DHCPv6 Prefix Delegation not working on IPoE (non-PPPoE) connection #9853
Description
DHCPv6 Prefix Delegation not working on IPoE (non-PPPoE) connection
Environment
- OPNsense version: 25.10.2 Business Edition
- WAN connection type: IPoE (Deutsche Glasfaser FTTH)
- IPv4: DHCP, CGN address (100.x.x.x), no PPPoE
- IPv6: DHCPv6, "Request only an IPv6 prefix" enabled, Prefix delegation size /56
Description
On an IPoE connection where the ISP delegates only an IPv6 prefix via DHCPv6-PD
(no global WAN IPv6 address), the delegated prefix does not appear on the WAN
interface and IPv6 routing does not work, despite the DHCPv6 exchange completing
successfully.
Steps to reproduce
- Configure WAN interface: IPv4 DHCP, IPv6 DHCPv6, "Request only an IPv6 prefix"
enabled, Prefix delegation size 56 - Configure a LAN/VLAN interface: IPv6 "Track Interface" pointing to WAN, Prefix ID 0
- Apply configuration
Observed behavior
1. DHCPv6 exchange succeeds (confirmed by tcpdump):
IP6 fe80::f690:eaff:fe01:f02.546 > ff02::1:2.547: dhcp6 solicit
(IA_PD IAID:3 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295))
IP6 fe80::22.547 > fe80::f690:eaff:fe01:f02.546: dhcp6 advertise
(IA_PD IAID:3 T1:1800 T2:2880 (IA_PD-prefix 2a00:6020:9842:2f00::/56
pltime:3600 vltime:3600))
(DNS-server 2a00:6020:100::1 2a00:6020:200::1)
IP6 fe80::f690:eaff:fe01:f02.546 > ff02::1:2.547: dhcp6 request
(IA_PD IAID:3 T1:0 T2:0 (IA_PD-prefix 2a00:6020:9842:2f00::/56 ...))
IP6 fe80::22.547 > fe80::f690:eaff:fe01:f02.546: dhcp6 reply
(IA_PD IAID:3 T1:1800 T2:2880 (IA_PD-prefix 2a00:6020:9842:2f00::/56
pltime:3600 vltime:3600))
2. Prefix is not retained on WAN interface:
# /usr/local/sbin/ifctl -i igc0 -6pd
delete net 2a00:6020:9842:2f00::/56
# ifconfig igc0 | grep inet6
inet6 fe80::f690:eaff:fe01:f02%igc0 prefixlen 64 scopeid 0x1No global IPv6 address on WAN, no "Prefix Delegated" shown under
Interfaces → Overview.
3. No IPv6 routing possible:
# ping6 -c 3 2a00:6020:100::1
3 packets transmitted, 0 packets received, 100.0% packet lossISP gateway (link-local) is reachable, confirming physical connectivity:
# ping6 -c 3 -S fe80::f690:eaff:fe01:f02%igc0 fe80::22%igc0
3 packets transmitted, 3 packets received, 0.0% packet loss4. Release loop observed during initial configuration:
When the LAN/VLAN interface was set to "Track Interface", a release loop was
observed in tcpdump — dhcp6c repeatedly received the prefix and immediately
sent a Release. The loop stopped after several Apply Changes and dhcp6c restarts,
but the root cause could not be conclusively determined. The dhcp6c debug output
showed:
Sending Solicit
Sending Request
Received REPLY for REQUEST
add net 2a00:6020:9842:2400::/56: gateway ::1
restarting
Start address release
Sending Release
duplicated interface: igc0
The "duplicated interface" message suggests a second dhcp6c instance was started
while the first was still running.
Generated dhcp6c configuration
interface igc0 {
send ia-pd 3;
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_opt2_script.sh";
};
id-assoc pd 3 {
prefix ::/56 infinity;
};
Expected behavior
The delegated prefix should be retained on the WAN interface, appear as
"Prefix Delegated" under Interfaces → Overview, and IPv6 routing should work.
LAN/VLAN interfaces with Track Interface should receive their /64 subnets
and clients should have working IPv6 connectivity.
Workaround
None found.