after I recently got new internet with a decent dual-stack configuration (dynamic IPv4 plus dynamic IPv6 prefix (routed prefix)), I set up a pfSense box as my main router (directly connected to media converter).
So far IPv4 works as expected through NAT etc. However, I still didn’t manage to setup IPv6 properly. I turned on DHCPv6 on the WAN interface and pfSense was able to retrieve the /48 prefix from my ISP.
Since my goal is to “share” the IPv6 prefix with the devices connected to the LAN interface (i.e. every LAN device should automatically get an IPv6 address from the /48 pool on the WAN side), I set the IPv6 configuration of the LAN interface to “Track interface” and selected the WAN interface.
With the default configuration for the DHCPv6 server being off and router advertisement being set to “Assisted”, I had no luck. Turning on the DHCPv6 server (it automatically is configured to use the delegated prefix since I turned on track interface) doesn’t change anything.
In both scenarios all devices on the LAN interface are only getting an IPv4 address from the DHCPv4 server but the IPv6 stack remains unconfigured, except for the default IPv6 route to fe80::1:1 for some reason:
$ service net.eno1 restart
[...]
eno1: soliciting an IPv6 router
eno1: Router Advertisement from fe80::1:1
eno1: adding default route via fe80::1:1.
eno1: soliciting a DHCPv6 lease
eno1: leased 192.168.8.8 for 7200 seconds
eno1: adding route to 192.168.8.0/24
eno1: adding default route via 192.168.8.1
[end of output]
Frankly, I’m still a bit of a IPv6-noob and pfSense is rather new to me too. So I am out of ideas what to try or what I could be doing wrong.
Also, I am not sure what to pick here, these are all set to default:
Have you checked what your ISP requires for settings? I’ve found that they usually tend to be very specific and won’t give you anything if you don’t have all the right options on and configured.
Are you sure you’re getting a /48 and not a /64. Since pfSense is just a webui and scripts on top of FreeBSD and you can ssh in and poke around using ifconfig and tcpdump (and you can have a look at UDP traffic on ports 67 and 68 and icmp traffic to try and figure out what’s going on
I did check their website and FAQ, but haven’t found anything specific. Their service works with standard off-the-shelf routers and they have a how-to for the AVM FritzBox where they only turn on the most basic settings like choosing “native IPv6”.
You’re right, I didn’t actually verify that this time I set up the machine (I tried various software before). When I check ifconfig I only see a global IPv6 with /64. When I tried OpenWRT, I actually did get a /48…
I also did confirm in the past with the ISP that using DHCPv6 should give me a /48.
Now I tried turning on the following settings to maybe “force” pfSense to set up a /48, but I’m also not having any luck.
There’s a piece of software developed as part of OpenWRT called odhcpd that can allow your ISP to assign your ipv6 addresses and will also manage/relay neighbor discovery messages. Are you 100% positive you were getting a /48 with OpenWRT and it wasn’t just nd-relay doing its job and making ipv6 work.
Try looking at what pfSense is sending over the wire, if you have OpenWRT still around, you can compare. (Or you can try putting openwrt x86_64 combined ext4 image on a flash stick and trying on the same machine.
The fritzbox might have predefined settings for various ISPs, pfSense has nothing so while most other software will autonegotiate I’ve found pfSense just does not. If it’s not exactly correct it just doesn’t work at all.
They probably also won’t advertise their IPv6 settings anywhere sensible. The ISP I’ve had experience with was trial and error by users and the settings are hidden in a reply in a forum post somewhere on their support site by a user. Worth keeping that in mind. For mine it ended up being just a few settings now (might have changed something).
That you said your able to get a /64 and a /48 doesn’t sound right to me. You should find out what the ISP uses.
Fyi, my settings were as follows.
Set: WAN interface to DHCP6
Enable: Request a IPv6 prefix/information through the IPv4 connectivity link
Enable: Only request an IPv6 prefix, do not request an IPv6 address
Set: DHCPv6 prefix delegation size to “56”
Set LAN IPv6 to Track interface
Set Track IPv6 Interface to WAN
Leave IPv6 Prefix ID as default (0)
I tried your configuration, just to see what happens, but the result is the same. The IPv6 configuration disappears when I apply the changes and then come back the same like before (IPv6 address with /64).
Btw: Another thing I noticed is that IPv6 doesn’t even work on the pfSense box. This is most likely due to the IPv6 gateway not being configured.
Both lan and wan need to be setup correctly when using track interface options or it wont work. You need “DHCPv6 with Prefix Delegation” enabled.
You might be best talking with them to get all the settings you need, unless you want to methodically go through and track all possible configurations.
Update: So after researching a bit about IPv6, I figured out that my DHCPv6 configuration is the culprit here.
The IPv6 address that my pfSense box gets is in fact configured via SLAAC, even though I picked “DHCP6” in the GUI, since the kernel does this automatically, when it receives a router advertisement. This is also why I “get” (i.e. self-configured from RA, not DHCP) an IPv6 address with the /64 prefix.
I will check back with my ISP on which settings I need specifically to make their DHCP server reply with the /48 prefix.
PS: However, this still doesn’t explain to me why the box doesn’t get a dynamic gateway and still shows ‘Pending’, even when I switch WAN to SLAAC.
