OPNsense Forum

Topology

ISP (DHCPv6-PD /48)
        │
        ▼
OPNsense (pppoe0, dhcp6c)
        │
Legacy Track Interface
(assign /64s via Prefix IDs)
        │
 ┌──────┼────────┐
 │      │        │
LAN   VLAN1    VLAN2
ID 0  ID 4     ID 6
 │
 ▼
    FritzBox
    ├─ non-guest (/64)
    └─ guest     (/64)
    (Fritz runs its own RA/DHCPv6/DNSv6)
Core requirement:
OPNsense must behave like an IPv6 ISP, so the downstream FritzBox can operate fully autonomously.

---

Working Setup (Stable)

• Legacy Track Interface on all internal interfaces
• ISC DHCPv6 enabled
• Router Advertisements enabled (basic / unmanaged)
• FritzBox internal DHCPv6 + DNSv6 enabled

Behavior:

• OPNsense slices the ISP /48 using Prefix IDs
• FritzBox successfully receives sub-delegated prefixes
• Guest and non-guest IPv6 work reliably
• Prefix renewals and reboots are handled cleanly

---

ISC DHCPv6 (Working, Anonymized)

option dhcp6.domain-search "internal";
option dhcp6.rapid-commit;
default-lease-time 7200;
max-lease-time 86400;
authoritative;
subnet6 2001:db8:abcd::/64 {
  range6 2001:db8:abcd::1000 2001:db8:abcd::2000;
  option dhcp6.name-servers 2001:db8:abcd::1;
  # Prefix delegation to downstream router (FritzBox)
  prefix6 2001:db8:abcd:8000:: 2001:db8:abcd:ff00::/60;
}
This configuration:

• Delegates prefixes cleanly
• Automatically installs kernel routes
• Aligns PD lifetimes with RA behavior
• Allows FritzBox to act as a real downstream ISP customer

---

Attempted Setup (Problematic)

• Identity Association (IA) addressing
• KEA DHCPv6
• Parameterized Router Advertisements

Despite many variations, this does not allow FritzBox to function autonomously.
Observed problems:

• Delegated prefixes not reliably routed
• Guest IPv6 disappears
• IPv6 breaks when KEA is stopped/restarted
• Removing PD pools breaks downstream IPv6 even though OPNsense still has global IPv6
• FritzBox internal DHCPv6/DNSv6 cannot be enabled reliably

---

KEA DHCPv6 (Attempted, Anonymized)

{
  "Dhcp6": {
    "interfaces-config": {
      "interfaces": [ "lan0" ]
    },
    "subnet6": [
      {
        "subnet": "2001:db8:abcd::/48",
        "pd-pools": [
          {
            "prefix": "2001:db8:abcd:ff00::",
            "prefix-len": 60,
            "delegated-len": 64
          }
        ],
        "reservations": [
          {
            "duid": "00:03:00:01:xx:xx:xx:xx:xx:xx",
            "ip-addresses": [ "2001:db8:abcd::2000" ]
          }
        ]
      }
    ]
  }
}
Even with variations:

• PD routing is fragile or missing
• RA behavior must be manually aligned
• Downstream router does not behave as with ISC DHCPv6

---

Key Observation
FritzBox internal DHCPv6/DNSv6 only works when upstream behaves exactly like an ISP.

• ✔ Track Interface + ISC DHCPv6 → Fritz autonomous
• ✖ IA + KEA + RA → Fritz breaks or degrades

This suggests that either:

• KEA lacks functionality needed for downstream routers, or
• OPNsense's current KEA + IA + RA integration does not fully model ISP-like behavior

---

Questions / Migration Path

• Is it currently possible to fully replace
   Track Interface + ISC DHCPv6 + basic RA
   with
   IA + KEA + RA
   while still supporting autonomous downstream routers?
• Are PD pools mandatory in KEA for downstream routers?
• Is the lack of automatic route installation for delegated prefixes a known limitation?
• Is ISC DHCPv6 expected to remain for this use case, or is there a recommended migration path?

---

Summary

• My setup is stable today
• I am not looking for workarounds
• I want to understand whether a clean KEA/IA migration path exists for "OPNsense as ISP" deployments

Any guidance from developers or users running downstream routers would be appreciated.

For a static IPv6 prefix in Kea yes. For a dynamic one no. We'll be discussing some things related to Kea in the upcoming roadmap discussion for 26.7.


Cheers,
Franco

My opinionated view on this, being an ISP requires a static prefix.

So the OPNsense can already behave like an ISP, when the surrounding infrastructure provides ISP requirements.

The ISPs decided that the edge (their customers) should have dynamic IPv6 prefix. In the above schema, the OPNsense is right at the edge, terminating the ISP.

Dynamic prefixes are not designed to be used at more hops than the exact edge between the "real" ISP and the "real" customer.

The ISPs know this, and offer higher paid tiers for customers who want to shift the edge further away from themselves, via static prefixes.

Thanks for the insight! To give some context, my home setup is designed primarily to segregate IoT devices and other traffic that I don't want in my home network into separate VLANs, so that all non‑trusted devices are kept outside of the main home network. This allows me to apply more granular firewalling, intrusion detection, logging and overall network management, which dictated the current topology.

Beyond this, there is an ambition to get IPv6 running as cleanly and reliably as possible. One might argue "if IPv4 works, why bother with IPv6?" — but for my use case, I want a consistent and future-proof setup, including autonomous operation of downstream routers like FritzBox.

My observation is that:

Using Track Interface + ISC DHCPv6 + basic RA, the FritzBox operates autonomously and reliably, with PD sub-delegation working for both guest and non-guest networks.

Attempts to replicate the same behavior with IA + KEA + parameterized RA have so far been fragile; small misconfigurations can break downstream IPv6 connectivity.

I'm sharing this to highlight that there are real-world home/own built domotica scenarios where OPNsense essentially behaves like an ISP, even with dynamic PD. It would be useful if future KEA/IA guidance explicitly addressed such use cases, so that advanced setups can migrate cleanly when ISC DHCPv6 is eventually deprecated.

I understand the usecase, I'm just saying it could also be solved with money. (I do not mean that in a mean way, just stating how it is).

ISPs are the culprit here, they want you to pay more for a static prefix that allows all of this cleanly with no hoops.

Thanks for the explanation — there is one important detail in my setup that may change the assessment.

I do not receive a changing IPv6 prefix. My ISP (Freedom Internet NL) has assigned me a fixed (anonymized) 2001:db8:abcd ::/48 for years, which is also visible in their customer configuration, and I additionally have a static IPv4 address.

From an architectural perspective, this places my OPNsense much closer to an "ISP edge" than a typical residential dynamic-PD setup.

Given this, I would expect IA + KEA + RA with downstream PD (e.g. to a FritzBox) to work in principle. However, in practice only legacy Track Interface + ISC DHCPv6 behaves correctly.

This leads me to suspect interoperability gaps between KEA, RA, and downstream routers rather than a fundamental IPv6 design issue.

If you have a static prefix you can use KEA with prefix delegation:

https://docs.opnsense.org/manual/kea.html#prefix-delegation-ia-pd

It also sets static routes now automatically via a helper script, targeting the link local address of a device that request IA_PD.

If the routing does not work as expected for some reason, let us know.

E.g. show the routing table after KEA leased IA_PD to the downstream devices.

# netstat -rn6

(Please note you might have to reboot once after disabling isc and enabling kea, as the routing table might have old entries otherwise that route traffic wrong)

Quote from: GerhardHeus on February 11, 2026, 02:36:18 PMMy ISP (Freedom Internet NL)

- You have got one of, if not THE BEST ISP in The Netherlands.
- You have got one of, if not THE BEST Router Software in use.
- You have probably also got nice Managed Switches & Accesspoints in use.

Why the heck do you bother using a crappy Fritz!Box on your network ?!
Why not just a nice seperate VLAN for all the stuff you need seperated ?!



In the 20 years or so that I had xDSL from KPN that whole weird AVM company was THE BRAND TO AVOID for me and I always bought DrayTek Routers instead and never had any issue! :)

Please keep it focused for now, I want to find out if there is a bug or issue first in this thread (Since I partially implemented and tested the KEA prefix delegation in OPNsense)

Thanks for all the discussion so far — it helped clarify a lot. I wanted to summarize my situation and share some observations for others who might have similar setups:

Current Setup

My ISP provides a fixed /48 IPv6 prefix, anonymized: ( 2001:db8:abcd ::/48) that has been assigned to me for years.

On the OPNsense WAN (PPPoE), this prefix is delivered via DHCPv6-PD, and OPNsense relies on it to configure the global IPv6 address, default route, and delegated prefixes.

Internally, I run Track Interface + ISC DHCPv6 + RA on LAN and VLANs. Downstream devices (including a FritzBox managing its own guest and non-guest subnets) receive IPv6 addresses properly, and IPv6 routing works.

Why KEA / IA_PD did not work

KEA requires full static ownership of the prefix to assign delegated prefixes and manage routes.

Even though my /48 is "fixed" at the ISP level, it is still delivered dynamically via DHCPv6-PD. IA_PD with KEA cannot safely manage this prefix without risk of breaking downstream connectivity.

This is why earlier attempts to migrate to KEA with Identity Association and RA parameterization failed.

IPv4 vs IPv6 distinction

Fixed IPv4 works fine; OPNsense can assign it manually.

Fixed IPv6 is technically possible to test, but OPNsense may not route properly without DHCPv6-PD. The WAN address, default route, and RA to downstream networks may fail if the ISP expects dynamic PD delivery.

Future Considerations

For now, I will keep the current working setup (Track Interface + ISC DHCPv6 + RA).

Once ISC DHCPv6 is retired in OPNsense, I will need to explore:

Whether Static IPv6 can be safely used with a fixed /48 from my ISP.

Whether KEA could be configured to support this type of "fixed but delivered via DHCPv6-PD" scenario.

I think you are mixing up concepts.

The DHCPv6 client already handles IPv6 prefixes you receive from the provider.

KEA is a DHCPv6 server, it just needs the correct configuration and it will work, and set the correct routes into the routing table.

I tested and verified that myself with a PPPoE setup in the same constellation as you above.

I assume a configuration error for now.

In other words if you reliably (because the contract says so) get a static prefix from your ISP, then configure your WAN with DHCPv6 but forget all "track" and similar crap on your internal interfaces and use static configuration throughout. Then Kea can - also by static configuration - perform PD to downstream clients.

Patrick is right.

And to make it even more precise, the IPv6 setup could be configured statically entirely.

Static IPv6 on LAN/vlan etc.

Static route of a subnet (prefix) to the fritzbox.

Static IPv6 configuration on the Fritzbox WAN port.

Router Advertisements is all thats needed to advertise the default route.

No DHCPv6 server needed anywhere, only the WAN DHCPv6 Client configuration.

Essentially this is completely normal manual subnetting almost the same as IPv4.

Quote from: Monviech (Cedrik) on February 11, 2026, 11:52:12 AMDynamic prefixes are not designed to be used at more hops than the exact edge between the "real" ISP and the "real" customer.

That's the only point where I'd disagree. DHCPv6-PD is absolutely designed to work over multiple hierarchy levels. And it's further gaining importance with recent developments like RFC 9762 (P flag in RAs) and Android now starting to prefer DHCPv6-PD over SLAAC.

Cheers
Maurice

Its cool that the clients want to do all that stuff but where is the server software implementation (better would be a combined dhcpv6 client + server that internalises the full running state) that can do this out of the box?

KEA doesnt even install routes for PD without a watcher python script crawling its lease database.

IPv6 is being made consistently more convoluted by stacking more and more concepts on top of each other.

My argument is more grounded inside the deployment reality of this, not the RFC suggestions.

Though this right now is an emotional argument. Im happy in my own RA only world due to personal projects that allow that :D

Thanks everyone for the detailed explanations and for pointing me to the KEA static PD documentation.

After working through the feedback and testing different approaches, my conclusion is that there are two valid and clean solutions for my use case with a downstream FritzBox:

1. Stay entirely within the ISP-provided global prefix and configure everything statically
In this model, OPNsense acts as a classic border router. The /48 is subnetted manually into /64s for LAN, VLANs, and a routed /64 toward the FritzBox. Router Advertisements are sufficient; no internal DHCPv6 server is required. This is very robust and avoids all PD lifecycle issues.

2. Use a locally generated ULA prefix for the FritzBox side and KEA DHCPv6
Here, the FritzBox receives IA_NA and IA_PD from KEA exactly as described in the documentation, but using ULAs instead of the ISP prefix. This cleanly avoids any dependency on the ISP PD lifecycle and keeps everything manageable through the OPNsense GUI.

For now, I'll keep my working legacy setup, but this gives me a clear migration path once ISC DHCPv6 is retired. Thanks again for the insights — especially around prefix ownership and lifecycle, which turned out to be the key point.

@Monviech
Well, the deployment reality on the router / firewall side is that OpenWrt, AVM, MikroTik and many others support downstream PD with a dynamic upstream. OPNsense is rather the exception. (Yes, ISC kind of supports it, but only with tricks, and it's EOL.)

The P flag in RAs is rather new, but trivial to implement on the server side. OpenWrt (odhcpd) supports it in 25.12 and there is an open pull request for radvd (https://github.com/radvd-project/radvd/pull/276).

ndp-proxy-go is a great piece of software! But I don't see it as a replacement for prefix delegation, just like a traditional ARP proxy is not a replacement for proper IPv4 routing.

@GerhardHeus
No one mentioned ULAs. If you want to use DHCPv6-PD, you can simply configure KEA with a static GUA prefix. If your ISP provides you with fixed prefix 2001:db8:abcd::/48, you can e. g. use 2001:db8:abcd:ff00::/56 for KEA's PD pool. This allows it to delegate e. g. 16x /60.

The sublinked article on the Android Developers Blog and RFC 9663 are interesting.

Does it apply for home internet subscribers where the delegated prefix is often /60 or /56?  I get a /60 from my ISP so I only have 16 /64s to play with.  In what world would I want to delegate an entire /64 to a single Android device and its connected gadgets?

(I'm sure I'm either misinterpreting or missing some context...)

A real life usecase would be a Chromebook running Android Apps on it as VMs. Thats already out there in the wild.

So I would say as soon as a client becomes more of a hypervisor.

Guess like:

ISP -> "Real" Router -> "Semi" Router (Client) -> Actual consumer (VM)

@OPNenthu
No ISP should delegate less than a /56, even for the cheapest consumer plan. If you use one /57 for numbering the LANs and the other /57 for PD, 128 devices can request their very own /64 (or 64x /63, 32x /62, ...). Should be fine for a home network.

A single /60 is just nasty and a reason to complain. I once was with an ISP who only delegated a /59, but they eventually switched to /56, adopting the de-facto industry standard.

RIPE recommends to give every residential line, even for consumers, a /48. 🙄

A /56 is fine for most, though.

I don't get it. It's not like IPv6 addresses were scarce ...

Quote from: Maurice on February 11, 2026, 10:13:50 PMA single /60 is just nasty and a reason to complain.

I hope a critical mass of such complaints comes forward, but unless more subscribers decide to ditch their WiFi routers and learn a bit about networking... I don't see it.

Maybe Google will force the issue :-)

Quote from: Patrick M. Hausen on February 11, 2026, 10:30:20 PMI don't get it. It's not like IPv6 addresses were scarce ...

I came across one argument for this which claims that it mostly comes down to two things:

- Operational complexity for cable providers.  There's apparently some cost with mapping and tracking migratory prefixes on CMTS networks.

- Product differentiation so that business subscribers don't start complaining about why they pay more for a /48.

I can't verify these claims.  The second one is understandable.  The first one, if true, implies something about cable networks at scale.  It's interesting to note that Verizon (one of the large fiber ISPs here) do provide a /56 on their residential FiOS plans.

Dear all, I decided to test KEA based on a static prefix and ULA prefix. I set up LAN as Static IPv6 and created a KEA configuration following the documentation. Fritz basically needs a /60. Subnet: fd39:e72c:09f6::/48; Pools: fd39:e72c:09f6::100-fd39:e72c:09f6::199; Prefix: fd39:e72c:09f6:ff00::; Prefix length: 56, Delegated length: 60. I tried some variations, also with Prefix/Delegated exactly as in the documentation (52/56), all with the same result.

I reooted both OPNsense and Fritz and saw initially some old reservations still being logged, so I let the system settle for a night and then agian rebooted both OPNsense and Fritz. Fritz reports IPv6 connection and /60 reservations properly, but fails to assign the /64 prefixes (ff00 and ff01) to the guest and non-guest networks as it would do in the ISC DHCPv6 case.

In OPNsense, I see a val;id lease for fd39:e72c:9f6:ff00:: pointing at the Fritz. However in the KEA log I see an error when restarting the service:

The "failed adding route" also appeared in my previous attempts:

2026-02-12T09:06:11   Error   kea-dhcp6    failed adding route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x3613cc25c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x3613cc25c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3613cc25c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T09:06:11   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T09:06:11   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T09:06:11   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x1d62b965c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-12T08:50:27   Error   kea-dhcp6    failed adding route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x1d62b965c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x1d62b965c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x1d62b965c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T08:50:27   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T08:50:27   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T08:50:27   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3d5ad3a5c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3d5ad3a5c008] COMMAND_RECEIVED Received command 'shutdown'

A linux client (also rebooted) in Fritz non-guest network fails to set up a default route:

In OPNsense, I see:
netstat -rn -f inet6 | grep fd39
fd39:e72c:9f6::1                  link#3                        UHS             lo0

Please let me know if you need additional information.

Hello, which OPNsense version are you using right now?

I feel like the scope ID is missing here when adding the route, but I want to double check on which script version you run (since it changed recently)

If its 26.1.1, I think this could be the issue: https://github.com/opnsense/core/pull/9778

Quote from: Monviech (Cedrik) on February 12, 2026, 09:53:00 AMHello, which OPNsense version are you using right now?

I feel like the scope ID is missing here when adding the route, but I want to double check on which script version you run (since it changed recently)

If its 26.1.1, I think this could be the issue: https://github.com/opnsense/core/pull/9778

Thank you for your reply. This I copied from the Dashboard:

System Information
Name
OPNsense.internal
Versions
OPNsense 26.1.1-amd64
FreeBSD 14.3-RELEASE-p8
OpenSSL 3.0.19

Hello, thank you, could you test the above patch on 26.1.1?

Go into the opnsense root shell (same spot you e.g. executed netstat on OPNsense) and execute the following patch:

opnsense-patch https://github.com/opnsense/core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a
Afterwards try to restart KEA, or reboot, and check if the route is added now.

Quote from: Monviech (Cedrik) on February 12, 2026, 10:51:53 AMHello, thank you, could you test the above patch on 26.1.1?

Go into the opnsense root shell (same spot you e.g. executed netstat on OPNsense) and execute the following patch:

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a
Afterwards try to restart KEA, or reboot, and check if the route is added now.

I get:

root@OPNsense:~ # opnsense-patch https://github.com/opnsense/core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a
fetch: /var/cache/opnsense-patch/~core-core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a: open(): No such file or directory

Yeah oops there was a typo in the link (commits instead of commit)

https://github.com/opnsense/core/commit/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a

Try this link, if it opens in your browser it will also work as patch.

Quote from: Monviech (Cedrik) on February 12, 2026, 11:47:19 AMYeah oops there was a typo in the link (commits instead of commit)

https://github.com/opnsense/core/commit/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a

Try this link, if it opens in your browser it will also work as patch.

The error disappeared, see log below. IPNsense seems to be OK, but Friz does not work with usual settings.

root@OPNsense:~ # netstat -rn -f inet6 | grep fd39                              fd39:e72c:9f6::1                  link#3                        UHS             lo0
fd39:e72c:9f6:8000::/56           fe80::e72:74ff:fefc:7914%igc0 UGS            igc0
fd39:e72c:9f6:ff00::/60           fe80::e72:74ff:fefc:7914%igc0 UGS            igc0

The 8000 entry is from an earlier, now stale and expired entry in the leases. Maybe I need to wait until this disappears; have rebooted everything several times, but still there.

Fritz reports:
Internet, IPv6   verbonden sinds 12-02-2026, 12:46 uur,
IPv6-adres: fd39:e72c:9f6:ff00:e72:74ff:fefc:7914/64, geldigheid: 2901/1401s
IPv6-prefix: fd39:e72c:9f6:ff00::/60, geldigheid: 2901/1401s

But in the IPv6 page it shows:
Gebruikte IPv6-prefixen:
Thuisnetwerk::/0
Netwerk voor gasten::/0
WANfd39:e72c:9f6:ff00::/64


A linux client in Fritz shows:
root@pluto:~# ip -6 route show
fd39:e72c:9f6:ff01::/64 dev eth0 proto ra metric 100 expires 6276sec mtu 1500 hoplimit 255 pref medium
fda9:2c7a:3760::/64 dev eth0 proto ra metric 100 expires 6656sec mtu 1500 hoplimit 255 pref medium
fda9:2c7a:3760::/64 via fe80::e72:74ff:fefc:7917 dev eth0 proto ra metric 100 expires 1256sec mtu 1500 hoplimit 255 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

Log after restart of KEA:
2026-02-12T13:18:55   Notice   kea-dhcp6    add route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x30a0b085c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x30a0b085c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x30a0b085c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T13:18:55   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T13:18:55   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T13:18:55   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3ba6ee25c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3ba6ee25c008] COMMAND_RECEIVED Received command 'shutdown'
   

Okay so the routing from OPNsense to Fritzbox should be okay now.

Are you having Router Advertisements set up on OPNsense, so that the Fritzbox gets a default gateway advertised on the link its connected on (igc0).

Why do you delegate ULA prefixes? You can't use ULAs for Internet access.

Simply configure KEA with GUAs based on the static prefix you get from your ISP.

Quote from: Monviech (Cedrik) on February 12, 2026, 01:44:27 PMOkay so the routing from OPNsense to Fritzbox should be okay now.

Are you having Router Advertisements set up on OPNsense, so that the Fritzbox gets a default gateway advertised on the link its connected on (igc0).

I have is activated without specific settings per (V)LAN interfacve; I added a specific configuration for LAN and disabled it, so for LAN it should now be disabled. I did not notice any difference in behaviour in any of the systems.

I would use GUAs as well, maybe the Fritzbox is weird here.

Anyway if the following is true its not a routing issue anymore:

-> KEA leased IA_NA and IA_PD to Fritzbox
-> KEA installed a route targeting the link local address of the Fritzbox
-> There are Router Advertisements sent to the Fritzbox
-> The IPv6 default route of the Fritzbox points to the OPNsense router

Though I probably cannot help more now if there's no bug to hunt anymore. Routing should be clean now.

(Also, setting the /48 GUA prefix in KEA does not mean it takes authority over it. You can safely do that, just be careful with the range you use for IA_PD so it doesnt overlap with what you use on the interfaces of the OPNsense and you are good.)

Dear Naurice and Cedrik, once again many thanks for your support and comments. It *seems* to work now with KEA with GUA + Legacy Track Interface + RA without configuration active for LAN. There were two things needed: 1) the route must be set up; this is now working fine after the patch and 2) I originally set the delegated length in KEA to a value lower than 64, knowing that Fritz needs at least 2 /64 prefixes. Then I read in some documentation that ISC DHCPv6 supplies prefixes in /64's; when I changed the delegated length in KEA to 64, also Fritz accepted the prefixes for both its guest and non-guest networks (the numbering is slightly different than in the ISC DHCPv6 case, but that doesn't matter.

It is running now for a few hours; maybe it is too early to give a definitive judgement, but I am alreay v ery happy about the result. Onve again, many thanks!

Thank you for providing info that helped to find a bug and verify the prefix delegation with KEA.

I feel like you were the first one trying (that I read), so the feedback was very valuable :)

Thank you. Maybe one suggestion: in the KEA documentation of OPNsense, the example for prefix delegation shows a delegated length of 56. It might be worthwhile to mention that there may be systems that require 64 as a delegation length.

I was a bit too early with my conclusion. Once transient effects (that need time, next to reboots) had passed, I saw that Fritz was getting a single /64 delegation, but not the second one for the guest network.

The Fritz documentations says: "A FRITZ!Box expects to obtain an IPv6 prefix of 62 or fewer bits (e.g., /56 or /60) from your internet service provider (ISP)."

In my PD Pools, I have both my Prefix length and my Delegated length < 62, so I imagine that I satisfy the Fritz requirement one way or the other.

In the leases files, however, I see consistently a Prefix length of /64.

Is the designed behavior?

Now my current KEA configuration (everything anonymized) is:

root@OPNsense:/usr/local/etc/kea # cat kea-dhcp6.conf
{
    "Dhcp6": {
        "valid-lifetime": 4000,
        "interfaces-config": {
            "interfaces": [
                "igc0"
            ]
        },
        "lease-database": {
            "type": "memfile",
            "persist": true
        },
        "control-socket": {
            "socket-type": "unix",
            "socket-name": "\/var\/run\/kea\/kea6-ctrl-socket"
        },
        "loggers": [
            {
                "name": "kea-dhcp6",
                "output_options": [
                    {
                        "output": "syslog"
                    }
                ],
                "severity": "INFO"
            }
        ],
        "subnet6": [
            {
                "id": 1,
                "subnet": "2001:db8:abcd::\/48",
                "option-data": [],
                "pools": [
                    {
                        "pool": "2001:db8:abcd::1000-2001:db8:abcd::2000"
                    }
                ],
                "pd-pools": [
                    {
                        "prefix": "2001:db8:abcd:ff00::",
                        "prefix-len": 56,
                        "delegated-len": 60
                    }
                ],
                "reservations": [],
                "interface": "igc0"
            }
        ]
    }

My leases file /var/db/kea/kea-leases6.csv says:
address   duid   valid_lifetime   expire   subnet_id   pref_lifetime   lease_type   iaid   prefix_len   fqdn_fwd   fqdn_rev   hostname   hwaddr   state   user_context   hwtype   hwaddr_source   pool_id
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770975331   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770975331   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770976581   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770976581   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   0   1770972581   1   0   0   1962703124   128   0   0      0c:72:74:fc:79:14   3      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   0   1770972581   1   0   2   1962703124   64   0   0      0c:72:74:fc:79:14   3      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770977356   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770977356   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770978606   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770978606   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770979856   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770979856   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0

and my log says

2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc3070008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc3070008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078
2026-02-13T10:03:52   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x196cc305c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x196cc305c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x196cc305c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T10:03:52   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T10:03:52   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T10:03:52   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3be0e825c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20
2026-02-13T09:23:37   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: /usr/local/sbin/kea-lfc -6 -x /var/db/kea/kea-leases6.csv.2 -i /var/db/kea/kea-leases6.csv.1 -o /var/db/kea/kea-leases6.csv.output -f /var/db/kea/kea-leases6.csv.completed -p /var/db/kea/kea-leases6.csv.pid -c ignored-path
2026-02-13T09:23:37   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e
2026-02-13T08:23:36   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x3be0e825c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x3be0e825c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3be0e825c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T08:23:36   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T08:23:36   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T08:23:36   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x41a353c5c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-13T08:23:25   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x41a353c5c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x41a353c5c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x41a353c5c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T08:23:25   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T08:23:25   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T08:23:25   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x309d9c65c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x309d9c65c008] COMMAND_RECEIVED Received command 'shutdown'
   

In DHCPv6 a client can request a certain prefix length from the DHCPv6 server.

If the documentation of the Fritzbox says it needs 62 or lower, I would first try to give it 62 by changing the configuration of KEA (delegated_len).

Maybe it cannot use 60 and then falls back requesting 64.

But that's all just assumptions, the KEA config looks correct.


------

Remove fritzbox from network, reconfigure the KEA PD pool to offer 62 prefix.

Stop KEA, delete the IPv6 lease database completely (or remove lines that are the old leases, your choice) so there are no remainders after changing the configuration:

/var/db/kea/kea-leases6.csv (and .1 .2 if there are)

Reboot OPNsense

Reconnect Fritzbox and see what happens.

-----

In the end the Fritzbox should get one delegated prefix /62, and it should use that internally to split it into multiple /64 prefixes.

Thank you Cedrik.

I did the following:
- Disconnected Frtiz
- stopped KEA DHCPv6 and deleted the csv's in /var/db/kea
- Rebooted OPNsense and power-cycled Fritz
- After OPNsense came back reconnected Fritz
- Fritz had connection buit no delegated prefix
- Started KEA DHCPv6 in OPNsense
- Saw Fritz obtained correct /60 prefix; saw no route message in KEA log also no error
- Fritz client could not reach internet via IPv6
- Restarted KEA DHCPv6 from the user interface (pressed circled arrow)
- Then I saw the route message appearing
- Everything works as expected now

Hello Gerhard,

this is what I expected.

Also that no route was installed initially. We guard the prefix watcher if no lease.csv files exist, so the watcher exited early. Restarting KEA started it after the lease file was there again.

Thanks for confirming, let's hope its stable now. :)