Prefix Only with DHCP6C for Telus

Hello,

I’m looking for assistance configuring my VyOS to get an IPv6 prefix from my ISP. I’m working through the details of migrating from pfSense to VyOS, been reading the documentation and practicing with a virtual instance of VyOS. Based on the information I have, my ISP has specific configuration requirements:

1: Only request a dhcp6-pd (So only send IA-PD in the dhcp6 solicit message). This is what the Actiontecs actually do.
2: If the device does request both an IA-NA, and an IA-PD in the solicit message, then it must conform to RFC 7550. We are not using IA-NA so in our dhcp Advertise message there will be a NoAddrAvail message for the IA-NA, and a prefix for the IA-PD.
#2: is where most of the 3rd party devices have issues. They don’t handle this case and will usually reject the dhcp advertise message that is sent down and just go into and endless solicit loop.”
Source: IPv6 connectivity via How to configure Telus Optik IPv6 on a Ubiquiti Edgerouter

Here is the working configuration in pfSense:

Here is my semi-working configuration in VyOS:

vyos@vyos1# show interfaces ethernet eth1
 address dhcp
 address dhcpv6
 description WAN
 dhcpv6-options {
     pd 0 {
         interface eth0 {
             address 1
             sla-id 0
         }
         length 56
     }
     rapid-commit
     temporary
 }
 ipv6 {
     address {
         autoconf
     }
 }

I can see the solicit from VyOS and the response from the ISP, but VyOS does not assign the prefix to the WAN interface:

vyos@vyos1:~$ tcpdump -i eth1 -vvv ip6
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:22:28.172823 IP6 (flowlabel 0x959e7, hlim 1, next-header UDP (17) payload length: 93) fe80::XXXX:XXXX:XXXX:XXXX.dhcpv6-client > XXXX::1:2.dhcpv6-server: [bad udp cksum 0xda39 -> 0xa748!] dhcp6 solicit (xid=ff9b63 (client-ID hwaddr/time type 1 time 670476949 86c27384e741) (rapid-commit) (elapsed-time 61324) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))
11:22:28.430550 IP6 (class 0x40, hlim 255, next-header UDP (17) payload length: 129) fe80::XXXX:XXXX:XXXX:XXXX.dhcpv6-server > fe80::XXXX:XXXX:XXXX:XXXX.dhcpv6-client: [udp sum ok] dhcp6 reply (xid=ff9b63 (server-ID hwaddr type 1 00d0f618a388) (client-ID hwaddr/time type 1 time 670476949 86c27384e741) (rapid-commit) (IA_PD IAID:0 T1:7200 T2:10800 (IA_PD-prefix 20XX:5XX:7XX1:cXX0::/56 pltime:14400 vltime:14700)) (DNS-server 20XX:XXX:XXXX:XXX::53 20XX:XXX:XXXX:XXX::114))
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

I’m currently reading about “wide-dhcp6” to ensure that I have configured it correctly to only request a prefix from the ISP, since it is noted a common problem with third party routers.

I would greatly appreciate any thoughts or suggests or assistances on this issue. It is the only technical challenge blocking me from migrating off pfSense.

Thank you.

Solved the issue. The problem was an unconfigured firewall, definitely forgot to allow icmpv6 from the WAN to LOCAL.

Here is the working WAN to LOCAL firewall rule for icmpv6, allow everything. I will probably work to refine in the future. The default policy for LOCAL to WAN is accept.

deploy@vyos1# show firewall ipv6-name WAN-LOCAL-IPV6
 default-action drop
 rule 21 {
     action accept
     protocol icmpv6
 }

Here is the working interface configuration:

vyos@vyos1# show interfaces ethernet eth1
 address dhcp
 address dhcpv6
 description WAN
 dhcpv6-options {
     pd 0 {
         interface eth0 {
             sla-id 1
         }
         length 56
     }
     temporary
 }