I’ve just started experimenting with VyOS using the vyos-1.4-rolling-202105152115 release.
I cannot get DHCPv6 prefix delegation to work correctly; I am not sure if this is a configuration issue (I have followed the DHCPv6-PD - PPPoE example) or if there is an issue with this release of VyOS.
My ISP only delegates dynamic /56 prefixes. My problem is that VyOS is announcing, per radvdump, the entire /56 over the LAN-side interface. This is a problem because the Linux clients I have on my test network won’t accept a /56 for SLAAC and don’t generate IPv6 addresses. Linux SLAAC implementations seem only to react to router advertisements for /64 prefixes.
The documentation implies that VyOS should automatically subdivide large prefixes into /64s when issuing router announcements, but this does not happen in practice. Older documentation mentions an sla-len parameter to manually subdivide large prefixes but this option does not appear to be available in 1.3.
I cannot use the prefix delegation length option because my ISP will only delegate /56 prefixes even if I request a different size.
Looking at the VyOS internals, /run/radvd/radvd.conf contains "prefix ::/64 ". but radvd announces the /56 that has been delegated to the LAN-side interface instead of just a /64.
Am I missing something my config or is this a bug?
This is my configuration:
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-name WAN_IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
protocol icmpv6
}
}
ipv6-name WAN_LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
protocol icmpv6
}
rule 30 {
action accept
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
description WAN
hw-id 52:54:00:84:b2:49
}
ethernet eth1 {
address xxx.xxx.0.4/24
description Management
hw-id 52:54:00:5e:31:7f
}
ethernet eth2 {
address xxx.xxx.0.3/24
description LAN
hw-id 52:54:00:93:a0:80
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password xxxxxx
user xxxxxx
}
dhcpv6-options {
pd 0 {
interface eth2 {
address 1
sla-id 1
}
}
}
firewall {
in {
ipv6-name WAN_IN
name OUTSIDE-IN
}
local {
ipv6-name WAN_LOCAL
name OUTSIDE-LOCAL
}
}
ipv6 {
address {
autoconf
}
}
no-peer-dns
source-interface eth0
}
}
nat {
source {
rule 100 {
outbound-interface pppoe0
source {
address xxx.xxx.0.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
subnet xxx.xxx.0.0/24 {
default-router xxx.xxx.0.3
dns-server xxx.xxx.0.3
domain-name local
lease 86400
range 0 {
start xxx.xxx.0.20
stop xxx.xxx.0.200
}
}
}
}
dns {
forwarding {
allow-from xxx.xxx.0.0/24
dnssec validate
listen-address xxx.xxx.0.3
name-server xxx.xxx.9.9
}
}
router-advert {
interface eth2 {
link-mtu 1452
prefix ::/64 {
valid-lifetime 172800
}
}
}
ssh {
listen-address xxx.xxx.0.4
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password xxxxxx
plaintext-password xxxxxx
}
}
}
name-server xxx.xxx.0.3
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}