pfSense

A previously working IPv6 configuration for prefix delegation is broken on 2.2.3.

In /var/dhcpd/etc/dhcpdv6.conf, this declaration used to function correctly as expected:

subnet6 2001:470:xxxx:xxxx::/64 {
    range6 2001:470:xxxx:xxxx:0:0:0:FF00 2001:470:xxxx:xxxx:0:0:0:FFFF;
    option dhcp6.name-servers 2001:470:xxxx:xxxx::1;
    prefix6 2001:470:yyyy:F000:: 2001:470:yyyy:FF00:: /60;
}

On 2.2.3, the same block yields an error from the daemon:

Jul 10 15:12:34     dhcpd: /etc/dhcpdv6.conf line 17: prefix6 start prefix is outside the subnet
Jul 10 15:12:34     dhcpd: prefix6 2001:470:yyyy:F000:: 2
Jul 10 15:12:34     dhcpd: ^
Jul 10 15:12:34     dhcpd: Configuration file errors encountered -- exiting

Looks like the culprit is a new check in ISC DHCP 4.2.8, per the release notes :

- Added checks in range6 and prefix6 statement parsing to ensure addresses
are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
bug report and patch.
[ISC-Bugs #32453]
[ISC-Bugs #17766]
[ISC-Bugs #18510]
[ISC-Bugs #23698]
[ISC-Bugs #28883]

We'll have to adjust the syntax to make the new checks happy or find another way around it.

Manually adding a new subnet6 block outside of the above makes it complain that there are no prefixes inside the shared network.