Hi, I'm trying to setup a FortiGate 51E at home on a vdsl-Line with dual-stack IPv4/IPv6. The dsl-modem is in PPPoE passthrough mode (bridge), ISP is Proximus (belgium). The wan interface is in PPPOE mode and receives it IPv4 address, so far so good. On the IPv6 side on the other hand I do not receive any IP. Normally, once the PPP session is established, the FG should use IPv6CP to allocate an IP address to the (wan) interface. Getting the IPv6 prefix delegated is done over DHCPv6, the DHCPv6 server should then assign a /56 prefix. None of this is happening, and I can't see where it goes wrong. This setup is previously validated on a Ubiquiti EdgeRouter and working. When I sniff on the wan interface I can see the RA's from the upstream router and DHCPv6 solicit messages originating form the FortiGate. Config for the wan interface:
config system interface
edit "wan1"
set vdom "root"
set mode pppoe
set allowaccess ping
set type physical
set alias "BBOX"
set estimated-upstream-bandwidth 5000
set estimated-downstream-bandwidth 900000
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
set dhcp6-prefix-hint ::/56
end
set username "secret@PROXIMUS"
set password ENC secret==
next
end
Bart,
I seem to have got to the bottom of my issues now too.
Essentially it relied on new features of 5.6 GA supporting multiple PPPoE sessions over the same physical link.
Basically a new virtual interface is created as follows:-
config system pppoe-interface edit pppoe1 set ipv6 enable set device port4 ... end config system interface edit pppoe1 config ipv6 set ip6-mode dhcp set dhcp6-prefix-delegation enable end next end
This creates the "pppoe1" sub-interface for port4 which configures the ISP assigned WAN IPv6 address and also retreives the DHCPv6 Prefix Delegation.
I deleted all IPv4 config on the physical port (port4) otherwise both the physical port and pppoe1 interface get allocated the same IP addresses causing problems with the IPv4 routing table.
A static IPv6 route was required towards the pppoe1 interface and all policies had to be repointed to the pppoe1 interface.
I hope that helps someone!
Kind Regards,
Andy.
Bart,
Thanks again for all your feedback and comments.
I think the key difference I'm having is that I don't get a public IPv6 on my ppp interface- just a local link address. It looks like you are picking up the public address fine and from there everything has fallen into place quite nicely. I get a prefix delegation- just no IPv6 address assigned for the WAN/ ppp interface.
I guess that means it's still some sort of configuration issue at my end (or perhaps an unsupported config used by my ISP). I'll keep digging and post an update once I get to the bottom of it all.
Kind Regards,
Andy.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.