25.1.2 - dhcp6c not getting prefix from ISP

mfld-pub · March 05, 2025, 12:06:52 AM

Trying to switch a site from pfSense to OPNsense. Fiber ISP sends a /60 when requested. In pfSense the settings were

"send prefix hint /60"
and "do not wait for RA"

This works, assigns an address to WAN and I can track interface on LAN and VLANs and assign /64s out of the /60 the ISP is sending.

Trying to replicate the same thing in OPNsense 25.1.2 I replicated the settings including the DUID but I get nothing on WAN, LAN or any VLANs.

One setting I am unsure about it the "Do not wait for RA". This one I was not able to replicate on OPNsense. Cannot find it. Everything else is the same.

I see dhcp6c logs try to send solicit to some link local address and get no reply:

Code Select

<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6091"] Sending Solicit
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6092"] set client ID (len 20)
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6093"] set identity association
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6094"] set elapsed time (len 2)
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6095"] set option request (len 4)
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6096"] set IA_PD prefix
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6097"] set IA_PD
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6098"] send solicit to ff02::1:2%ixl0
<29>1 2025-03-04T22:56:10+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6099"] reset a timer on ixl0, state=SOLICIT, timeo=1, retrans=2097
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6131"] Sending Solicit
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6132"] set client ID (len 20)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6133"] set identity association
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6134"] set elapsed time (len 2)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6135"] set option request (len 4)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6136"] set IA_PD
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6137"] send solicit to ff02::1:2%igc0
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6138"] reset a timer on igc0, state=SOLICIT, timeo=2, retrans=3927
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6142"] Sending Solicit
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6143"] set client ID (len 20)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6144"] set identity association
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6145"] set elapsed time (len 2)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6146"] set option request (len 4)
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6147"] set IA_PD prefix
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6148"] set IA_PD
<29>1 2025-03-04T22:56:12+00:00 opn434324242.duckdns.com dhcp6c 25585 - [meta sequenceId="6149"] send solicit to ff02::1:2%ixl0

Is there a way to export the raw /var/etc/dhcp6c_wan.conf from pfSense and plug it into OPNsense to test. I am trying to find out what OPNsense 25.1x is doing different vs the legacy product.

franco · March 05, 2025, 09:12:14 AM

pfSense CE or plus?

You can try the following kernel patch: https://github.com/opnsense/src/issues/242#issuecomment-2679069936

Cheers,
Franco

franco · March 05, 2025, 09:13:34 AM

PS:

> One setting I am unsure about it the "Do not wait for RA". This one I was not able to replicate on OPNsense. Cannot find it. Everything else is the same.

We removed it because it's done automatically. In your case the SOLICIT is never answered suggesting a problem with the neighbour discovery. One other thing it could be is a chance in MAC address that your ISP doesn't like.

mfld-pub · March 13, 2025, 09:48:56 AM

Quote from: franco on March 05, 2025, 09:12:14 AMpfSense CE or plus?

It is plus - 24.11.

I will try the patch when I get back on-site.

I see 25.1.3 just came out and has some ICMPv6 neighbour discovery fixes. Fingers crossed this will let me resume migrating :)

25.1.2 - dhcp6c not getting prefix from ISP

mfld-pub

March 05, 2025, 12:06:52 AM

franco

March 05, 2025, 09:12:14 AM #1

franco

March 05, 2025, 09:13:34 AM #2

mfld-pub

March 13, 2025, 09:48:56 AM #3