OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: Sinister Pisces on July 30, 2022, 09:39:39 pm

Title: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: Sinister Pisces on July 30, 2022, 09:39:39 pm
Hello,


I'm setting up OPNSense for the first time, and having some issues with IPv6. My ISP (AT&T Uverse Fiber) gives me, effectively, one /64 block without doing some hackery I don't yet understand, and requires Prefix Delegation. I set the WAN side up to get the prefix only with the prefix hint, using a /64 block size, and it seems to have worked.

On the LAN, however, I have no IPv6 at all. OPNSense simply shows no address there. Right now, IPv6 LAN is set to track the WAN IPv6 settings, and the DHCPv6 service refuses to start (red stop sign icon in the Lobby Services list). I'm pretty sure this is the problem, but I have no idea what settings I should actually use.


I've also noticed that I don't have a Router Advertisements service running and visible under Services, just DHCPv6--which refuses to work.


I'd appreciate any advice.


Here's what the Interfaces Overview is telling me for the WAN.



Uplink interface (wan, igc0)

Statusup
DHCPup   Reload ReleaseMAC address$MACMTU1500IPv4 address$IPv4_ADDR/23IPv4 gateway$FIBER_GATEWAYIPv6 link-localfe80::$IPv6_LINK_LOCAL_ADDR/64IPv6 address2600:1700:.../64IPv6 gatewayfe80::a9b:...DNS servers$FIBER_GATEWAYMedia2500Base-T <full-duplex>

[/size]Here's the LAN. Notice there's no [/color][/size]IPv6 infrastructure at all.


PrimaryLAN interface (lan, igc1)

[/size][/color]

Statusup
MAC address$MACMTU1500IPv4 address$ROUTER_LAN_ADDRESS/24IPv6 addressMedia2500Base-T <full-duplex>

[/size]Here's the relevant WAN Interface settings:[/color]
[/size]
Track IPv6 Interface
[/size] (https://10.10.100.1/interfaces.php?if=lan#)[/url][/color][/size][/color] IPv6 Interface                                                                    Uplink                                                             [/color][/size]



Uplink
This selects the dynamic IPv6 WAN interface to track for configuration
[/color][/size] (https://10.10.100.1/interfaces.php?if=lan#)[/url][/color] IPv6 Prefix ID

0x[/size]
The value in this field is the delegated hexadecimal IPv6 prefix ID. This determines the configurable /64 network ID based on the dynamic IPv6 connection.[/size] (https://10.10.100.1/interfaces.php?if=lan#)[/url][/color][/font][/size][/color] Manual configuration[size=inherit] Allow manual adjustment of DHCPv6 and Router Advertisements
If this option is set, you will be able to manually set the DHCPv6 and Router Advertisements service for this interface. Use with care.[/size]
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: allan on July 30, 2022, 10:32:41 pm
I want to preface this by saying that I have Comcast instead of AT&T, so I don't know the exact settings you need. But, I do not see an "IPv6 delegated prefix" line under Interfaces > Overview > WAN interface (section). You need that before configuring the LAN interface or Router Advertisement. I suggest you start with the AT&T box and make sure DHCPv6 and DHCPv6 Prefix Delegation are enabled? Also, is your WAN interface set up to use DHCPv6?
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: Sinister Pisces on July 30, 2022, 10:53:23 pm
Thanks for your reply. (Also, I just noticed that the forum pretty thoroughly wrecked my formatting. I need to fix that.)

I didn't realize I should have been able to see the prefix delegation in the Overview. I see entries for "IPv6 Address", "IPv6 Link Local", and "IPv6 Gateway," but there is indeed no entry for Prefix.

I'll double-check things, but I had IPv6 working on my previous router, with the same Uverse fiber gateway, using DHCPv6-PD in Stateless Mode. EDIT: I've verified my Uverse Fiber Gateway has IPv6, DHCPv6, and Prefix Delegation enabled.

Something tells me I might need to go into the Advanced settings to duplicate that. I can see in there that I can enable "Prefix Delegation" and a "Stateless" mode directly, but there's also several things in there I don't know how to set.

In the WAN interface setup screen:
What did you have to do on yours?
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: allan on July 30, 2022, 11:35:30 pm
On mine, "IPv6 delegated prefix" is listed between "IPv6 address" and "IPv6 gateway" lines.

Your WAN interface setup looks exactly like mine except for the Prefix Delegation size, of course. On my Comcast cable modem, I had to enable the setting that says "Stateful (Use DHCP Server)" before PD worked. Stateful might be something to try.

Other suggestions:

Here is what shows up in my log with DHCPv6 set to Debug. I requested a DHCPv6 address (IA_NA) along with a PD (IA_PD).
Code: [Select]
send request to ff02::1:2%igb0
reset a timer on igb0, state=REQUEST, timeo=0, retrans=959
receive reply from fe80::e6bf:faff:fe03:22d3%igb0 on igb0
get DHCP option identity association, len 66
  IA_NA: ID=0, T1=138098, T2=220957
get DHCP option IA address, len 24
  IA_NA address: 2603:3018:xxxx:xx00::55eb pltime=276197 vltime=276197
get DHCP option status code, len 22
  status code: success
get DHCP option IA_PD, len 69
  IA_PD: ID=2, T1=138098, T2=220957
get DHCP option IA_PD prefix, len 25
  IA_PD prefix: 2603:3018:xxxx:xx20::/59 pltime=276197 vltime=276197
get DHCP option status code, len 24
  status code: success
get DHCP option server ID, len 14
  DUID: [redacted]
get DHCP option client ID, len 14
  DUID: [redacted]
get DHCP option preference, len 1
  preference: 255
get DHCP option DNS, len 32
nameserver[0] 2001:558:feed::1
nameserver[1] 2001:558:feed::2
make an IA: PD-2
create a prefix 2603:3018:xxxx:xx20::/59 pltime=276197, vltime=276197
make an IA: NA-0
create an address 2603:3018:xxxx:xx00::55eb pltime=276197, vltime=140733193664229
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: Sinister Pisces on July 31, 2022, 06:22:56 am
Thanks!


I took a closer look at my Uverse residential gateway (fiber modem).


It recognizes one device (the OPNSense box) attached. And the output is odd.


Code: [Select]
MAC Address $MAC
Name unknown$MAC
Last Activity Sat Jul 30 21:56:36 2022
Status on
Allocation pending
Connection Type Ethernet LAN-1
Connection Speed 2500Mbps full duplex
Mesh ClientNo
IPv6 Address 2600:1700:$ADDR1
Type dhcp
Valid Lifetime 2592000s
Preferred Lifetime604800s
IPv6 Address 2600:1700:$ADDR2
Type slaac
Valid Lifetime 2592000s
Preferred Lifetime 604800s


OPNSense is configured to use DHCPv6 to pull a v6 address from the WAN, but it's pulling the SLAAC address identified above. I'm not sure what that means.

Is there a way to see those logs from within the interface? I don't have direct console access set up yet.

EDIT: I rebooted the Uverse fiber gateway, which changed Allocation to "DHCP". After that, OPNSense was mightily confused and refused to do anything, so I rebooted it, too. After that, it came up with a valid IPv6 address (/64 block size), and a single /64 delegated prefix, as well as a v6 DNS server from the gateway. I wasn't getting any of that before.

The DHCPv6 service, with everything set to defaults, is now showing status green, and its handing out DHCPv6 leases.

So, I was right to blame AT&T, but I hadn't rebooted the gateway enough times, or something. Thanks for your help, @allan. You were exactly right about the problem.
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: allan on July 31, 2022, 06:44:12 am
Quote from: Sinister Pisces on July 31, 2022, 06:22:56 am
Is there a way to see those logs from within the interface? I don't have direct console access set up yet.

I think it is System > Log Files > General.
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: Vesalius on July 31, 2022, 05:06:41 pm
The links below might be helpful. ATT makes IPv6 difficult.

https://github.com/symgryph/multiple-ipv6-att-opnsense
https://github.com/lilchancep/att-pfsense-ipv6
Title: Re: Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)
Post by: kdwink on August 06, 2022, 06:50:14 am
Quote from: Vesalius on July 31, 2022, 05:06:41 pm
The links below might be helpful. ATT makes IPv6 difficult.

https://github.com/symgryph/multiple-ipv6-att-opnsense
https://github.com/lilchancep/att-pfsense-ipv6

That setup has been working great for me with ATT Fiber + OPNSense 22.1.  Three public IPv6 addresses for three interfaces.

Came to the forum today wondering if this setup is still working for people in 22.7.   If anyone tries, please report here, thanks.