[Australia] FWG+ unable to get IPv6 prefix via DCHPv6

Follow

nosaj

• July 06, 2024 00:19
• Edited

Hi, 

I've read a few posts across Whirlpool with a few tips and tricks but I'm unable to get IPv6 to work with my NBN RSP (Launtel). 

I migrated to a Gold Plus yesterday from a Netgate appliance running pfSense and had no issues with IPv4 setup, was assigned my static IP straight away and off I went. After fine tuning the rest of my LAN settings I noticed I wasn't getting any IPv6 connectivity with default settings, so I tried to make sure they matched my old pfSense as best as possible:

WAN Settings:
DHCPv6: On
IA_NA: On
IPv6 Prefixes: 1, Delegation Size: /48 (have also tried 56, 60 and deleting the number entirely via SSH per some articles suggestions).
I get the "Network has no Prefixes" banner displayed here.

LAN Settings:
IPv6: On
Interface Type: Prefix Delegation
DHCPv6: On
Auto Config Type: Stateless (Launtel support asked me to change this to SLAAC but there isn't an option to change here, I thought it was the same thing)
DCHPv6 Lease Time: 86400

Does anyone have any other suggestions? The WAN interface appears to have an IPv6 address assigned but isn't getting a prefix.

0

• 

  Support Team

  • July 06, 2024 03:08

  I'm going to create a support ticket and follow up from there.

  0

  Comment actions Permalink
• 

  Jamie

  • July 08, 2024 09:13

  Please post an update once fixed for other users :)

   

  Thanks

  0

  Comment actions Permalink
• 

  nosaj

  • July 10, 2024 21:44

  I'll try to summarise without losing too much of the important details:

  It turns out that the ISP does not properly handle the DHCPv6 exchange when rapid-commit is used. According to RFC 8415 (https://datatracker.ietf.org/doc/html/rfc8415#section-21.14):
  A client MAY include this option in a Solicit message if the client
  is prepared to perform the Solicit/Reply message exchange described
  in Section 18.2.1.

  A server MUST include this option in a Reply message sent in response
  to a Solicit message when completing the Solicit/Reply message
  exchange.

  However, the server does not include the rapid-commit flag in the DHCP6 Reply message. Firewalla sends a DHCP6 solicitation with rapid-commit flag set. Although the server replies with a DHCP6 reply, rapid-commit is not set.
  
  If I remove the rapid-commit option in solicit, the 4-message exchange works properly and Firewalla can assign IPv6 addresses to local devices.
  
  Anyway, I temporarily disabled the rapid-commit in the option and IPv6 works now. But we still recommend you talk to the ISP support to fix the problem. The ISP supports rapid-commit 2-message exchange but missing a flag in the reply violates the RFC 8415.

  0

  Comment actions Permalink
• 

  drgaccts

  • October 12, 2025 16:00

  I believe I am experiencing this issue with my ISP (Midco) in the United States. How did you disable the rapid-commit option on your firewalla? I have been unable to find an option on my Firewalla Gold Plus running box firmware 1.981.

  Thanks!

  0

  Comment actions Permalink
• 

  nosaj

  • October 12, 2025 20:11

  Support temporarily disabled it for me, after a ticket was created I enabled remote access for the support agent to take a look at the issue.

  0

  Comment actions Permalink
• 

  Firewalla Team

  • October 13, 2025 03:49

  @drgaccts, it's not visible on UI.  If you hit the same issue, here is a guide to help you to turn it off as a workaround: https://help.firewalla.com/hc/en-us/articles/30915929339027-Firewalla-Feature-IPv6/#h_01J2HCMEKQ6VYJFX7HEFZ4M3P5

  0

  Comment actions Permalink

Please sign in to leave a comment.