Multi-WAN IPv6 DHCP6-PD Configuration File Override

[jxlarrea]

Our ISP has a terrible IPv6 implementation which delegates up to 2 /64 dynamic prefixes. Requesting any other prefix sizes (62, 60, 56, etc.) causes the DHCP server to not delegate any prefixes. Requesting more than 2 /64 prefixes also causes the DHCP server to not delegate any. Since it is currently impossible to do this via the GUI, we are requesting those 2 /64 prefixes using a Configuration File Override that looks like this:

Code Select Expand

interface igc0 {
        send ia-na 0;
        send ia-pd 0;
        send ia-pd 1;
        script "/var/etc/dhcp6c_wan_script.sh";
};

id-assoc na 0 { };

id-assoc pd 0 {
        prefix-interface ix0_vlan42 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

id-assoc pd 1 {
        prefix-interface ix0_vlan777 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

The above works great and we can assign those 2 /64s to 2 different VLANs.

But we have more than 2 VLANs so we need more /64. What I've been trying to do is add a second WAN connection to the same ONT. We are succesfully receiving a second static IPv4 address plus an  IPv6 GUA for the second WAN. We are also using a Configuration File Override that looks like this:

Code Select Expand

interface igc1 {
        send ia-na 1;
        send ia-pd 2;
        script "/var/etc/dhcp6c_opt5_script.sh";
};

id-assoc na 1 { };

id-assoc pd 2 {
        prefix-interface ix0_vlan666 {
                sla-id 0;
                sla-len 0;
                ifid 1;
        };
};

The problem is that Prefix Delegation stops working for both WANs. I have narrowed the issue to OPNSense merging both configuration files above into a single one (/var/etc/dhcp6c.conf), and requesting those prefixes through the  same WAN. Since the merging of the files causes dhcp6c to request more than 2 /64 prefixes, the DHCP server offers none.

¿How can I force OPNSense to stop merging those files and use individual dhcp6c processes with their unique configuration override files?


Thanks!

[Monviech (Cedrik)]

The issue here is more likely the IPv6 routing table. You can only have one IPv6 default route and the router advertisement and prefix delegation from the provider sets it to the first wan interface. Choosing one more interface on the same box that uses the same routing table is most likely failing.

This is just an assumption though, Im not that knowledgable with IPv6 Multiwan configurations. I just imagine its a pain due to router advertisement issues when its essentially two network interfaces of the same device in the same broadcast domain behind the Provider Edge Router.

[jxlarrea]

The issue here is more likely the IPv6 routing table. You can only have one IPv6 default route and the router advertisement and prefix delegation from the provider sets it to the first wan interface. Choosing one more interface on the same box that uses the same routing table is most likely failing.

This is just an assumption though, Im not that knowledgable with IPv6 Multiwan configurations. I just imagine its a pain due to router advertisement issues when its essentially two network interfaces of the same device in the same broadcast domain behind the Provider Edge Router.

Thanks for chiming in! it could very well be that a routing problem might exist but I haven't even reached that part yet since I cannot request discreet IPv6 prefixes through each WAN, since the config file overrides are being merged into one. This seems like a bug to me, although I am no expert.

[franco]

I still have this in my queue but priorities keep being elsewhere.

https://github.com/opnsense/core/issues/7647


Cheers,
Franco