Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IPv6 issue where prefix delegation not available from ISP
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 issue where prefix delegation not available from ISP (Read 1766 times)
kumba
Newbie
Posts: 9
Karma: 0
IPv6 issue where prefix delegation not available from ISP
«
on:
June 01, 2023, 08:04:48 pm »
So I have Spectrum Business cable internet and their setup consists of two pieces, one modem and then their own separate router/gateway. This is apparently 'required' since it's a business account and we have a static IPv4. All lies but hey, gotta run what ya brung.
OPNSense successfully pulls an IPv6 through DHCP and can ping the internet just fine. The issue is when it goes to get a prefix delegation (like a /60 or /56) the response is that no prefixes are available. I'm now stuck using the /64 that was assigned to OPNSense for everything on the LAN now. The problem is I can't seem to figure out how to get that to work.
I have no other VLANs I want to give IPv6 to, just the LAN. My first idea was to just manually configure the DHCPv6 daemon on LAN but that would mean whenever OPNSense gets a different IPv6 assignment the DHCPv6 daemon would need to be updated.
Is there a better way to implement this or am I just stuck hoping that the IPv6 assignment doesn't change much?
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #1 on:
June 01, 2023, 09:33:23 pm »
If you don't get a PD you don't get a /64 and you can't use it downstream on LAN.
A single /64 PD works in these cases, but is required to be handed out... Sometimes it works when you select "only request a prefix" instead.
I'd also try all the /6x and /5x options to see if it brings up anything and set "send prefix hint" as well.
Cheers,
Franco
Logged
meyergru
Hero Member
Posts: 1680
Karma: 165
IT Aficionado
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #2 on:
June 01, 2023, 11:29:52 pm »
I think Franco is right here with the prefix hint. The prefix size seems to be /56, see
https://www.reddit.com/r/OPNsenseFirewall/comments/xmurda/psa_howto_ipv6_on_spectrum_formerly_twc_time/
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
kumba
Newbie
Posts: 9
Karma: 0
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #3 on:
June 02, 2023, 03:20:33 pm »
So I figured out the Prefix Delegation issue. On Spectrum where you have a separate modem and router from them you have to log into their router and enable dhcp-pd support. It's not enabled by default cause reason?! Anyways, once you log into Spectrum's router, you have to click on 'Advanced', then go to 'Router Settings', and lastly click on the 'DHCPv6' tab. Once you are there you'll see all the IPv6 settings and can enable DHCP-PD.
Now when I look under 'Interfaces --> Overview --> WAN' I can see that there's an IPv6 delegated prefix listed below the IPv6 address and it matches the /64 that the router allows for delegation.
Now the problem I have is there's no link-local address listed under the LAN when I go to the Interfaces Overview. I have the IPv6 configuration type set to Track Interface and the WAN interface selected. I would expect there to be a link-local listed.
Logged
Patrick M. Hausen
Hero Member
Posts: 6797
Karma: 571
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #4 on:
June 02, 2023, 03:30:43 pm »
Is your LAN a bridge interface? In that case you need to enable LLA in the bridge settings.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
kumba
Newbie
Posts: 9
Karma: 0
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #5 on:
June 02, 2023, 03:41:59 pm »
I don't have any bridge's on this box.
My network is essentially a flat small office network like this:
Spectrum Modem <---> Spectrum Router Box <---> OpnSense ix0_vlan14 WAN <---> OPNsense ix0 LAN
I have a single 10-gig connection to my switch and I'm shipping 3 VLANs over it. The only two VLANs using IPv6 is the WAN and LAN. The third VLAN is an IPv4 private admin network with no routing going through it.
I did notice that if I changed the LAN IPv6 to 'SLACC' for a second, apply, and then change it back to Track Interface that I will get a link-local address on the LAN interface. The link-local on the LAN and WAN interface are the same. Not sure if that's normal or not.
Logged
kumba
Newbie
Posts: 9
Karma: 0
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #6 on:
June 02, 2023, 04:52:15 pm »
So I moved the LAN interface off of the ix0 NIC and onto an unused em0 NIC. Once I did this and rebooted the LAN nic (now em0) is getting a link-local IP and it's different then the link-local IP of the WAN.
So my network now looks like this:
Spectrum Modem <---> Spectrum Router Box <---> OpnSense ix0_vlan14 WAN <---> OPNsense em0 LAN
So on my box (23.1.9), if the LAN and WAN were on the same interface with the same MAC even though they were in different VLANs the link-local would not get created for the LAN.
Now everything is able to pull an IPv6 from the delegation, but I'm still not able to ping out for some reason. Hmmm.
Logged
kumba
Newbie
Posts: 9
Karma: 0
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #7 on:
June 02, 2023, 05:19:39 pm »
For some reason I'm onling getting a link-local IPv6 default gateway:
::/0 fe80::225:90ff:fe47:7a27 UGDAe 1024 13
I would have expected there to be a real IPv6 IP with the UG flags there too.
Logged
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: IPv6 issue where prefix delegation not available from ISP
«
Reply #8 on:
June 02, 2023, 06:13:44 pm »
There is an alternative when this happens. Most people dislike it but you can use NAT with IPv6 as you may already use with IPv4.
I'm using it without problem since about three years and it works flawlessly.
As you mentioned in the title, my ISP doesn't offer a prefix delegation, so their router assigns a /64 IPv6 for each device that directly connects to it.
The only way I could workaround this was using NAT for IPv6 and configuring the OPNSense DHCPv6 to assign IPs within a subnet of the ISP assigned IP. I use a different /80 subnet for each VLAN.
The only thing that doesn't work is IPv6 with Android phones because the IP is configured via SLAAC and it only works with /64 IPs. So no IPv6 for Android... no problem.
Sorry for mentioning this ugly solution, but is the only thing that works for now when your ISP is offering a partial IPv6 implementation.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IPv6 issue where prefix delegation not available from ISP