BUG: IPv6 Prefix Delegation over PPPoE broken

reported this in 9.3 aswell,

when setting up WAN Connection over PPPoE the sophos is unable to get a prefix delegated to use for IPv6. 

other routers i tested are able to get a /48 IPv6 Prefix with the same connection.

Parents Reply Children
  • i reported this issue a year ago for the first time. I am not sure if its a BUG or a missing feature of the way that the prefix is assigned by the ISP. The only issue i got is that even a cheap consumer AVM Fritzbox or a OpenWRT is able to do this properly and this industry grade Firewall is not.

    ---

    Sophos UTM 9.3 Certified Engineer

  • If i search the logs I connot find any indication it is requesting a prefix. But is is receiving an IPv6 link local address.

    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: Connect: ppp0 <--> eth0
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x5b010044>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [LCP ConfReq id=0x2 <mru 1500> <auth pap> <magic 0x9ffdb81a>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [LCP ConfAck id=0x2 <mru 1500> <auth pap> <magic 0x9ffdb81a>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x5b010044>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [LCP EchoReq id=0x0 magic=0x5b010044]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [PAP AuthReq id=0x1 user="kpn" password=<hidden>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [LCP EchoRep id=0x0 magic=0x9ffdb81a]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [PAP AuthAck id=0x1 "Authentication success,Welcome!"]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: Remote message: Authentication success,Welcome!
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: PAP authentication succeeded
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: peer from calling number 28:31:52:59:9F:A6 authorized
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [IPV6CP ConfReq id=0x1 <addr fe80::19a1:3d21:d79e:23b1>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [IPCP ConfReq id=0x1 <addr 195.190.228.3>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [IPCP ConfAck id=0x1 <addr 195.190.228.3>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::2a31:52ff:fe59:9fa6>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [IPV6CP ConfAck id=0x1 <addr fe80::2a31:52ff:fe59:9fa6>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [IPCP ConfNak id=0x1 <addr 77.165.167.135> <ms-dns1 195.121.1.34> <ms-dns2 195.121.1.66>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: sent [IPCP ConfReq id=0x2 <addr 77.165.167.135> <ms-dns1 195.121.1.34> <ms-dns2 195.121.1.66>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [IPV6CP ConfAck id=0x1 <addr fe80::19a1:3d21:d79e:23b1>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: local LL address fe80::19a1:3d21:d79e:23b1
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: remote LL address fe80::2a31:52ff:fe59:9fa6
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: Script /etc/ppp/ipv6-up started (pid 17453)
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: rcvd [IPCP ConfAck id=0x2 <addr 77.165.167.135> <ms-dns1 195.121.1.34> <ms-dns2 195.121.1.66>]
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: local IP address 77.165.167.135
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: remote IP address 195.190.228.3
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: primary DNS address 195.121.1.34
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: secondary DNS address 195.121.1.66
    2016:02:20-12:34:41 gateway pppd-pppoe[17446]: Script /etc/ppp/ip-up started (pid 17454)
    2016:02:20-12:34:42 gateway pppd-pppoe[17446]: Script /etc/ppp/ip-up finished (pid 17454), status = 0x0
    2016:02:20-12:34:43 gateway pppd-pppoe[17446]: Script /etc/ppp/ipv6-up finished (pid 17453), status = 0x0

    ifconfig also shows this:
    ppp0 Link encap:Point-to-Point Protocol
    inet addr:77.165.167.135 P-t-P:195.190.228.3 Mask:255.255.255.255
    inet6 addr: fe80::19a1:3d21:d79e:23b1/10 Scope:Link
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
    RX packets:1955 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2447 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:811985 (792.9 Kb) TX bytes:601254 (587.1 Kb)

     did you had to configure anything extra to get the prefix delegation working? Do you see the PD in your log?

  • I finally have IPv6 working again, but that is a long story.
    I reviewed the logs this morning and can only see a couple of LL addresses being supplied. I have setup the IPv6 acces on my ISPs user account. Other than that I did nothing extra than enabling IPv6 in the UTM.
    The following two lines are part of the PPPoE log.

    m pppd-pppoe[20586]: sent [IPV6CP ConfReq id=0x1 <addr fe80::ecd1:1e64:d42d:8dbb>]

    Script /etc/ppp/ipv6-up started (pid 20658)

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • @Sophos: would appreciate any comment on this. Have been waiting for over a year for this issue to be adressed.

    ---

    Sophos UTM 9.3 Certified Engineer