Hi,
I am now facing an issue. My internet connection is using pppoe with dynamic ipv6 prefix.
Device: fortigate 60e
Firmware: 7.4.7
When my pppoe connection is disconnected, reconnected or other reasons causing this interface down. After a few seconds, pppoe connection is up again, fortigate gets a new PD /60 range from ISP and delegates new IPs to internal devices.
PCs are assgined a new ip separately, but the old one is still existed, and contiune to use the old one to initiate new connections.
I find some information using below command, these are two Windows devices:
Actually the first(already deprecated, waited for 48 hours ), second, and third addresses are invalid, but the second, third ones are still in 首选寿命(preferred state), Windows still uses it to initiate new connections.
netsh interface ipv6 show addresses
接口 3: vEthernet (VLAN101)
地址类型 DAD 状态 有效寿命 首选寿命 地址
--------- ----------- ---------- ---------- ------------------------
公用 反对 23h59m45s 0s 2001:ba1:290:1990:a:b:c:d
公用 首选项 1d1h30m33s 1h30m33s 2001:ba1:292:5a60:a:b:c:d
公用 首选项 1d1h39m27s 1h39m27s 2001:ba1:292:b340:a:b:c:d
公用 首选项 2d23h59m15s 1d23h59m15s 2001:ba1:292:bee0:a:b:c:d current valid address
其他 首选项 infinite infinite fe80::a:b:c:d%28Interface 3: 以太网 3
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Public Preferred 1d56m30s 56m30s 2001:ba1:292:5a60:1:2:3:4
Public Preferred 1d1h5m24s 1h5m24s 2001:ba1:292:b340:1:2:3:4
Public Preferred 2d23h57m47s 1d23h57m47s 2001:ba1:292:bee0:1:2:3:4 current valid address
Other Preferred infinite infinite fe80::1:2:3:4%8
It seems Fortigate contiunes to update current valid address perferred lifetime by sending ra messages to end devices every 10 minutes, but the old ones, they need to wait 48 hours to countdown, then change to deprecated. The result of now is no ipv6 internet connection.
tracert -d 2400:3200::1
通过最多 30 个跃点跟踪到 2400:3200::1 的路由
1 <1 毫秒 <1 毫秒 <1 毫秒 2001:ba1:292:bee0::
2 * * * 请求超时。
3 * * * 请求超时。
4 * * * 请求超时。
5 * * * 请求超时。
From Fortigate's logs, Windows is using an outdated adrress to initiate new connections.
I try to cut down the preferred lifetime by setting prefix-hint-plt=1810, but it does not take any changes.
Here is my configuration, are there any incorrect settings?
config system interface
edit "pppoe"
set vdom "MGMT"
set mode pppoe
set type emac-vlan
set estimated-upstream-bandwidth 0
set estimated-downstream-bandwidth 0
set monitor-bandwidth enable
set role wan
set snmp-index 39
config ipv6
set ip6-mode pppoe
set ip6-allowaccess ping ssh
set dhcp6-prefix-delegation enable
set autoconf enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/60
set prefix-hint-plt 1810
set prefix-hint-vlt 0
next
end
end
set username "abcde"
set password password
set dns-server-override disable
set macaddr 00:00:00:00:00:00
set interface "wan2"
set vlanid 51
next
end
config system interface
edit "lan6"
set vdom "MGMT"
set device-identification enable
set role lan
set snmp-index 18
set ip-managed-by-fortiipam disable
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping ssh
set ip6-send-adv enable
set ip6-manage-flag enable
set ip6-other-flag enable
set ip6-delegated-prefix-iaid 1
set ip6-upstream-interface "pppoe"
set ip6-subnet ::/62
config ip6-delegated-prefix-list
edit 1
set upstream-interface "pppoe"
set delegated-prefix-iaid 1
set subnet ::/64
next
end
end
set interface "lag3"
set vlanid 101
next
end
