Todo #10866
closed
"block bogon networks" silently blocks IPv6 client solicitations to DHCPv6 Server RA "managed" or "assisted"
0%
Description
- Problem
For interfaces configured with IPv6, if `Block bogon networks` is enabled, the associated DHCPv6 Server with RA set to `managed` or `assisted` will not receive solicitations from IPv6 clients.
- Workarounds
(1) When `Block bogon networks` is enabled and the administrator chooses to set the DHCPv6 RA to `managed` or `assisted`, dynamically adjust the derived firewall rules to allow the DHCPv6 server to receive IPv6 client DHCPv6 requests; or
(2) Prevent the administrator from setting DHCPv6 RA to `managed` or `assisted` until they disable `Block bogon networks` on the interface.
Additionally, update pfSense documentation to more clearly outline the consequences of `Block bogon networks`. And it would be helpful to add a `/Diagnostics/IPv6 Client Configuration` service to simulate phases of IPv6 provisioning, to help nail down what phase of a given service (say DHCPv6) is not responding as expected.
NOTE: Community forums did not figure out the root cause of the above, and my investment of $399 for Netgate Technical Support led to the identification of the root cause of my problems with DHCPv6. My thanks goes to Kris Phillips for figuring it out. See ticket #INC-61658.
Updated by