Feature #16822
open
DHCPv6 PD track interface support for OpenVPN IPv6 tunnel network
0%
Description
WAN interfaces configured for DHCPv6 prefix delegation have a known prefix structure that can be used when configuring OpenVPN server tunnels, but unlike 6rd (resolved in #16706), there is no equivalent option for DHCPv6-PD. Users with delegated prefixes (e.g. Comcast /60) must hardcode an IPv6 tunnel network prefix, which breaks silently when the delegated prefix changes.
Add an option to the OpenVPN Server IPv6 tunnel network settings to track a DHCPv6-PD WAN interface and prefix ID, deriving the /64 dynamically at config-write time and updating automatically via rc.newwanipv6 when the delegation changes.
A working patch against 25.07.1-RELEASE has been tested and verified on pfSense Plus (arm64) with a Comcast /60 delegation.
Screenshot of what my config UI now looks like also attached.
Files
| pfsense-openvpn-dhcp6pd.patch (12.1 KB) pfsense-openvpn-dhcp6pd.patch | Patch | ||
| Screenshot 2026-05-02 at 1.59.47 PM.png (252 KB) Screenshot 2026-05-02 at 1.59.47 PM.png | Screenshot of Config Gui |
Updated by Kris Phillips 21 days ago
It seems it would be better to be able to assign a subnet to the OpenVPN network beyond a /64 when using the drop down, rather than defining what the WAN interface has for a PD, as this should be known from other settings available.
This would, however, greatly help with OpenVPN and IPv6 delivered via DHCPv6 PD.
Updated by Dan Mahoney 21 days ago
Yeah, I brought this up on the forum a little bit ago, for more context: https://forum.netgate.com/topic/199185/openvpn-with-ipv6-delegated-prefix
Updated by Dan Mahoney 21 days ago
In ipv6 land, pretty much all network subnets are /64s, unless you're doing a weird point-to-point link (i.e. a /127), but most hosts receiving an IP address will assume it's on a /64 boundary. This is the way router advertisements work as well. You're never going to have a subnet that's, say, a /68 or something, even though it's technically possible to configure.
Updated by Dan Mahoney 21 days ago
Oh, I'm actively using this at home, so if there are any diagnostics you need or anything, let me know. (I'm due to move in a month or so, to the land of Zayo Fiber, and they may do things differently). I may also attempt to upgrade to 26.03 and confirm it reapplies clean.