Archive > 22.7 Legacy Series

Questions re: IPv6 Setup with Prefix Delegation + DHCP (WAN OK; No IPv6 on LAN)

(1/2) > >>

Sinister Pisces:
Hello,


I'm setting up OPNSense for the first time, and having some issues with IPv6. My ISP (AT&T Uverse Fiber) gives me, effectively, one /64 block without doing some hackery I don't yet understand, and requires Prefix Delegation. I set the WAN side up to get the prefix only with the prefix hint, using a /64 block size, and it seems to have worked.

On the LAN, however, I have no IPv6 at all. OPNSense simply shows no address there. Right now, IPv6 LAN is set to track the WAN IPv6 settings, and the DHCPv6 service refuses to start (red stop sign icon in the Lobby Services list). I'm pretty sure this is the problem, but I have no idea what settings I should actually use.


I've also noticed that I don't have a Router Advertisements service running and visible under Services, just DHCPv6--which refuses to work.


I'd appreciate any advice.


Here's what the Interfaces Overview is telling me for the WAN.



Uplink interface (wan, igc0)
StatusupDHCPup   Reload ReleaseMAC address$MACMTU1500IPv4 address$IPv4_ADDR/23IPv4 gateway$FIBER_GATEWAYIPv6 link-localfe80::$IPv6_LINK_LOCAL_ADDR/64IPv6 address2600:1700:.../64IPv6 gatewayfe80::a9b:...DNS servers$FIBER_GATEWAYMedia2500Base-T <full-duplex>

[/size]Here's the LAN. Notice there's no [/color][/size]IPv6 infrastructure at all.


PrimaryLAN interface (lan, igc1)
[/size][/color]
StatusupMAC address$MACMTU1500IPv4 address$ROUTER_LAN_ADDRESS/24IPv6 addressMedia2500Base-T <full-duplex>

[/size]Here's the relevant WAN Interface settings:[/color]
[/size]Track IPv6 Interface[/size][/url][/color][/size][/color] IPv6 Interface                                                                    Uplink                                                             [/color][/size]


UplinkThis selects the dynamic IPv6 WAN interface to track for configuration[/color][/size][/url][/color] IPv6 Prefix ID

0x[/size]
The value in this field is the delegated hexadecimal IPv6 prefix ID. This determines the configurable /64 network ID based on the dynamic IPv6 connection.[/size][/url][/color][/font][/size][/color] Manual configuration[size=inherit] Allow manual adjustment of DHCPv6 and Router Advertisements
If this option is set, you will be able to manually set the DHCPv6 and Router Advertisements service for this interface. Use with care.[/size]

allan:
I want to preface this by saying that I have Comcast instead of AT&T, so I don't know the exact settings you need. But, I do not see an "IPv6 delegated prefix" line under Interfaces > Overview > WAN interface (section). You need that before configuring the LAN interface or Router Advertisement. I suggest you start with the AT&T box and make sure DHCPv6 and DHCPv6 Prefix Delegation are enabled? Also, is your WAN interface set up to use DHCPv6?

Sinister Pisces:
Thanks for your reply. (Also, I just noticed that the forum pretty thoroughly wrecked my formatting. I need to fix that.)

I didn't realize I should have been able to see the prefix delegation in the Overview. I see entries for "IPv6 Address", "IPv6 Link Local", and "IPv6 Gateway," but there is indeed no entry for Prefix.

I'll double-check things, but I had IPv6 working on my previous router, with the same Uverse fiber gateway, using DHCPv6-PD in Stateless Mode. EDIT: I've verified my Uverse Fiber Gateway has IPv6, DHCPv6, and Prefix Delegation enabled.

Something tells me I might need to go into the Advanced settings to duplicate that. I can see in there that I can enable "Prefix Delegation" and a "Stateless" mode directly, but there's also several things in there I don't know how to set.

In the WAN interface setup screen:

* IPv6 Configuration Type: DHCPv6
* DHCPv6 Client Configuration (Basic):
* "Request only an IPv6 prefix:" on
* "Prefix Delegation Size:" 64
* "Send Prefix Hint:" on
* "Use IPv4 Connectivity:" off
* "Use VLAN Priority:" offWhat did you have to do on yours?

allan:
On mine, "IPv6 delegated prefix" is listed between "IPv6 address" and "IPv6 gateway" lines.

Your WAN interface setup looks exactly like mine except for the Prefix Delegation size, of course. On my Comcast cable modem, I had to enable the setting that says "Stateful (Use DHCP Server)" before PD worked. Stateful might be something to try.

Other suggestions:

* Set the Log level to Debug under Interfaces > Settings > IPv6 DHCP. PD responses are logged to /var/log/system/latest.log.
* Try unchecking "Request only an IPv6 prefix". You get 2 IPv6 addresses listed for WAN, but it might trigger a PD.
* Try restarting the AT&T box in case it needs to clear its memory.
Here is what shows up in my log with DHCPv6 set to Debug. I requested a DHCPv6 address (IA_NA) along with a PD (IA_PD).

--- Code: ---send request to ff02::1:2%igb0
reset a timer on igb0, state=REQUEST, timeo=0, retrans=959
receive reply from fe80::e6bf:faff:fe03:22d3%igb0 on igb0
get DHCP option identity association, len 66
  IA_NA: ID=0, T1=138098, T2=220957
get DHCP option IA address, len 24
  IA_NA address: 2603:3018:xxxx:xx00::55eb pltime=276197 vltime=276197
get DHCP option status code, len 22
  status code: success
get DHCP option IA_PD, len 69
  IA_PD: ID=2, T1=138098, T2=220957
get DHCP option IA_PD prefix, len 25
  IA_PD prefix: 2603:3018:xxxx:xx20::/59 pltime=276197 vltime=276197
get DHCP option status code, len 24
  status code: success
get DHCP option server ID, len 14
  DUID: [redacted]
get DHCP option client ID, len 14
  DUID: [redacted]
get DHCP option preference, len 1
  preference: 255
get DHCP option DNS, len 32
nameserver[0] 2001:558:feed::1
nameserver[1] 2001:558:feed::2
make an IA: PD-2
create a prefix 2603:3018:xxxx:xx20::/59 pltime=276197, vltime=276197
make an IA: NA-0
create an address 2603:3018:xxxx:xx00::55eb pltime=276197, vltime=140733193664229

--- End code ---

Sinister Pisces:
Thanks!


I took a closer look at my Uverse residential gateway (fiber modem).


It recognizes one device (the OPNSense box) attached. And the output is odd.



--- Code: ---MAC Address $MAC
Name unknown$MAC
Last Activity Sat Jul 30 21:56:36 2022
Status on
Allocation pending
Connection Type Ethernet LAN-1
Connection Speed 2500Mbps full duplex
Mesh ClientNo
IPv6 Address 2600:1700:$ADDR1
Type dhcp
Valid Lifetime 2592000s
Preferred Lifetime604800s
IPv6 Address 2600:1700:$ADDR2
Type slaac
Valid Lifetime 2592000s
Preferred Lifetime 604800s

--- End code ---


OPNSense is configured to use DHCPv6 to pull a v6 address from the WAN, but it's pulling the SLAAC address identified above. I'm not sure what that means.

Is there a way to see those logs from within the interface? I don't have direct console access set up yet.

EDIT: I rebooted the Uverse fiber gateway, which changed Allocation to "DHCP". After that, OPNSense was mightily confused and refused to do anything, so I rebooted it, too. After that, it came up with a valid IPv6 address (/64 block size), and a single /64 delegated prefix, as well as a v6 DNS server from the gateway. I wasn't getting any of that before.

The DHCPv6 service, with everything set to defaults, is now showing status green, and its handing out DHCPv6 leases.

So, I was right to blame AT&T, but I hadn't rebooted the gateway enough times, or something. Thanks for your help, @allan. You were exactly right about the problem.

Navigation

[0] Message Index

[#] Next page