CALL FOR TESTING: IPv6 improvements!

franco · January 16, 2026, 03:10:34 PM

Hello,

We have been working on a number of IPv6 improvements and I'd like to ask willing users to help test them with us!

1. dhcp6c improvements

dhcp6c has received a lot of refactoring and cleanups and can now set the lifetime of prefixes (formerly set to infinite by the code even though that's not what is being e). The code changed to offer the valid life time as preferred/valid life times during configuration, which makes them expire automatically. We found a few bugs in the FreeBSD kernel that were fixed in 25.7.11 so testing the new dhcp6c code is possible now.

Again: make sure you are on 25.7.11 :)

# opnsense-code dhcp6c
# cd /usr/dhcp6c
# ./configure
# make upgrade

dhcp6c will not restart automatically. The best way to use the new version is to reboot.

If you want to revert to the version that belongs to 25.7.11 you can do:

# opnsense-revert dhcp6c

(and reboot)

The first two pages here are the relevant changes: https://github.com/opnsense/dhcp6c/commits/master/

2. We're testing multi-dhcp6c again after deciding against it many years ago. There are some downsides to using one daemon for all WANs a patch exists to split the daemons up! This also makes it possible to get better control of individual PD associations requested from the ISP.

This requires the 25.7.11 DEVELOPMENT version to apply cleanly. I recommend using a snapshot before switching since a number of things will be migrated and it's not easy to switch back as some settings will be in the wrong place. A config backup and restore is also an idea if you make the direct transition back using the firmware GUI.

# opnsense-patch https://github.com/opnsense/core/commit/5b8c2a862e

A reboot would be the best course of action here too.

More context on the work we did here is in https://github.com/opnsense/core/issues/7647

If you have any questions please let me know. All feedback is welcome, especially from multi-WAN IPv6 users! :)

Cheers,
Franco

Maurice · January 16, 2026, 10:08:58 PM

Hey Franco,

Multi-WAN IPv6 user here. :) WAN1 requests address + prefix, WAN2 only requests an address.

I performed 1. and don't see any immediate issues after the reboot.
Can we see the (remaining) lifetime somewhere? It doesn't seem to be reflected in the prefix lifetime advertised by radvd on tracking LAN interfaces.

If there aren't any issues in the next two days or so, I'll go ahead and test 2., too.

Cheers
Maurice

franco · January 16, 2026, 10:25:16 PM

Nice, you can see configured lifetimes in ifconfig and with -L switch you can see how much is left (actually found and fixed this switch for 25.7.11).

Note that dhcp6c sets vltime = pltime for prefixes. It's all a bit odd that NA was setting vltime and pltime correctly but PD set infinite for both. To crawl towards a better solution we avoid deprecation of prefixes for now but from my testing so far dhcp6c renews far more frequently than pltime so in a next step we can probably set the real pltime too.

The key thing here is that we want to see the ifconfig -L times so we can actually distinguish which prefix was the last one assigned and use that as the primary one for e.g. radvd. Some ISPs renew with a new prefix but having the first one stick around and no way to distinguish because they both do not expire was suboptimal and at some point the old one disappears but there is no renew triggering a radvd reload so then the prefix stops working for clients.

I was a bit surprised to find all these related bugs for just trying to do what the standard intended. ;)

Thanks a lot,
Franco

Maurice · January 16, 2026, 11:00:11 PM

Quote from: franco on January 16, 2026, 10:25:16 PMyou can see configured lifetimes in ifconfig and with -L switch you can see how much is left

On the WAN interface, ifconfig shows the lifetime of the interface address (IA_NA). But where do I see the lifetime of the prefix (IA_PD)? On the tracking LAN interface, ifconfig does not show a lifetime.

Quote from: franco on January 16, 2026, 10:25:16 PMNA was setting vltime and pltime correctly

I can confirm this. IA_NA pltime is lower than vltime: inet6 2001:db8:6490:5d00::2 prefixlen 128 pltime 270 vltime 300

Quote from: franco on January 16, 2026, 10:25:16 PMfrom my testing so far dhcp6c renews far more frequently than pltime

From my testing, dhcp6c renews after half of vltime. So as long as pltime > vltime/2, no problem.

Quote from: franco on January 16, 2026, 10:25:16 PMThe key thing here is that we want to see the ifconfig -L times so we can actually distinguish which prefix was the last one assigned and use that as the primary one for e.g. radvd. Some ISPs renew with a new prefix but having the first one stick around and no way to distinguish because they both do not expire was suboptimal and at some point the old one disappears but there is no renew triggering a radvd reload so then the prefix stops working for clients.

Excellent! This has plagued me a lot and the workarounds I had to implement are nightmare fuel.

Quote from: franco on January 16, 2026, 10:25:16 PMI was a bit surprised to find all these related bugs for just trying to do what the standard intended.

Unfortunately, I'm not surprised at all.

Cheers
Maurice

Maurice · January 16, 2026, 11:08:03 PM

Oh, I probably have to perform 2. (switch to development branch and apply patch) to see the IA_PD lifetime?

franco · January 17, 2026, 08:09:56 AM

> On the WAN interface, ifconfig shows the lifetime of the interface address (IA_NA). But where do I see the lifetime of the prefix (IA_PD)? On the tracking LAN interface, ifconfig does not show a lifetime.

No it sounds to me that the dhcp6c service wasn't restarted. If you skipped the reboot you need to "killall dhcp6c" and reconfigure otherwise SIGHUP is used and the old binary remains active.

> Excellent! This has plagued me a lot and the workarounds I had to implement are nightmare fuel.
> Oh, I probably have to perform 2. (switch to development branch and apply patch) to see the IA_PD lifetime?

No, this issue should be fixed on 25.7.11 with the latest dhcp6c code from the repository active. If not it's a bit of core glue that is not entirely correct but that will be easy to fix with an ifconfig -L dump at the time of the renewal where it tells radvd.conf to still use the old prefix.

Cheers,
Franco

Maurice · January 17, 2026, 07:28:02 PM

Quote from: franco on January 17, 2026, 08:09:56 AMNo it sounds to me that the dhcp6c service wasn't restarted.

I did reboot.

For the WAN interface, ifconfig only shows the addresses configured on the interface itself (obviously), not the delegated prefix. So no lifetime information for IA_PD there:

Code Select

~ # ifconfig -L vtnet0
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
        description: WAN_GPON (wan)
        options=ec07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS>
        ether 00:15:5d:2a:fe:16
        inet6 fe80::215:5dff:fe2a:fe16%vtnet0 prefixlen 64 scopeid 0x1
        inet6 2001:db8:5812:800::2 prefixlen 128 pltime 209 vltime 239
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

For the tracking LAN interface, ifconfig doesn't show lifetimes:

Code Select

~ # ifconfig -L vtnet2
vtnet2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN_IPv6 (lan)
        options=ec07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS>
        ether 00:15:5d:2a:fe:02
        inet6 fe80::215:5dff:fe2a:fe02%vtnet2 prefixlen 64 scopeid 0x3
        inet6 fd03:2148:cea2:1::1 prefixlen 64
        inet6 2001:db8:5812:801::1 prefixlen 64
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

What does work is that the GUA gets removed from the tracking LAN interface when the valid lifetime of the prefix delegation expires. It just seems you can't see that lifetime anywhere.

Cheers
Maurice

franco · Reply #7 - Re: CALL FOR TESTING: IPv6 improvements!

Then the code in dhcp6c repo wasn't pulled correctly? Or are you using the "no release" option, too? With that option it is rather hard to do anything sane and I've kept it to use infinite lifetimes otherwise it breaks the promise of the option...

https://github.com/opnsense/dhcp6c/commit/52dfc21489

1.) is still evolving on the master branch. Had a wrong assumption that RENEW would already trigger a full reload but that wasn't the case.

The two commits seem to be needed as well and I'm not sure they apply cleanly to 25.7.11. Still testing a bit.

https://github.com/opnsense/core/commit/c31d9430e
https://github.com/opnsense/core/commit/fafe519de

Cheers,
Franco

Maurice · Reply #8 - Re: CALL FOR TESTING: IPv6 improvements!

Quote from: franco on Today at 01:52:51 PMThen the code in dhcp6c repo wasn't pulled correctly?

Pulled, compiled and installed correctly.

Quote from: franco on Today at 01:52:51 PMOr are you using the "no release" option, too?

Nope.

But I now made the next step and switched to opnsense-devel (26.1.b_143). ifconfig now shows pltime and vltime for the GUA on the tracking LAN interface. So it seems devel is indeed required for this to work.

Did not apply the multi-dhcp6c patch yet, maybe tomorrow.

Great new radvd features by the way, like PREF64! 👍

Cheers
Maurice

CALL FOR TESTING: IPv6 improvements!

franco

January 16, 2026, 03:10:34 PM Last Edit: January 16, 2026, 05:10:06 PM by franco

Maurice

January 16, 2026, 10:08:58 PM #1

franco

January 16, 2026, 10:25:16 PM #2

Maurice

January 16, 2026, 11:00:11 PM #3

Maurice

January 16, 2026, 11:08:03 PM #4

franco

January 17, 2026, 08:09:56 AM #5

Maurice

January 17, 2026, 07:28:02 PM #6

franco

Today at 01:52:51 PM #7

Maurice

Today at 04:48:28 PM #8