WAN not getting IPV6 address

[smccloud]

Hello,

I just came from pfSense, and configured my WAN interface the same way.  DHCP & DHCPv6 with a /56 prefix for IPv6.  However, no matter what I do unless I check "Request only an IPv6 prefix" I get no IPv6 information on the WAN.  Same NIC in my router, everything else is the same.  Even got the same IPv4 address.  Any suggestions on where to look and what you need to help me?

[alexkgr]

Hello,

I just came from pfSense, and configured my WAN interface the same way.  DHCP & DHCPv6 with a /56 prefix for IPv6.  However, no matter what I do unless I check "Request only an IPv6 prefix" I get no IPv6 information on the WAN.  Same NIC in my router, everything else is the same.  Even got the same IPv4 address.  Any suggestions on where to look and what you need to help me?

You had the same config at pfsense?
You are the dev who creates the script for transfer from pfsense to opnsense?

Sent from my SM-S918B using Tapatalk

[smccloud]

Hello,

I just came from pfSense, and configured my WAN interface the same way.  DHCP & DHCPv6 with a /56 prefix for IPv6.  However, no matter what I do unless I check "Request only an IPv6 prefix" I get no IPv6 information on the WAN.  Same NIC in my router, everything else is the same.  Even got the same IPv4 address.  Any suggestions on where to look and what you need to help me?

You had the same config at pfsense?
You are the dev who creates the script for transfer from pfsense to opnsense?

Sent from my SM-S918B using Tapatalk

Yes, I'm the one working on the program.  Settings should work fine but I get the following in my logs

Code Select Expand

2023-11-04T17:31:16-05:00 Notice dhcp6c reset a timer on igb0, state=SOLICIT, timeo=23, retrans=128544
2023-11-04T17:31:16-05:00 Notice dhcp6c send solicit to ff02::1:2%igb0
2023-11-04T17:31:16-05:00 Notice dhcp6c set IA_PD
2023-11-04T17:31:16-05:00 Notice dhcp6c set option request (len 4)
2023-11-04T17:31:16-05:00 Notice dhcp6c set elapsed time (len 2)
2023-11-04T17:31:16-05:00 Notice dhcp6c set identity association
2023-11-04T17:31:16-05:00 Notice dhcp6c set client ID (len 14)

[Maurice]

Even when using the same hardware, your DUID will change when installing OPNsense. If your ISP is picky about this, copying the DUID from pfSense might work.

Cheers
Maurice

[meyergru]

However, no matter what I do unless I check "Request only an IPv6 prefix" I get no IPv6 information on the WAN. 

I do not quite understand this, please explain - the opposite should be true. Normally, one should be able to get both a WAN IPv6 and an IPv6 prefix that can be used on LAN interfaces via "Track Interface".

But some ISPs only hand out an IPv6 prefix and some do this only when only that prefix is being requested (by checking the "request an IPv6 prefix only box") - mine does this: if I request a WAN IPv6, I will get no addresses at all.

However, if you check that box, you should get exactly an IPv6 prefix - but that can only be assigned to LAN interfaces, not on the WAN interface itself. There has been an attempt do enable that feature by @Franco ("track interface" on WAN itself), but it was abandoned. I know for sure that Fritzbox can so something like this and possible pfSense can as well (I don't know), so this may be your problem if I interpret it right.

You can check on your pfSense by examining LAN va. WAN IPv6s closely and see if they are in the same /56 subnet. They would not if both types of addresses are provided by your ISP.

My current solution is to assign an IPv6 to the LAN interface, which is perfectly fine to allow outbound IPv6 traffic from OpnSense itself.

[smccloud]

Even when using the same hardware, your DUID will change when installing OPNsense. If your ISP is picky about this, copying the DUID from pfSense might work.

Cheers
Maurice

And I have no good way to get the DUID from pfSense.  It is not stored in the backup config file.

[Maurice]

OPNsense only stores the DUID in the config if you explicitly enter one. Otherwise, dhcp6c uses the DUID it generated itself, which is stored in /var/db/dhcp6c_duid.

Might be the same in pfSense.

[smccloud]

OPNsense only stores the DUID in the config if you explicitly enter one. Otherwise, dhcp6c uses the DUID it generated itself, which is stored in /var/db/dhcp6c_duid.

Might be the same in pfSense.

Probably is, my config file from pfSense shows <dhcp6-duid></dhcp6-duid> and at this point I can't get the DUID from pfSense. 

[smccloud]

So, I decided to restore my pfSense install to get its DUID today.  Copied that to OPNsense.  OPNsense says it is not a valid DUID, what do I do now?  It is a 16 byte DUID, which OPNsense doesn't recognize as valid according to any format.....

[Maurice]

A 16 byte DUID is indeed unusual. What type is it (first four bytes)? The default is LLT which is typically 14 bytes.

[smccloud]

First four bytes are "0e:00:00:01"

[opnfwb]

Can you try spoofing a new MAC on the WAN, and save the changes (but don't yet apply them). Then go to Interfaces/Settings and change the DHCP Unique Identifier, just use the options to generate a new random one. Save the changes and shutdown OPNsense. Then unplug/reboot your ISP modem.

Plug the modem or ONT back in and let it come back online. Once the modem or ONT is back online, power OPNsense back up. It will boot with the new WAN MAC and DUID that was generated above. This should get you a new IPV4 and IPV6 address.

I've seen issues where a provider won't issue a new DHCPv6 prefix when the DUID changes but the MAC stays the same. I'm wondering if that's what is occurring here. Doing the above steps always works for me to get DHCPv6 back up and running.

[smccloud]

I could just change my WAN NIC from igb0 to igb3 as well, or em0.  I do have multiple NICs to specify.

[Maurice]

0e:00:00:01 makes no sense. This is probably a LLT (00:01:00:01) with an extra two byte prefix for some reason. Try entering the DUID in OPNsense without the "0e:00:".

[doktornotor]

Yes, the pfS GUI decodes the DUID incorrectly, adding those bogus two bytes.