On 4/30/26 15:42, Sonic wrote:
> As an ipv6 newbie I'm not sure about some issues I've come across.
> Note that this is with home Internet service (Comcast/Xfinity US) and
> the addresses are not permanent.
I can provide my info. I'm also Xfinity in the US.
> Using dhcp6leased I can get a /64 on my internal interface em1 (none
> on my external interface em0) and all works well, rad works and
> downstream clients have ipv6 access. However I also want some of my
> other interfaces (vlan's currently) to have ipv6 access. If I use the
> following in dhcp6leased.conf:
> #=============
> request prefix delegation on em0 for { em1/64 vlan66/64 }
> #=============
> I get a /64 on both interfaces but ipv6 access no longer works.
>
> If I switch to dhcpcd and use this configuration:
> #=============
> ipv6only
> noipv6rs
> interface em0
> ipv6rs
> ia_na 1
> ia_pd 2 em1/0
> ia_pd 3 vlan66/0
> #=============
> I get a /64 on both interfaces, plus a /128 on em0 (this does not
> happen with dhcp6leased) and both networks have ipv6 access.
I migrated to dhcp6leased last year. The previous dhcpcd.conf in my repo
has the following instead:
ia_na 1
ia_pd 2/::/60 vport1/0/64/0
You would extend that last line for more subnets. You don't have rapid
commit which is good as in my experience when you renew the lease rapid
commit on Xfinity won't work.
Currently I'm using dhcp6leased with the following .conf:
request prefix delegation on em0 for { vport1/64 vport2/64 }
The vport2 network in my case isn't a vlan but another wired network
used as a dmz. Both vport1 and vport2 have ipv6 addresses. You will only
have a link local on em0 but that's fine with IPv6. Run slaacd so you
get the default route.
> Also I can recieve a /60 on the external interface (em0) using
> dhcp6leased but I have no clue how to distribute the 16 avaiable
> subnets to my internal interfaces.
>
> Am I doing something wrong with dhcp6leased? Or does this
> configuration need the added capabilites of dhcpcd?
>
> If I went with the /60 on the external interface (if I do this the
> internal interfaces get no ipv6 addressing, at least in my probably
> incorrect configuration) is there a way to use this dynamic address
> block and provide /64's to the internal interfaces?
All of my IPv6 trouble back when I first set this up was being too
clever with pf. Especially in regards to icmp. My other issue was the
udp traffic to fe80::/10 on port dhcpv6-client. On Xfinity this will
have non link local source addresses. Many people have a pf rule here
that is too restrictive. I'd check there if things aren't happy.
Michael
