IPv6 with DHCP6 on top of PPPoE and VLAN

[franco]

Ok first things first...

# pgrep mpd5

One instance should be running.

# grep pppoe.iface /var/etc/mpd_wan.conf

Should find the correct VLAN.

Then mpd5/PPPoE is in charge of connecting to the ISP.

If that doesn't happen, use IPv4 connectivity will not start running DHCPv6 because IPv4 from the PPPoE point of view is not up!

You can check the PPPoE logs:

# opnsense-log ppps

Then also Orange is a PITA as we know from France where they want very very specific sending options and perhaps even VLAN priority. You need to emulate all of this in order to get full connectivity and my guess is you're not there yet.


Cheers,
Franco

[carbas]

# pgrep mpd5

One instance should be running.

It is.

# grep pppoe.iface /var/etc/mpd_wan.conf

Should find the correct VLAN.

LGTM

You can check the PPPoE logs:

# opnsense-log ppps

It looks that connection is established, but only IPv6 config recived. This is expected behaviour.

Then also Orange is a PITA as we know from France where they want very very specific sending options and perhaps even VLAN priority. You need to emulate all of this in order to get full connectivity and my guess is you're not there yet.

Fortunately polish HQ is not as much PITA as french. They don't stack problems for people wanting use own HW.

Here is full PPPoE log for reference. I think the "LCP: protocol IPCP was rejected" is the important one, but still, IMHO this is expected as I we want to establish IPv6-only connection.

Code: [Select]

<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="37"] process 53486 started, version 5.9
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="38"] web: web is not running
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="39"] [wan] Bundle: Interface ng0 created
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="40"] [wan_link0] Link: OPEN event
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="41"] [wan_link0] LCP: Open event
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="42"] [wan_link0] LCP: state change Initial --> Starting
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="43"] [wan_link0] LCP: LayerStart
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="44"] [wan_link0] PPPoE: Connecting to ''
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="45"] PPPoE: rec'd ACNAME "wro_bng1_re0"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="46"] [wan_link0] PPPoE: connection successful
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="47"] [wan_link0] Link: UP event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="48"] [wan_link0] LCP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="49"] [wan_link0] LCP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="50"] [wan_link0] LCP: SendConfigReq #1
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="51"] [wan_link0]   PROTOCOMP
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="52"] [wan_link0]   MRU 1492
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="53"] [wan_link0]   MAGICNUM 0x03551bda
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="54"] [wan_link0] LCP: rec'd Configure Request #201 (Req-Sent)
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="55"] [wan_link0]   MRU 1540
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="56"] [wan_link0]   AUTHPROTO CHAP MD5
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="57"] [wan_link0]   MAGICNUM 0x18516f9f
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="58"] [wan_link0] LCP: SendConfigAck #201
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="59"] [wan_link0]   MRU 1540
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="60"] [wan_link0]   AUTHPROTO CHAP MD5
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="61"] [wan_link0]   MAGICNUM 0x18516f9f
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="62"] [wan_link0] LCP: state change Req-Sent --> Ack-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="63"] [wan_link0] LCP: rec'd Configure Ack #1 (Ack-Sent)
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="64"] [wan_link0]   PROTOCOMP
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="65"] [wan_link0]   MRU 1492
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="66"] [wan_link0]   MAGICNUM 0x03551bda
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="67"] [wan_link0] LCP: state change Ack-Sent --> Opened
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="68"] [wan_link0] LCP: auth: peer wants CHAP, I want nothing
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="69"] [wan_link0] LCP: LayerUp
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="70"] [wan_link0] CHAP: rec'd CHALLENGE #162 len: 32
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="71"] [wan_link0]   Name: "JUNOS"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="72"] [wan_link0] CHAP: Using authname "XXXXXXX@neostrada.pl/ipv6"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="73"] [wan_link0] CHAP: sending RESPONSE #162 len: 46
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="74"] [wan_link0] CHAP: rec'd SUCCESS #162 len: 49
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="75"] [wan_link0]   MESG: session created in USS with key in new format
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="76"] [wan_link0] LCP: authorization successful
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="77"] [wan_link0] Link: Matched action 'bundle "wan" ""'
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="78"] [wan_link0] Link: Join bundle "wan"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="79"] [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="80"] [wan] IPCP: Open event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="81"] [wan] IPCP: state change Initial --> Starting
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="82"] [wan] IPCP: LayerStart
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="83"] [wan] IPV6CP: Open event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="84"] [wan] IPV6CP: state change Initial --> Starting
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="85"] [wan] IPV6CP: LayerStart
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="86"] [wan] IPCP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="87"] [wan] IPCP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="88"] [wan] IPCP: SendConfigReq #1
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="89"] [wan]   IPADDR 0.0.0.0
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="90"] [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="91"] [wan] IPV6CP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="92"] [wan] IPV6CP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="93"] [wan] IPV6CP: SendConfigReq #1
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="94"] [wan] IPV6CP: rec'd Configure Request #244 (Req-Sent)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="95"] [wan] IPV6CP: SendConfigAck #244
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="96"] [wan] IPV6CP: state change Req-Sent --> Ack-Sent
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="97"] [wan_link0] LCP: rec'd Protocol Reject #202 (Opened)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="98"] [wan_link0] LCP: protocol IPCP was rejected
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="99"] [wan] IPCP: protocol was rejected by peer
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="100"] [wan] IPCP: state change Req-Sent --> Stopped
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="101"] [wan] IPCP: LayerFinish
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="102"] [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="103"] [wan] IPV6CP: state change Ack-Sent --> Opened
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="104"] [wan] IPV6CP: LayerUp
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="105"] [wan]   5a9c:fcff:fe00:0c17 -> 2a8a:1cff:fea1:dfc3
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="106"] [wan] IFACE: Up event
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="107"] [wan] IFACE: Rename interface ng0 to pppoe0


[franco]

> IPCP: protocol was rejected by peer

Well, unfortunately this is the problem with PPPoE in the mix, because once the IPv4 connectivity is up the rc.newwanip script takes care of starting the DHCPv6 (because it doesn't make sense before PPPoE device is created). Since there is no IPv4 the PPPoE linkup script is not called so rc.newwanip is not called either.

Call this a shortcoming of the code. I'm not sure how to solve this gracefully (i.e. without stuffing new settings that nobody understands into the PPPoE WAN IPv6 mode).

We could add the same start code to IPv6 equivalent rc.newwanipv6 (or the PPPoE linkup script) but I'm entirely unsure what the best approach is to avoid race conditions by doing it which could break IPv6 for a lot of people with PPPoE at the moment.


Cheers,
Franco

[franco]

PS: This is more or less part of https://github.com/opnsense/core/issues/7446 although it would make the cleanup a feature by adding more modes. ;(

[pataps]

I've got this setup working with OPNsense, including GIF tunnel for ipv4. It works, until OPNSense reboot, and then  I have to manually change LAN settings from track interface to slaac and track interface again, in order to bring back ipv6 connectivity.

Check your LAN settings and try the above trick. This should give you ipv6 there.

P.S. How did you figure out AFTR?

[carbas]

P.S. How did you figure out AFTR?

Its is provided by DHCPv6 server. Option 64.

[pataps]

So does the LAN config change trick work for you?

Also, I noticed that your dhcp6c.conf is pointing to vlan rather than pppoe interface. Are you confident about PPPoE configuration? I Did you create the PPPoE interface yourself, or was it created during WAN setup?

[franco]

> Also, I noticed that your dhcp6c.conf is pointing to vlan rather than pppoe interface. Are you confident about PPPoE configuration? I Did you create the PPPoE interface yourself, or was it created during WAN setup?

Well, it was explained.


Cheers,
Franco

[carbas]

No it doesn't and, I guess, it can't work as I do not recive IPv6 prefix at all from DHCPv6 so there is nothing to track for LAN interface.
I don't get anything from DHCPv6 because DHCP6c isn't configured and started for PPPoE interface.
As I understand it happens because IPv4 configuration is not set by PPPoE as this is IPv6-only connection from ISP perspective (I have two separate PPPoE credentials from ISP - one is IPv4-only, second is IPv6-only + DS-lite).

[Patrick M. Hausen]

But DSlite does give you an IPv4 address. A CGNAT one, but an address.

[carbas]

Well, unfortunately this is the problem with PPPoE in the mix, because once the IPv4 connectivity is up the rc.newwanip script takes care of starting the DHCPv6 (because it doesn't make sense before PPPoE device is created). Since there is no IPv4 the PPPoE linkup script is not called so rc.newwanip is not called either.

Call this a shortcoming of the code. I'm not sure how to solve this gracefully (i.e. without stuffing new settings that nobody understands into the PPPoE WAN IPv6 mode).

We could add the same start code to IPv6 equivalent rc.newwanipv6 (or the PPPoE linkup script) but I'm entirely unsure what the best approach is to avoid race conditions by doing it which could break IPv6 for a lot of people with PPPoE at the moment.

So in simple words I understand it would require breaking changes in interface configuration logic, something like:

• "IPv4 Configuration type" set as disabled
• New option for "IPv6 Configuration type" like "PPPoEv6 + DHCPv6" available if the former one is disabled

Do I understand it correctly?

[franco]

In this case apparently not, which is fatal for acquiring DHCPv6 through PPPoE.


Cheers,
Franco

[pataps]

Well... I might be OPNsense noob myself, but as I said I managed to get this working for Orange PL. with Use IPv4 connectivity" selected on WAN. This leads me to conclusion that there is some other configuration difference that breaks it.

[franco]

• "IPv4 Configuration type" set as disabled
• New option for "IPv6 Configuration type" like "PPPoEv6 + DHCPv6" available if the former one is disabled

Do I understand it correctly?

Correct, but the implications of further complicating IPv4/IPv6 mode interaction isn't something we should aim for.

PPPoEv6 is in fact ipv6cp set, just as DHCPv6 and SLAAC do. PPPoE is ipcp but also the base of what PPPoE needs in order to generate a configuration at all. You can clearly see IPv6 was added later but never really restructured PPPoE and now the point of breakage is here.

Maybe we can get away with latching on to PPPoEv6 (with IPv4 mode set to anything other than PPPoE) for mpd5 configuration and activate IPv6 when the PPPoE IPv6 comes in instead.

It will still require a cleanup of "IPv4 connectivity" behaviour but it sounds like the most elegant way forward.


Cheers,
Franco

[carbas]

But DSlite does give you an IPv4 address. A CGNAT one, but an address.

Not from the router perspective. In DS-lite there is GIF tunnel with IPv6 endpoints and then router encapsulates IPv4 traffic into it. The GIF tunnel has the well-known IPv4 address (usually 192.0.0.2 and 192.0.0.1 on AFTR side) and IPv4 traffic is routed through it from LAN without NAT (AFTR does the NAT ).
At least if I understood correctly RFC6333