[solved] IPv6 setup question(s)

[GMasterAU]

I have been trying to setup IPv6 as my ISP provides it, and has since 2012. To make this happen I have read a lot of guides/discussions/answers. However I seem to have stumbled across a somewhat unique circumstance and I will try to be as comprehensive as I can to provide info on my problem.

The Problem
I get an IPv6 address on WAN, but I am unable to pass/parse it to LAN. When I set LAN to Track Interface (due to provision of dynamic IPv6, I lose access to GUI with a 503 error (Service Unavailable). DHCPv6 Server attempts to start by does not. After a restart via ssh, I get access to the GUI again.

On dashboard:
- dhcpd6 is red and when I click the start button nothing other than the page refreshing.
- WAN receives an IPv6 address (2001:1111:11111:9700:1111:1111:1111:f844 and shows Gateway (fe80::1111:1111:1111:816c), LAN does not.
I can ping google.com IPv6 fine from router Interfaces > Diagnostics > Ping.

Where am I going wrong in my setup? Thank you for your help in advance

Hardware
DEC700 Series - Opnsense 24.1.6
QNAP 2.5/10Gbe VLAN compatible switch

ISP
My ISP provides a native 'dual stack' IPv4 and IPv6 service. It is turned on and gives me the following:
- An existing IPv4 address (if static) and any existing framed route(s)
- A dynamic /64 IPv6 prefix for your PPP session
- A static /56 IPv6 prefix for your LAN (if you are using a router with Prefix Delegation)
- the delegated static /56 IPv6 prefix is: 2001:1111:11111:9700
- currently the ISP automatic DNS mapping is enabled

OPNsense settings
Firewall > Settings > Advanced > IPv6 Options > Allow IPv6 [X]
I also added a rule for IPv6 for WAN:
PASS - WAN - in - IPv6 - ICMP - Destination Unreachable - any - WAN address

System > Settings > General >Networking > Prefer IPv4 over IPv6 []
System > Settings > General >Networking > DNS server options []

Interfaces > WAN > IPv6 Configuration Type [DHCPv6]
Interfaces > WAN > DHCPv6 client configuration > Request only an IPv6 prefix [] (when ticked, this changes the IP address to start with fe80...)
Interfaces > WAN > DHCPv6 client configuration > Prefix delegation size [56] (in line with ISP provision)
Interfaces > WAN > DHCPv6 client configuration > Send IPv6 prefix hint [X]
Interfaces > WAN > DHCPv6 client configuration > Use IPv4 connectivity [X]
Interfaces > WAN > DHCPv6 client configuration > Use VLAN priority [Disabled]

Interfaces > LAN > IPv6 Configuration Type [Track Interface]
Interfaces > LAN > Track IPv6 Interface > IPv6 Interface [WAN]
Interfaces > LAN > Track IPv6 Interface > IPv6 Prefix ID [1]
Interfaces > LAN > Track IPv6 Interface > Manual configuration []

These settings result in LAN to show under Interfaces:Overview an IPv6 address starting with fe80.../64

Services > ISC DHCPv6  there are no further settings.

[seacycle]

I'd start with:

Interfaces > Settings > IPv6 DHCP > Log level = debug

And then inspect System > Log files > General, searching for "dhcp6c"

dhcp6c is the component getting the WAN v6 interface address, the prefix delegation, and then assigning addresses to the LAN interfaces set to "track" the WAN prefix delegation.

That your LAN interface has only a link local address suggests something going wrong with dhcp6c. I suspect that dhcpd6, which operates on the LAN side of things, is failing is a symptom, not a cause.

I'm curious about the "Use IPv4 connectivity" in the DHCPv6 client configuration. I guess that would be highly ISP specific, and isn't appropriate for the ISPs I'm familiar with. Is your ISPs v6 service through a v4 tunnel?

If your v6 delegated prefix is truly static, have you tried manually configuring the LAN v6 interface with a /64 from that prefix?

[GMasterAU]

Thank you for looking at this!

I checked the logs and I think you are right, dhcp6c is not setup correctly:

Code Select Expand

2024-05-05T05:59:11 Notice dhcp6c server ID: 00:03:00:01:20:b0:01:ac:81:6c, pref=-1
2024-05-05T05:59:11 Notice dhcp6c status code: no prefixes
2024-05-05T05:59:11 Notice dhcp6c get DHCP option status code, len 2
2024-05-05T05:59:11 Notice dhcp6c IA_PD: ID=0, T1=0, T2=0
2024-05-05T05:59:11 Notice dhcp6c get DHCP option IA_PD, len 18
2024-05-05T05:59:11 Notice dhcp6c get DHCP option domain search list, len 5
2024-05-05T05:59:11 Notice dhcp6c get DHCP option DNS, len 16
2024-05-05T05:59:11 Notice dhcp6c get DHCP option opt_82, len 4
2024-05-05T05:59:11 Notice dhcp6c DUID: 00:01:00:01:2d:ac:5e:ef:f4:90:ea:00:f8:43
2024-05-05T05:59:11 Notice dhcp6c get DHCP option client ID, len 14
2024-05-05T05:59:11 Notice dhcp6c DUID: 00:03:00:01:20:b0:01:ac:81:6c
2024-05-05T05:59:11 Notice dhcp6c get DHCP option server ID, len 10
2024-05-05T05:59:11 Notice dhcp6c receive advertise from fe80::22b0:1ff:feac:816c%igc1 on igc1
2024-05-05T05:59:11 Notice dhcp6c reset a timer on igc1, state=SOLICIT, timeo=4, retrans=16873
2024-05-05T05:59:11 Notice dhcp6c send solicit to ff02::1:2%igc1
2024-05-05T05:59:11 Notice dhcp6c set IA_PD
2024-05-05T05:59:11 Notice dhcp6c set IA_PD prefix
2024-05-05T05:59:11 Notice dhcp6c set option request (len 4)
2024-05-05T05:59:11 Notice dhcp6c set elapsed time (len 2)
2024-05-05T05:59:11 Notice dhcp6c set client ID (len 14)

I have now tried it both with iPv4 connectivity turned on and off, no difference.

Unfortunately beyond the information I have given in the original post, I don't know if IPv6 is through a v4 tunnel, however I can try and ask the ISP.

I just checked my modem and perhaps this may be part of the issue why OPNsense reports no prefixes?:

Modem
IPv6 Configuration
Mode: DHCPv6
Status: connected
Enabled [X]
then it reports an IPv6 address, a Gateway, DNS servers and the IPv6 prefix delegation (2001:1111:1111:9700::/56)

Could it be that I need to configure OPNsense differently to link in properly with the modem?

[Maurice]

Looks like OPNsense is connected to another router, not to a modem. That router establishes the PPP link and negotiates the prefix delegation with your ISP. Since it doesn't seem to support downstream prefix delegation (or isn't configured correctly), OPNsense only gets an address.

If you want OPNsense to negotiate the /56 prefix delegation with your ISP, you'll need to set the other router to bridge mode or replace it with an actual modem. If that's not possible, you'll need to configure a static LAN address on OPNsense and a static route on the other router.

"Use IPv4 connectivity" is only required if OPNsense establishes the PPP link itself. The wording is slightly misleading, the help text explains it better: "Request the IPv6 information through the IPv4 PPP connectivity link."

Cheers
Maurice

[saulsutherland]

Apologies for the phone screenshot. What are your RA settings under Services > Router Advertisements?

Edit: Imgur link with better screenshots from desktop. https://imgur.com/a/nPIQMfZ

[GMasterAU]

hi all,

thank you for all your input. I got it to work. @Maurice you were right on the money. I decided to give your theory a try and just removed the ISP provided modem after checking that they allowed me to connect directly via PPPoE. Initially it would not work on the original opnsense setup that I was working on, but I decided to just scrap everything and reset opnsense to factory settings. After that, it dialled in immediately and I was able to set DHCPv6. Settings:

Interfaces > WAN > IPv4 [PPPoE]
Interfaces > WAN > IPv6 [DHCPv6]
Interfaces > WAN > Dynamic Gateway Policy [X]
Interfaces > WAN > DHCPv6 Client configuration > Request only an IPv6 prefix []
Interfaces > WAN > DHCPv6 Client configuration > Prefix delegation size [56] (provided by my ISP)
Interfaces > WAN > DHCPv6 Client configuration > Send IPv6 prefix hint [X]
Interfaces > WAN > DHCPv6 Client configuration > Use IPv4 connectivity [X] (needed, otherwise no IP is assigned, iiNet, Australia)
Interfaces > WAN > DHCPv6 Client configuration > Use VLAN priority [Disabled]

Interfaces > LAN >  IPv6 Configuration Type [Track Interface]
Interfaces > LAN >  Track Interface > IPv6 [WAN]
Interfaces > LAN >  Track Interface > IPv6 Prefix ID ['0']

I tested it and now IPv6-test.com returns that Native IPv6 is supported, and my Mac also reports a correct IPv6 IP address.

In conclusion I assume that there were two main issues. 1) the modem I used prior was not allowing me to customise it to fit my requirements and setup. It was getting the IP address, but was not able to pass it on. 2) In my various ways of modifying opnsense to try and get it to work, I must have caused issues that made for a bad configuration that I was not able to make work.

[Maurice]

That was easier than expected. The box you removed was definitely a router then, not a modem at all, not even a router with a modem. A router routes, a modem modulates and demodulates. ;)

"Dynamic Gateway Policy" should not be required. Otherwise, your config looks good to me - it's essentially the basic "Dual Stack over PPPoE" setup.

Happy networking!