[Australia] FWG+ unable to get IPv6 prefix via DCHPv6

Comments

3 comments

  • Avatar
    Support Team

    I'm going to create a support ticket and follow up from there.

    0
    Comment actions Permalink
  • Avatar
    Jamie

    Please post an update once fixed for other users :)

     

    Thanks

    0
    Comment actions Permalink
  • Avatar
    nosaj

    I'll try to summarise without losing too much of the important details:

    It turns out that the ISP does not properly handle the DHCPv6 exchange when rapid-commit is used. According to RFC 8415 (https://datatracker.ietf.org/doc/html/rfc8415#section-21.14):
    A client MAY include this option in a Solicit message if the client
    is prepared to perform the Solicit/Reply message exchange described
    in Section 18.2.1.

    A server MUST include this option in a Reply message sent in response
    to a Solicit message when completing the Solicit/Reply message
    exchange.

    However, the server does not include the rapid-commit flag in the DHCP6 Reply message. Firewalla sends a DHCP6 solicitation with rapid-commit flag set. Although the server replies with a DHCP6 reply, rapid-commit is not set.

    If I remove the rapid-commit option in solicit, the 4-message exchange works properly and Firewalla can assign IPv6 addresses to local devices.

    Anyway, I temporarily disabled the rapid-commit in the option and IPv6 works now. But we still recommend you talk to the ISP support to fix the problem. The ISP supports rapid-commit 2-message exchange but missing a flag in the reply violates the RFC 8415.

    0
    Comment actions Permalink

Please sign in to leave a comment.