Skip to main content
Bart_Maes1
Bart_Maes1
New Member
October 26, 2016
Question

FortiGate 51E - IPv6 over PPP

  • October 26, 2016
  • 2 replies
  • 18579 views

Hi, I'm trying to setup a FortiGate 51E at home on a vdsl-Line with dual-stack IPv4/IPv6. The dsl-modem is in PPPoE passthrough mode (bridge), ISP is Proximus (belgium). The wan interface is in PPPOE mode and receives it IPv4 address, so far so good. On the IPv6 side on the other hand I do not receive any IP. Normally, once the PPP session is established, the FG should use IPv6CP to allocate an IP address to the (wan) interface. Getting the IPv6 prefix delegated is done over DHCPv6, the DHCPv6 server should then assign a /56 prefix. None of this is happening, and I can't see where it goes wrong. This setup is previously validated on a Ubiquiti EdgeRouter and working. When I sniff on the wan interface I can see the RA's from the upstream router and DHCPv6 solicit messages originating form the FortiGate. Config for the wan interface:


config system interface
    edit "wan1"
        set vdom "root"
        set mode pppoe
        set allowaccess ping
        set type physical
        set alias "BBOX"
        set estimated-upstream-bandwidth 5000
        set estimated-downstream-bandwidth 900000
        set role wan
        set snmp-index 1
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
            set dhcp6-prefix-delegation enable
            set dhcp6-prefix-hint ::/56
        end
        set username "secret@PROXIMUS"
        set password ENC secret==
    next
end

    2 replies

    andrewbailey
    andrewbailey
    New Member
    March 10, 2017

    Bart,

     

    Was this something you were able to resolve?

     

    I've with an ISP here in the UK with a similar configuration and struggling to get it working.

     

    Like you, i can DHCP CP exchanges going on, but dont seem to get any delegated prefix etc.

     

    Has anyone else got any ideas on how this situation should work?

     

     

    Andy.

    Bart_Maes1
    Bart_Maes1Author
    New Member
    March 13, 2017

    Andy Bailey wrote:

    Bart,

     Was this something you were able to resolve?

     I've with an ISP here in the UK with a similar configuration and struggling to get it working.

     Like you, i can DHCP CP exchanges going on, but dont seem to get any delegated prefix etc.

     Has anyone else got any ideas on how this situation should work?

     Andy.

    No, I've had a ticket open at Fortinet Support for this problem for 6 weeks without solution.

    The ticket is closed now, it got me to a point where I was fed up with repeating things and performing pointless config changes.

     

    Not giving up, will to upgrade to 5.4.4 and give it another shot.

     

    No idea why it is so hard to get this configured, allready done this on a Cisco and Ubiquiti router in 10-15 minutes googeling for the info included.

    andrewbailey
    andrewbailey
    New Member
    March 13, 2017

    Bart,

     

    Yes, my experiences have been pretty frustrating so far. Certainly not as easy as it could or should be.

     

    I'm currently on 5.4.4 and have got to the point now that I can see an IPv6 prexfix being delegated. I can setup delegated subnets to internal ports and that seems to be working with internal devices getting valid IPv6 addresses in the delegated range.

     

    However, I dont seem to have a valid outoging route. The routing table shows the internal sub-nets as connected, but nothing towards the internet. It almost seems like the wan interface (with the delegated subnet) doesn't have a valid address or something and therefore doesn't show up as a valid route in the routing table.

     

    I had been on 5.6 Beta 3 (as part of the 5.6 Beta programme) but rolled back to see if that made any difference. I see on the beta forum there someone questioning the routing of IPv6 in this type of configuration.........

     

    I'll keep you updated on my own config and let you know if find anything more interesting!

     

    Good luck,

     

     

    Andy.

    andrewbailey
    andrewbailey
    New Member
    March 21, 2017

    Bart,

     

    Thanks again for all your feedback and comments.

     

    I think the key difference I'm having is that I don't get a public IPv6 on my ppp interface- just a local link address. It looks like you are picking up the public address fine and from there everything has fallen into place quite nicely. I get a prefix delegation- just no IPv6 address assigned for the WAN/ ppp interface.

     

    I guess that means it's still some sort of configuration issue at my end (or perhaps an unsupported config used by my ISP). I'll keep digging and post an update once I get to the bottom of it all.

     

    Kind Regards,

     

     

    Andy.

     

     

     

     

    Terms & ConditionsAccessibility statement