[Australia] FWG+ unable to get IPv6 prefix via DCHPv6
Hi,
I've read a few posts across Whirlpool with a few tips and tricks but I'm unable to get IPv6 to work with my NBN RSP (Launtel).
I migrated to a Gold Plus yesterday from a Netgate appliance running pfSense and had no issues with IPv4 setup, was assigned my static IP straight away and off I went. After fine tuning the rest of my LAN settings I noticed I wasn't getting any IPv6 connectivity with default settings, so I tried to make sure they matched my old pfSense as best as possible:
WAN Settings:
DHCPv6: On
IA_NA: On
IPv6 Prefixes: 1, Delegation Size: /48 (have also tried 56, 60 and deleting the number entirely via SSH per some articles suggestions).
I get the "Network has no Prefixes" banner displayed here.
LAN Settings:
IPv6: On
Interface Type: Prefix Delegation
DHCPv6: On
Auto Config Type: Stateless (Launtel support asked me to change this to SLAAC but there isn't an option to change here, I thought it was the same thing)
DCHPv6 Lease Time: 86400
Does anyone have any other suggestions? The WAN interface appears to have an IPv6 address assigned but isn't getting a prefix.
-
I'll try to summarise without losing too much of the important details:
It turns out that the ISP does not properly handle the DHCPv6 exchange when rapid-commit is used. According to RFC 8415 (https://datatracker.ietf.org/doc/html/rfc8415#section-21.14):
A client MAY include this option in a Solicit message if the client
is prepared to perform the Solicit/Reply message exchange described
in Section 18.2.1.A server MUST include this option in a Reply message sent in response
to a Solicit message when completing the Solicit/Reply message
exchange.However, the server does not include the rapid-commit flag in the DHCP6 Reply message. Firewalla sends a DHCP6 solicitation with rapid-commit flag set. Although the server replies with a DHCP6 reply, rapid-commit is not set.
If I remove the rapid-commit option in solicit, the 4-message exchange works properly and Firewalla can assign IPv6 addresses to local devices.
Anyway, I temporarily disabled the rapid-commit in the option and IPv6 works now. But we still recommend you talk to the ISP support to fix the problem. The ISP supports rapid-commit 2-message exchange but missing a flag in the reply violates the RFC 8415.
Please sign in to leave a comment.
Comments
3 comments