pfSense: SLAAC+DHCPv6 prefix delegation

pfSense is pretty awesome, but there’s one flaw in configuring an interface which can be pretty annoying: you cannot use more than one IP configuration scheme per interface.
This is not much of an issue in most average use cases – and IP aliasing has a whole different set of configuration options. The latter does require you to create aliases for local IPs if there are multiple on an interface you want to cover with firewall rules, though.

A rather special use case – one which is an issue when you use the German provider NetCologne, for example – is that you might want to

  1. Use SLAAC to get an interface IPv6 address
  2. Use DHCPv6 to request a /48 prefix delegation via the autoconfigured IPv6 address

With the GUI, the latter is sadly impossible to replicate as to my knowledge.

Which is why you have to do a bit of fiddling to get it to run.

Zeroth, ensure you have a valid SLAAC configuration on your WAN interface.

First, you’ll need to create a configuration for dhcp6c, which only requests your prefix delegation. Use the following as /etc/ipv6-prefix.conf, taking care to replace the interface name, if required:

interface pppoe0 {
    send ia-pd 1;                                                                                   	
id-assoc pd 1 {                                                                                         	
    prefix-interface vr1 {                                                                          	
        sla-id 0;                                                                               	
        sla-len 16;                                                                             	

The above snippet will request a /48 prefix (64 network bits – sla-len (16) = 48).

Secondly, you will have to integrate it into the system startup. You can either do this by using the shellcmd package or by adding /usr/local/etc/rc.d/ with the following content:

/usr/local/sbin/dhcp6c -c /etc/ipv6-prefix.conf pppoe0

Manually start it (or reboot, if you’re into that way of starting programs … you shouldn’t) and voila, you’ll have a prefix. You can then use the prefix you get in your DHCPv6 Server/RA config; you’ll need to manually enter it.