Messages

I am using PPPoE and get a /48 prefix from my ISP.

On 26.1.5, I have no issues and it works exactly as it should.

Identity association on the LAN and I get a /64 with an Assign prefix ID of 0

I do "Request Prefix Only" on the WAN interface, and nothing else. (Apart from Prefix delegation size of 48)

Doesn't help you, but I just wanted to say it works perfectly for me.....

Now that makes a lot more sense :)

In which case, I change my answer to I never get a /128 :)

Perhaps a poorly setup at the ZEN ISP end then....

For now, because I am a *clean log* man, I just request a PD only.  It works for me.

I do get a non temporary address yes, but it seems to come via SLAAC. (If I untick request prefix only)

So requesting a prefix only gives fe80::1%pppoe0/64 on the WAN, unticking Request Prefix only gives an address in my ND, e.g. 2a02:X0XX:XX01:XX6a::1/64, but then I get the entries in the log no address/prefix.

I think dhcp6c is trying to get the WAN IPv6 via DHCPv6 and thats why it throws no addresses.

The PD comes via DHCPv6, and that always works.

What is very interesting though, is even though I request prefix only, under Interfaces/Overview, I do still see the above ND address, but not on the dashboard interfaces widget, just fe80::1%pppoe0/64

Odd....

It's not a major issue for me as *both* options work, I was just interested in why the log was displaying those messages.

Keep up the good work Franco :)

Will be in 26.1.5.


Cheers,
Franco

Thanks Franco..... that's brilliant

Oooooh nice.

Would be great to see this in a 26.1.x release :)

I was literally looking at this right now.

I migrated most of my "Outbound" NAT rules to "Source NAT" but also noticed the missing "Static-port" option.

I saw a post by franco saying that Outbound NAT will become legacy, so thought I'd jump the gun, but the static-port option remains a bit of a mystery in Source NAT

If I "Request Prefix Only" the problem goes away......

So that is what I shall do, even though the ISP gives me a /64 for WAN.

This is ZEN UK.

EDIT: Looks like ZEN give the WAN IP via SLAAC, not IA_NA, and thats where the issue was.

I've Xed out some bits:

2026-03-20T13:50:26Noticedhcp6cadvertise contains no address/prefix
2026-03-20T13:50:26Noticedhcp6cserver ID: 00:XX:00:00:XX:XX:XX:XX:XX:37:66:3a:66:38:3a:37:34:3a:62:63:XX:XX:XX:00:00:00, pref=-1
2026-03-20T13:50:26Noticedhcp6cstatus code: no addresses
2026-03-20T13:50:26Noticedhcp6cget DHCP option status code, len 43
2026-03-20T13:50:26Noticedhcp6cIA_NA: ID=5, T1=0, T2=0
2026-03-20T13:50:26Noticedhcp6cget DHCP option identity association, len 59
2026-03-20T13:50:26Noticedhcp6cDUID: 00:XX:00:00:XX:XX:XX:XX:3a:37:66:3a:66:38:3a:37:34:3a:62:63:XX:XX:XX:00:00:00
2026-03-20T13:50:26Noticedhcp6cget DHCP option server ID, len 26
2026-03-20T13:50:26Noticedhcp6cDUID: 00:0X:00:0X:XX:dc:XX:1d:f4:90:XX:01:cb:XX
2026-03-20T13:50:26Noticedhcp6cget DHCP option client ID, len 14
2026-03-20T13:50:26Noticedhcp6creceive advertise from fe80::200:ff:fe00:0%pppoe0 on pppoe0
2026-03-20T13:50:26Noticedhcp6creset a timer on pppoe0, state=SOLICIT, timeo=5, retrans=35593
2026-03-20T13:50:26Noticedhcp6csend solicit to ff02::1:2%pppoe0
2026-03-20T13:50:26Noticedhcp6cset elapsed time (len 2)
2026-03-20T13:50:26Noticedhcp6cset identity association
2026-03-20T13:50:26Noticedhcp6cset client ID (len 14)
2026-03-20T13:50:26Noticedhcp6cSending Solicit on pppoe0

Thanks Franco,

Seems to be on the hour-ish

2026-03-20T12:05:16Noticedhcp6cadvertise contains no address/prefix
2026-03-20T12:05:16Noticedhcp6cSending Solicit on pppoe0
2026-03-20T11:03:54Noticedhcp6cadvertise contains no address/prefix
2026-03-20T11:03:54Noticedhcp6cSending Solicit on pppoe0
2026-03-20T10:03:11Noticedhcp6cadvertise contains no address/prefix
2026-03-20T10:03:11Noticedhcp6cSending Solicit on pppoe0
2026-03-20T09:05:49Noticedhcp6cadvertise contains no address/prefix
2026-03-20T09:05:49Noticedhcp6cSending Solicit on pppoe0
2026-03-20T08:08:39Noticedhcp6cadvertise contains no address/prefix
2026-03-20T08:08:39Noticedhcp6cSending Solicit on pppoe0
2026-03-20T07:09:46Noticedhcp6cadvertise contains no address/prefix
2026-03-20T07:09:45Noticedhcp6cSending Solicit on pppoe0

How do I enable IPv6 debug?

Hi All,

Quick question for any experts out there.

I get IPv6 over PPPoE and only set the following on the WAN interface:

IPv6 Configuration Type: DHCPv6
Prefix Delegation Size: 48

Everything else is unticked, including "Send prefix hint" and "Request prefix only"

IPv6 actually works perfectly well, with a /64 on the WAN, and a chunk of my /48 on the LAN(/64) but I get a lot of these entries in the log.

2026-03-20T11:03:54    Notice    dhcp6c    advertise contains no address/prefix
2026-03-20T11:03:54    Notice    dhcp6c    Sending Solicit on pppoe0

Is there anything I can do to suppress "advertise contains no address/prefix" or is this normal?

Thanks...

I also have IPv6 on my primary WAN, and a 5G failover connection that only has IPv4.

I did not configure anything special, when the failover happens the clients happy eyeball towards IPv4 quickly and I don't notice much somehow.

https://en.wikipedia.org/wiki/Happy_Eyeballs

That is what I want to achieve.....
Perhaps I'll squirt out GUAs now, and test the failover and see how long it takes....

The whole point is the secondary does not have IPv6....at all

I'm trying to achieve IPv4 and IPv6 on primary, but if primary fails, rapid state terminate, and use only IPv4 for secondary. No black hole.

I get that. In many ways, NAT makes the multi-homed issues a lot easier to deal with.
I dont believe any residential providers in the UK offer BGP..., so we make do with what we have.

I'm going to try ULA on the LAN, NAT66 on WAN1.

When it fails, either Monit or syshook to use pf to alter an alias on a firewall rule to reject IPv6 on the LAN interface.

Alias will be empty when WAN1 is up, and ::/0 when its down.  That should provide rapid fallback to IPv4.

We'll see how it goes....

So it sounds like I need to use NAT66 rather than NPTv6. (IPv6 doesnt want you to use NAT66 right....well tough...it's needed)

I can squirt ULA's to my LAN (fd76:xx:Xx) and use a hybrid outbound NAT rule to do NAT66

This way when the gateway goes down "Failover States" should activate and kill all existing states.

The issue I then have, is new connections trying to use IPv6 before it fails over to IPv4.

I wonder if I could automate "When primary goes down, block IPv6 on the LAN interface"

I'm after a bit of Multi-WAN advice.

I have 2 WAN connections, Primary is 1Gb PPPoE with 1508 MTU (1500 pppoe), and Secondary is 1Gb DOCSIS cable.

My primary (ZEN) has both IPv4 and IPv6, but my secondary (VIRGIN) has only IPv4.

Gateway Group is ZEN (Tier 1) and VIRGIN (Tier 2) with a trigger level of "Member Down"

When ZEN fails, the gateway goes down (good) and apart from a connection glitch from clients (Failover States is checked) they continue on VIRGIN, so all good.

The failover works perfectly for IPv4.
However, what I'm struggling to get my head around is IPv6.

At the minute, I have not enabled IPv6 via RA to my LAN, because I want to try and understand something.

If I start squirting out IPv6 routes to my LAN using OPNsense Router Advertisements, it seems to me that even if ZEN is down, this will continue to do so.
That means clients may try and still use IPv6 with a gateway that is currently down, potentially causing a black hole.

I am wondering if anyone else out there has come across this, and how they managed to deal with it?

Normally I would do some real testing myself, but my ISP still hasnt enabled IPv6 properly, so can only ask theoretical questions.

It may not even be an issue, and IPv4 failback might happen automatically, but I'm not convinced.

I have toyed with the idea of somehow programatically changing RA using Monit if ZEN goes down to set lifetime=0, or perhaps automating a firewall rule to block IPv6.

Basically, I'm trying to make the failover as efficient and quick as possible without IPv6 black holing.

Has anyone any experience with this scenario, and thank you for taking the time to read/respond.