Forum Index | Search | Register (New User) | Login (Existing User) | Who's Online | FAQ | Main Site

User comments on ISPs
  >> Other Providers (without dedicated forums) Previous thread View all threads Next thread


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User PleaseJustWork
(newbie) Fri 01-Dec-23 17:45:59
Print Post

CommunityFibre IPv6 OpnSense dhcp6 issues


[link to this post] 		 
hello everyone!
I am with CF and I managed to get my opnsense online (called to unbind their Velop MAC address, etc).
I am online, the OpnSense WAN interface gets a IPv6 address (that I can ping from some online tool), so I think I am getting there.
The dhcpd6 is set to track interface (wan). IPv6 Prefix ID 0x1. I've also enabled Allow manual adjustment of DHCPv6 and Router Advertisements.
In the dhcpv6 service (enabled in the LAN interface) I can see the available range is populated. I've put from ::1000 to ::2000. I can see the service is running.

Now the issues
From my pc (linux) I can only get a fe80 address. I'm not too concerned about that for what I understand of IPv6, but the problem is that I don't see any lease in the DHCP6 in opnsense (while I can see the IPv4 ones). If I try to get a new one with
sudo dhclient -6 -v -r enp5s0

it just sits there, requesting/listening but nothing happens.

The second issue is that if I try (from my PC) this website https://test-ipv6.com/ it says I am not using IPv6.

If I do a "curl --silent ipv6.icanhazip.com" from the opnsense itself, it replies with the same IPv6 I can see in the interfaces' summary.

I have enabled the required ICMP rules for IPv6 as per this website.

Anyone who can point me in the right direction?

Thanks!
Standard User PaulKirby
(knowledge is power) Fri 01-Dec-23 19:48:49
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PleaseJustWork] [link to this post] 		 
Well I have never used opnsense before but I am with Community Fibre (CFL)

But I do use MikroTik as my Router and I just setup an IPv6 DHCP Client to ask CFL for a /48 prefix (has to be a prefix and not an address) and I store that into my routers IPv6 Pool as a /64 Address (Prefix + Subnet ID).

example:
AAAA:BBBB:CCCC::/48 (CFL Prefix)
AAAA:BBBB:CCCC::1/64 (Router IPv6)
Basically my router is: AAAA:BBBB:CCCC:DDDD:0:0:0:1/64
Where as the ISP Prefix is: AAAA:BBBB:CCCC and the DDDD is my Subnet ID and 0:0:0:1 is the Interface ID (basically the Router)


Then I setup an IPv6 DHCP Server that provides the new /64 IPv6 Prefix for all my devices on my LAN.
BUT...
I also use ND (Neighbour Discovery) which the devices use along with the IPv6 DHCP Server and I have no issues.

The https://test-ipv6.com/ link you provided gives me a 10/10

Also https://ipv6.icanhazip.com/ displays the IPv6 of my PC.

I think where your opnsense is working fine, I think its just not advertising the your IPv6 Prefix + Subnet ID to your LAN.

---
Paul

Community Fibre - GIGAFAST
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest (CLI) | MikroTik RB4011iGS+RM (BQM)

Edited by PaulKirby (Fri 01-Dec-23 20:03:25)
Standard User candlerb
(knowledge is power) Fri 01-Dec-23 20:47:22
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PleaseJustWork] [link to this post] 		 
Addresses which start fe80: are "link local" addresses: they are only valid for communicating with a peer on the same LAN segment. They are not usable on the public Internet.

Real IPv6 addresses start with 2xxx: or 3xxx:

Once your router has a real IPv6 prefix, and starts announcing it over your LAN using Router Advertisements (or via DHCPv6), your client devices should auto-configure themselves with a real IPv6 address.


Register (or login) on our website and you will not see this ad.

Standard User pdampier
(newbie) Sun 03-Dec-23 15:38:12
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PleaseJustWork] [link to this post] 		 
Sorry to jump in without a direct solution but I have similar problem with my Ubiquiti UDM and CF. When you say you called to get them to "unbind the velop MAC address" what specifically did you ask for? I've asked them to flush/reset the MAC address table they have which then allows my UDM to work for about a week or so then it all stops again and I just get ipv4 addresses on my LAN clients.
Standard User PleaseJustWork
(newbie) Tue 05-Dec-23 15:49:43
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: pdampier] [link to this post] 		 
I called the support phone number, told them I want to replace their router with mine. I had to wait on the line for a couple of minutes and it was done. After rebooting my firewall I could then then see the proper IPv6 address assigned to the WAN interface.
It has not been a week yet so I hope it holds!
Standard User PleaseJustWork
(newbie) Tue 05-Dec-23 15:57:23
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PaulKirby] [link to this post] 		 
mmhhh, I've used (actually trained on!) Mikrotik 10+ years ago, I might give it another go. Would you be open to send some screenshots with your config?

Thanks!
Standard User candlerb
(knowledge is power) Wed 06-Dec-23 10:11:17
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PleaseJustWork] [link to this post] 		 
I also use Mikrotik, but because my provider gives me a static IPv4 and static IPv6 /56, I don't have to mess with DHCPv6 prefix delegation.

I configure everything from the command line. The key WAN-side settings are:

Text
1
23
45
67
89
1011
12
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1526 mtu=1508 
/interface pppoe-clientadd disabled=no interface=ether1 max-mru=1500 max-mtu=1500 name=pppoe-out2 password=XXXXXXXX user=YYYYYYYY@ZZZZZZZZ
 /ipv6 route
add distance=1 dst-address=2000::/3 gateway=pppoe-out2dd distance=1 dst-address=fc00::/7 type=unreachable
 /ipv6 address
add address=2001:XXXX:XXXX:XX00::1/128 advertise=no interface=pppoe-out2 no-dad=yes


Plus the LAN-side configuration, which in my case goes to a number of VLAN interfaces for different subnets, e.g.:

Text
1
23
4
/ipv6 address
add address=2001:XXXX:XXXX:XX00::1 interface=vlan256 no-dad=yesadd address=2001:XXXX:XXXX:XXff::1 interface=vlan255 no-dad=yes
...
Standard User PaulKirby
(knowledge is power) Wed 06-Dec-23 20:35:56
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PleaseJustWork] [link to this post] 		 
In reply to a post by PleaseJustWork:
mmhhh, I've used (actually trained on!) Mikrotik 10+ years ago, I might give it another go. Would you be open to send some screenshots with your config?

Thanks!

I have added all what I added over 2 years ago on a MikroTik RB4011iGS+RM and not touched it since, so I may of missed out something.

Text
1
23
45
67
89
1011
1213
1415
1617
1819
2021

# [Ports]
# The "bridge" is the LAN Side and is all ports apart from "ether1"# The "ether1" is the WAN Port.
 # Setup IPv4 DHCP Server to use an address pool called "Community-Fibre-DHCPv4-Pool"
/ip dhcp-serveradd address-pool=Community-Fibre-DHCPv4-Pool interface=bridge lease-time=10m name=Yazoo-DHCPv4-Server
 # Tell IPv6 DHCP Client to request for a Prefix (you will get a /48 Prefix)
# Store that /48 Prefix into the Address Pool called "Community-Fibre-DHCPv6-Pool".# I am telling it to not use ISP DNS.
/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=Community-Fibre-DHCPv6-Pool prefix-hint=::/64 rapid-commit=no request=prefix use-peer-dns=no
 # Tell IPv6 DHCP Server to use the IPv6 Address Pool called "Community-Fibre-DHCPv6-Pool".
/ipv6 dhcp-serveradd address-pool=Community-Fibre-DHCPv6-Pool interface=bridge name="Community Fibre DHCPv6Server"
 # Add DNS Servers, use 3rd party servers (each DNS Server is wrapped in a single quote).
/ipv6 dhcp-server optionadd code=23 name=dns value="'2606:4700:4700::1001''2606:4700:4700::1111''2001:4860:4860::8888''2001:4860:4860::8844'"


If you see a Status of "bound" for each of the DHCP Clients then you know they are accepting your DHCP Clients

I didn't supply what I use for Firewall for both IPv4 and IPv6 due to everyone's will differ, plus there are loads of guides on their site.

Even though I have DHCPv6 Server setup, it has issues on Windows Machines so I also use ND (Neighbor Discovery) which seems to work fine with each other.

Basically I use Port 1 for WAN and Port 10 for LAN which goes into our main Switch.

I have used this setup since I have had Community Fibre without any issues.

Let me know if you need more info.

---
Paul

Community Fibre - GIGAFAST
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest (CLI) | MikroTik RB4011iGS+RM (BQM)
Standard User tdw42
(committed) Wed 06-Dec-23 21:23:41
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: candlerb] [link to this post] 		 
Just a point for information - changing the MTU on ether1 is not required, the jumbo PPPoE packets are layer 2 and are easily accommodated within the default L2MTU
Standard User tdw42
(committed) Wed 06-Dec-23 21:40:35
Print Post

Re: CommunityFibre IPv6 OpnSense dhcp6 issues


[re: PaulKirby] [link to this post] 		 
For information - the add-default-route=yes setting for the DHCPv6 client is a bodgy hack as DHCPv6 has no concept of default gateways or netmasks, they are learnt through router advertisment (RA) messages. This setting installs the address of the DHCPv6 server as the gateway, in many IPv6 deployments this will actually work but is not guaranteed to.

The correct method is to allow router advertisments when the Mikrotik is acting as a router by changing the default accept-router-advertisements=yes-if-forwarding-disabled to accept-router-advertisements=yes. Ideally Mikrotik would make this a per-interface setting rather than global for all interfaces.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Previous thread View all threads Next thread
Jump to