wanted to have a DMZ like network, that just uses prefix with network ID e.g. 01(hex) (expecting a range of 16 bit) and have dynDNS updated my new prefix? (I know how to handle the DNS part:-))
• What is the provider exactly doing. DHCPv6, SLAAC. I don't even know what best practices look like here.

Thanks so much for any help!

hda

Ask your ISP for required protocol…

Start with the LAN on Track Interface. If you get a /48 and you know that assigned prefix number, you can assign a static LAN (prefix+subnet)/64. And if you have a /48 prefix but on frequent change, this is ridiculous from ISP and no hope for self-management ;)

junicast

I asked my Provider two times for giving me detailed information about their IPv6 setup. No answer so far.

This site suggests though that I actually cannot set my network up correctly via WebGUI:
http://blog.towo.eu/pfsense-slaacdhcpv6-prefix-delegation/

Does that seam reasonable to you? Do I really have to go the command line way?
Not that I'm afraid of that, but I really am not sure what gets conserved of this special settings through a firmware upgrade or through a full setting restore.

hda

Try this:  Use Interfaces-WAN with DHCP6 and DHCP6c conf:

Check, Request a IPv6 prefix/information through the IPv4 connectivity link
Check, Only request an IPv6 prefix, do not request an IPv6 address
DHCPv6 Prefix Delegation size == 48
Check, Send an IPv6 prefix hint to indicate the desired prefix size for delegation

& check: Advanced config, it is no more than:
(send options(ia-pd 0) and Prefix delegation = checked only).

OR try this::

Check, Request a IPv6 prefix/information through the IPv4 connectivity link
**UNcheck, Only request an IPv6 prefix, do not request an IPv6 address
DHCPv6 Prefix Delegation size == 48
Check, Send an IPv6 prefix hint to indicate the desired prefix size for delegation

& Advanced config, it is no more than:
(send options(ia-na 0, ia-pd 0) and
(Prefix delegation = checked and Non-Temporary Address Allocation = checked)

David_W

@pmisch:

This site suggests though that I actually cannot set my network up correctly via WebGUI:
http://blog.towo.eu/pfsense-slaacdhcpv6-prefix-delegation/

Does that seam reasonable to you? Do I really have to go the command line way?

That link is misleading - SLAAC plus DHCP-PD works, albeit in an unintuitive way. Configure the interface as DHCP6, and SLAAC is active on that interface whether or not DHCPv6 succeeds in obtaining an ia-na (IPv6 address). You should check "Request a IPv6 prefix/information through the IPv4 connectivity link". You should also select the option for prefix delegation and make sure you configure at least one LAN as Track Interface.

If you are using pfSense 2.2, you may find things work much better with the patch I developed that fixes a couple of IPv6 bugs. This will appear in pfSense 2.3 and, if there is any reason for a further 2.2 release, in pfSense 2.2.7. If you are using pfSense 2.2.6, you can apply the patch manually.

junicast

I tried lots of different combinations of configurations including the suggested ones. Without any luck.
Monitoring the pppoe interface as well as my local interface I've registered the following:

1. pppoe
   not seeing dhcpv6 pd requests

2. local
   Not seeing any router advertisements whatsoever by the router

My feeling is that pfsense is flawed in some place, but I'm too new to BSD and pfsense in order to pinpoint the source of the problem.
Maybe the problem is that I'm also using 6in4 with he.net. But even when I delete all configuration parameters of that config problems persist.
Might this be a concern?

Mar 28 02:10:14 pfsense php-fpm[34291]: /interfaces.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em0_vlan5 em0_vlan10' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.8 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 21 leases to leases file. Listening on BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Sending on  BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Listening on BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Sending on  BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf.  Also make sure you are not running HP JetAdmin software, which includes a boo

What other configuration files can I post to help solve this?