WAN not getting IPV6 address

Started by smccloud, November 04, 2023, 10:24:13 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
November 06, 2023, 12:28:11 AM #15
And removing the 0e:00 from the front of the DUID did not help. Still not working. I can get a prefix fine, but that doesn't propagate to my LAN.
November 06, 2023, 12:36:35 AM #16
As someone else noted, some ISPs just do not provide anything but the prefix. Some ISPs provide a separate /64 for WAN. Some provide a separate /64 with routing broken.

Quote from: meyergru on November 05, 2023, 02:36:27 AM
But some ISPs only hand out an IPv6 prefix and some do this only when only that prefix is being requested (by checking the "request an IPv6 prefix only box") - mine does this: if I request a WAN IPv6, I will get no addresses at all.

However, if you check that box, you should get exactly an IPv6 prefix - but that can only be assigned to LAN interfaces, not on the WAN interface itself. traffic from OpnSense itself.

Check with your ISP.
November 06, 2023, 12:39:16 AM #17
I will check with them, but given the settings are the same between pfSense and OPNsense it should just work. DHCPv6, /56 prefix, DUID, all the same.
November 06, 2023, 12:43:14 AM #18
Interfaces->Settings->IPv6 DHCP Log Level - set to Debug.
November 06, 2023, 01:15:49 AM #19
Just the following over and over with different times.
Code Select
2023-11-05T18:13:55-06:00 Notice dhcp6c reset a timer on igb0, state=SOLICIT, timeo=30, retrans=109080
2023-11-05T18:13:55-06:00 Notice dhcp6c send solicit to ff02::1:2%igb0
2023-11-05T18:13:55-06:00 Notice dhcp6c set IA_PD
2023-11-05T18:13:55-06:00 Notice dhcp6c set IA_PD prefix
2023-11-05T18:13:55-06:00 Notice dhcp6c set option request (len 4)
2023-11-05T18:13:55-06:00 Notice dhcp6c set elapsed time (len 2)
2023-11-05T18:13:55-06:00 Notice dhcp6c set identity association
2023-11-05T18:13:55-06:00 Notice dhcp6c set client ID (len 14)
November 06, 2023, 01:28:35 AM #20
Quote from: smccloud on November 06, 2023, 12:39:16 AM
I will check with them, but given the settings are the same between pfSense and OPNsense it should just work. DHCPv6, /56 prefix, DUID, all the same.

Depending on how you define and / or created "the same" configuration, this may or may not work. The settings seem to differ a lot in detail between pfSense and OpnSense, especially when you look at the advanced settings. There may be defaults on pfSense that are different on OpnSense.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 06, 2023, 01:45:19 AM #21
Here's the WAN XML from my pfSense config file.  I see nothing that makes it so it shouldn't work.
Code Select
<wan>
<enable></enable>
<if>igb0</if>
<blockbogons></blockbogons>
<descr><![CDATA[WAN]]></descr>
<spoofmac></spoofmac>
<alias-address></alias-address>
<alias-subnet>32</alias-subnet>
<blockpriv></blockpriv>
<ipaddr>dhcp</ipaddr>
<dhcphostname></dhcphostname>
<dhcprejectfrom></dhcprejectfrom>
<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options></adv_dhcp_send_options>
<adv_dhcp_request_options></adv_dhcp_request_options>
<adv_dhcp_required_options></adv_dhcp_required_options>
<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-duid></dhcp6-duid>
<dhcp6-ia-pd-len>8</dhcp6-ia-pd-len>
<dhcp6-ia-pd-send-hint></dhcp6-ia-pd-send-hint>
<dhcp6usev4iface></dhcp6usev4iface>
<dhcp6withoutra></dhcp6withoutra>
<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
/</wan>

And I just got done chatting with my ISP, their "solution" was to use their router.  Nor would they reprovision my modem when I asked them to.
November 06, 2023, 02:05:36 AM #22 Last Edit: November 06, 2023, 02:14:07 AM by meyergru
On OpnSense, the resulting dhcp6c configuration is in /var/etc/dhcp6c.conf, you can check if it is like the one on your pfSense.

For LAN interfaces with RA enabled, you can check if /var/etc/radvd.conf contains the correct definitions (you did configure the router advertisements, did you?).

The order is:

1. get a delegated prefix on WAN of the correct size (in your case, /56) - regardless if the WAN itself gets an IPv6,
2. assign a part of it to each of your LAN interfaces via a different prefix ID (at most 8 bits) and
3. have that prefix advertised via RA or DHCPv6.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 06, 2023, 02:17:44 AM #23 Last Edit: November 06, 2023, 02:19:40 AM by smccloud
The problem is, to get it visible in pfSense I have to reload my router.  Which means everything is down for a while :(
I wonder if I can restore the config file in a VM just so I can look at that file.
November 06, 2023, 09:37:40 AM #24
> /var/db/dhcp6c_duid

Late to the party but you could just copy the file from the old install to the new. I don't think dhcp6c has an issue with a file it created itself.


Cheers,
Franco
November 06, 2023, 03:00:53 PM #25
Quote from: meyergru on November 06, 2023, 02:05:36 AM
On OpnSense, the resulting dhcp6c configuration is in /var/etc/dhcp6c.conf, you can check if it is like the one on your pfSense.

For LAN interfaces with RA enabled, you can check if /var/etc/radvd.conf contains the correct definitions (you did configure the router advertisements, did you?).

The order is:

1. get a delegated prefix on WAN of the correct size (in your case, /56) - regardless if the WAN itself gets an IPv6,
2. assign a part of it to each of your LAN interfaces via a different prefix ID (at most 8 bits) and
3. have that prefix advertised via RA or DHCPv6.

I haven't tried to configure RA yet since I don't have an IPv6 on the WAN yet.  As for /var/etc/dhcp6c.conf, the only difference is pfSense has
Code Select
interface igb0 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/56 infinity;
  prefix-interface igb1 {
    sla-id 6;
    sla-len 8;
  };
  prefix-interface igb2 {
    sla-id 7;
    sla-len 8;
  };
};
whereas OPNsense has
Code Select
interface igb0 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix-interface igb2 {
    sla-id 7;
    sla-len 8;
  };
  prefix-interface igb1 {
    sla-id 6;
    sla-len 8;
  };
};
November 06, 2023, 03:07:50 PM #26
All this advanced troubleshooting and we all forgot the most basic item.  Firewall -> Settings -> Advanced -> Allow IPv6 :(

If you'll excuse me, I'm going to go find some crow to eat.  Works fine now.
November 06, 2023, 03:11:20 PM #27
Whew, glad you figured it out :)


Cheers,
Franco
Print
Go Up Pages 1 2
User actions