Messages

Isn't there an ISP to choose from that sucks a little less? I wouldn't pay for bad service like that if theres at least one more option even if more expensive.

I wish that was the case. My current ISP is the best in my area when it comes to reliability and bandwidth. Unfortunately, they are clueless when it comes to IPv6.

After several weeks of trying to find someone to talk to that even knows what Prefix Delegation is, their proposed solution was to upgrade to one of their $2000/month corporate plans (currently paying $130 for 1.2Gbps) that would provide me the same bandwidth plus 5 /64 prefixes. LMAO.

Anyway, my dhcp6c hack is working wonderfully, so, screw them.

 

> I got it working by modifying the dhcp6c code, compiling and installing it on my opnsense box.

I'm a little rusty on the details but I'm relatively sure this being unique per device is intentional.


Cheers,
Franco

I'm sure it is! But this "workaround" would really help people only getting a single /64 prefix.

DUID is supposed to be unique per device, not per interface. DUID + IAID is for identifing a single interface (See https://datatracker.ietf.org/doc/html/rfc3315#section-10).

Did you try to set different interface IDs in the DHCPv6 client config for the WANs (Configuration Mode 'Advanced') and see if you get different prefixes for the two WANs?

There are ISP who don't do IPv6 well but not sure that dhcp6c will be changed to violate RFCs.

I did try different interface IDs and many other things but unfortunately if I try to request more than 2 /64 prefixes, no matter the settings, the server won't reply at all.  Only per interface DUIDs made it work.

Just in case anyone else is interested in the future:

I got it working by modifying the dhcp6c code, compiling and installing it on my opnsense box.

The code basically reads the DUID from /var/db/dhcp6c_duid_ifname, where ifname is the name of the interface. If the file is not found, it will use the original /var/db/dhcp6c_duid file.

Be aware that my knowledge of C is primitive at best and the code is certainly ugly and dirty - but works.

Now, the reason for this: my trash tier ISP only provides 2 /64 prefixes. I have 4 VLANs so this is a problem.

With this modification, I can plug my ONT into a switch and from the switch connect to 2 or more interfaces into my OpnSense box. The first interface (WAN) handles IPv4 plus 2 IPv6 prefixes for 2 VLANs. The second interface (WAN2) only handles IPv6 for the 2 other VLANs.

Anyway, hopefully this functionality is implemented natively in OpnSense in the future. It really helps with garbage ISPs like mine.

Is there any way to set a custom DUID *per interface* when requesting a prefix via IPv6 PD?

Currently, a single global DUID is used for all WAN interfaces.

Thanks!

The issue here is more likely the IPv6 routing table. You can only have one IPv6 default route and the router advertisement and prefix delegation from the provider sets it to the first wan interface. Choosing one more interface on the same box that uses the same routing table is most likely failing.

This is just an assumption though, Im not that knowledgable with IPv6 Multiwan configurations. I just imagine its a pain due to router advertisement issues when its essentially two network interfaces of the same device in the same broadcast domain behind the Provider Edge Router.

Thanks for chiming in! it could very well be that a routing problem might exist but I haven't even reached that part yet since I cannot request discreet IPv6 prefixes through each WAN, since the config file overrides are being merged into one. This seems like a bug to me, although I am no expert.

[/var/etc/dhcp6c.conf]

Our ISP has a terrible IPv6 implementation which delegates up to 2 /64 dynamic prefixes. Requesting any other prefix sizes (62, 60, 56, etc.) causes the DHCP server to not delegate any prefixes. Requesting more than 2 /64 prefixes also causes the DHCP server to not delegate any. Since it is currently impossible to do this via the GUI, we are requesting those 2 /64 prefixes using a Configuration File Override that looks like this:

Code Select Expand

interface igc0 {
        send ia-na 0;
        send ia-pd 0;
        send ia-pd 1;
        script "/var/etc/dhcp6c_wan_script.sh";
};

id-assoc na 0 { };

id-assoc pd 0 {
        prefix-interface ix0_vlan42 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

id-assoc pd 1 {
        prefix-interface ix0_vlan777 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

The above works great and we can assign those 2 /64s to 2 different VLANs.

But we have more than 2 VLANs so we need more /64. What I've been trying to do is add a second WAN connection to the same ONT. We are succesfully receiving a second static IPv4 address plus an  IPv6 GUA for the second WAN. We are also using a Configuration File Override that looks like this:

Code Select Expand

interface igc1 {
        send ia-na 1;
        send ia-pd 2;
        script "/var/etc/dhcp6c_opt5_script.sh";
};

id-assoc na 1 { };

id-assoc pd 2 {
        prefix-interface ix0_vlan666 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

The problem is that Prefix Delegation stops working for both WANs. I have narrowed the issue to OPNSense merging both configuration files above into a single one (/var/etc/dhcp6c.conf), and requesting those prefixes through the  same WAN. Since the merging of the files causes dhcp6c to request more than 2 /64 prefixes, the DHCP server offers none.

¿How can I force OPNSense to stop merging those files and use individual dhcp6c processes with their unique configuration override files?


Thanks!