"block bogon networks" silently blocks IPv6 client solicitations to DHCPv6 Server RA "managed" or "assisted"
For interfaces configured with IPv6, if `Block bogon networks` is enabled, the associated DHCPv6 Server with RA set to `managed` or `assisted` will not receive solicitations from IPv6 clients.
(1) When `Block bogon networks` is enabled and the administrator chooses to set the DHCPv6 RA to `managed` or `assisted`, dynamically adjust the derived firewall rules to allow the DHCPv6 server to receive IPv6 client DHCPv6 requests; or
(2) Prevent the administrator from setting DHCPv6 RA to `managed` or `assisted` until they disable `Block bogon networks` on the interface.
Additionally, update pfSense documentation to more clearly outline the consequences of `Block bogon networks`. And it would be helpful to add a `/Diagnostics/IPv6 Client Configuration` service to simulate phases of IPv6 provisioning, to help nail down what phase of a given service (say DHCPv6) is not responding as expected.
NOTE: Community forums did not figure out the root cause of the above, and my investment of $399 for Netgate Technical Support led to the identification of the root cause of my problems with DHCPv6. My thanks goes to Kris Phillips for figuring it out. See ticket #INC-61658.
#1 Updated by Jim Pingle about 2 months ago
- Tracker changed from Bug to Todo
- Project changed from pfSense to pfSense Docs
- Category changed from DHCP (IPv6) to DHCP
- Target version deleted (
- Affected Version deleted (
- Affected Architecture deleted (
Block bogon networks should never be used on internal interfaces, only WANs. That has always been true for both IPv4 and IPv6.
I've changed this to a documentation ticket to make that more clear in the docs.