Todo #10866

"block bogon networks" silently blocks IPv6 client solicitations to DHCPv6 Server RA "managed" or "assisted"

Added by Chase Turner about 2 months ago. Updated about 2 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


  1. Problem

For interfaces configured with IPv6, if `Block bogon networks` is enabled, the associated DHCPv6 Server with RA set to `managed` or `assisted` will not receive solicitations from IPv6 clients.

  1. Workarounds

(1) When `Block bogon networks` is enabled and the administrator chooses to set the DHCPv6 RA to `managed` or `assisted`, dynamically adjust the derived firewall rules to allow the DHCPv6 server to receive IPv6 client DHCPv6 requests; or

(2) Prevent the administrator from setting DHCPv6 RA to `managed` or `assisted` until they disable `Block bogon networks` on the interface.

Additionally, update pfSense documentation to more clearly outline the consequences of `Block bogon networks`. And it would be helpful to add a `/Diagnostics/IPv6 Client Configuration` service to simulate phases of IPv6 provisioning, to help nail down what phase of a given service (say DHCPv6) is not responding as expected.

NOTE: Community forums did not figure out the root cause of the above, and my investment of $399 for Netgate Technical Support led to the identification of the root cause of my problems with DHCPv6. My thanks goes to Kris Phillips for figuring it out. See ticket #INC-61658.


#1 Updated by Jim Pingle about 2 months ago

  • Tracker changed from Bug to Todo
  • Project changed from pfSense to pfSense Docs
  • Category changed from DHCP (IPv6) to DHCP
  • Target version deleted (2.5.0)
  • Affected Version deleted (2.4.5-p1)
  • Affected Architecture deleted (All)

Block bogon networks should never be used on internal interfaces, only WANs. That has always been true for both IPv4 and IPv6.

I've changed this to a documentation ticket to make that more clear in the docs.

Also available in: Atom PDF