Hello,
We have been working on a number of IPv6 improvements and I'd like to ask willing users to help test them with us!
1. dhcp6c improvements
dhcp6c has received a lot of refactoring and cleanups and can now set the lifetime of prefixes (formerly set to infinite by the code even though that's not what is being e). The code changed to offer the valid life time as preferred/valid life times during configuration, which makes them expire automatically. We found a few bugs in the FreeBSD kernel that were fixed in 25.7.11 so testing the new dhcp6c code is possible now.
Again: make sure you are on 25.7.11 :)
# opnsense-code dhcp6c
# cd /usr/dhcp6c
# ./configure
# make upgrade
dhcp6c will not restart automatically. The best way to use the new version is to reboot.
If you want to revert to the version that belongs to 25.7.11 you can do:
# opnsense-revert dhcp6c
(and reboot)
The first two pages here are the relevant changes: https://github.com/opnsense/dhcp6c/commits/master/
2. We're testing multi-dhcp6c again after deciding against it many years ago. There are some downsides to using one daemon for all WANs a patch exists to split the daemons up! This also makes it possible to get better control of individual PD associations requested from the ISP.
This requires the 25.7.11 DEVELOPMENT version to apply cleanly. I recommend using a snapshot before switching since a number of things will be migrated and it's not easy to switch back as some settings will be in the wrong place. A config backup and restore is also an idea if you make the direct transition back using the firmware GUI.
# opnsense-patch https://github.com/opnsense/core/commit/5b8c2a862e
A reboot would be the best course of action here too.
More context on the work we did here is in https://github.com/opnsense/core/issues/7647
If you have any questions please let me know. All feedback is welcome, especially from multi-WAN IPv6 users! :)
Cheers,
Franco
Hey Franco,
Multi-WAN IPv6 user here. :) WAN1 requests address + prefix, WAN2 only requests an address.
I performed 1. and don't see any immediate issues after the reboot.
Can we see the (remaining) lifetime somewhere? It doesn't seem to be reflected in the prefix lifetime advertised by radvd on tracking LAN interfaces.
If there aren't any issues in the next two days or so, I'll go ahead and test 2., too.
Cheers
Maurice
Nice, you can see configured lifetimes in ifconfig and with -L switch you can see how much is left (actually found and fixed this switch for 25.7.11).
Note that dhcp6c sets vltime = pltime for prefixes. It's all a bit odd that NA was setting vltime and pltime correctly but PD set infinite for both. To crawl towards a better solution we avoid deprecation of prefixes for now but from my testing so far dhcp6c renews far more frequently than pltime so in a next step we can probably set the real pltime too.
The key thing here is that we want to see the ifconfig -L times so we can actually distinguish which prefix was the last one assigned and use that as the primary one for e.g. radvd. Some ISPs renew with a new prefix but having the first one stick around and no way to distinguish because they both do not expire was suboptimal and at some point the old one disappears but there is no renew triggering a radvd reload so then the prefix stops working for clients.
I was a bit surprised to find all these related bugs for just trying to do what the standard intended. ;)
Thanks a lot,
Franco
Quote from: franco on January 16, 2026, 10:25:16 PMyou can see configured lifetimes in ifconfig and with -L switch you can see how much is left
On the WAN interface, ifconfig shows the lifetime of the interface address (IA_NA). But where do I see the lifetime of the prefix (IA_PD)? On the tracking LAN interface, ifconfig does not show a lifetime.
Quote from: franco on January 16, 2026, 10:25:16 PMNA was setting vltime and pltime correctly
I can confirm this. IA_NA pltime is lower than vltime:
inet6 2001:db8:6490:5d00::2 prefixlen 128 pltime 270 vltime 300Quote from: franco on January 16, 2026, 10:25:16 PMfrom my testing so far dhcp6c renews far more frequently than pltime
From my testing, dhcp6c renews after half of vltime. So as long as pltime > vltime/2, no problem.
Quote from: franco on January 16, 2026, 10:25:16 PMThe key thing here is that we want to see the ifconfig -L times so we can actually distinguish which prefix was the last one assigned and use that as the primary one for e.g. radvd. Some ISPs renew with a new prefix but having the first one stick around and no way to distinguish because they both do not expire was suboptimal and at some point the old one disappears but there is no renew triggering a radvd reload so then the prefix stops working for clients.
Excellent! This has plagued me a lot and the workarounds I had to implement are nightmare fuel.
Quote from: franco on January 16, 2026, 10:25:16 PMI was a bit surprised to find all these related bugs for just trying to do what the standard intended.
Unfortunately, I'm not surprised at all.
Cheers
Maurice
Oh, I probably have to perform 2. (switch to development branch and apply patch) to see the IA_PD lifetime?