Andy Bailey wrote:

Bart,

 Was this something you were able to resolve?

 I've with an ISP here in the UK with a similar configuration and struggling to get it working.

 Like you, i can DHCP CP exchanges going on, but dont seem to get any delegated prefix etc.

 Has anyone else got any ideas on how this situation should work?

 Andy.

No, I've had a ticket open at Fortinet Support for this problem for 6 weeks without solution.

The ticket is closed now, it got me to a point where I was fed up with repeating things and performing pointless config changes.

Not giving up, will to upgrade to 5.4.4 and give it another shot.

No idea why it is so hard to get this configured, allready done this on a Cisco and Ubiquiti router in 10-15 minutes googeling for the info included.

Bart,

Yes, my experiences have been pretty frustrating so far. Certainly not as easy as it could or should be.

I'm currently on 5.4.4 and have got to the point now that I can see an IPv6 prexfix being delegated. I can setup delegated subnets to internal ports and that seems to be working with internal devices getting valid IPv6 addresses in the delegated range.

However, I dont seem to have a valid outoging route. The routing table shows the internal sub-nets as connected, but nothing towards the internet. It almost seems like the wan interface (with the delegated subnet) doesn't have a valid address or something and therefore doesn't show up as a valid route in the routing table.

I had been on 5.6 Beta 3 (as part of the 5.6 Beta programme) but rolled back to see if that made any difference. I see on the beta forum there someone questioning the routing of IPv6 in this type of configuration.........

I'll keep you updated on my own config and let you know if find anything more interesting!

Good luck,

Andy.

Andy Bailey wrote:

 

I'm currently on 5.4.4 and have got to the point now that I can see an IPv6 prexfix being delegated. I can setup delegated subnets to internal ports and that seems to be working with internal devices getting valid IPv6 addresses in the delegated range.

 

However, I dont seem to have a valid outoging route. The routing table shows the internal sub-nets as connected, but nothing towards the internet. It almost seems like the wan interface (with the delegated subnet) doesn't have a valid address or something and therefore doesn't show up as a valid route in the routing table.

 

Exactly on the same point here in 5.4.3, it took a while to get there.

IMO the only thing wrong now is that the fortigate does not assign a ip6 on its own WAN interface.

Bart,

OK, good we have both got to the same point I guess. Makes me feel better know someone else is having similar issues.

I think I'll raise a ticket as well and reference this forum thread as some background. I suspect I'll have similar issues as you had with your ticket- but at least that highlights it and hopefully gets support looking into the issue more.

As I'm registered for the 5.6 Beta programme I did check the release notes there. Nothing obvious that would seem this issue is addressed yet. I might try upgrading to 5.6 Beta 3 just in case but I'm not hopeful!

Would you like to add your support ticket to this thread?

I'll post mine here as well :)

Good luck!

Andy.

Bart,

I've raised ticket number 2106741 to cover this issue.

Let you know what happens.

Kind Regards,

Andy.

Quick update, got it working.

Please, pm/post your

- lan & wan interface config

- ip received on host

- ips assigned on your FG interfaces (ppp & lan).

Bart,

That's interesting news! Can't wait to see how you have done it.

My ticket with Foritnet is still rumbling on- not much progress so far.

I've attached a text file which shows:-

- Current Interface Config (extracted from my running config)

- "Get" command for each interface which shows the aquired and assinged adddresses, paramters etc for my WAN and LAN interfaces (the LAN interfaces are receiving delegated prefexes from the delegated prefix assigned to the WAN).

- Current IPv6 address list and IPv6 routing table.

For obvious reasons I've replaced a few sensitive pieces with XXX. Thought your probably realise that but worth pointing it out!

Hope that all makes sense.

I look forward to hearing your thoughts or comments!

Kind Regards,

Andy.

Im not entirely sure we are facing the same problem. Turns out I overlooked a tiny detail. Comparing your config with mine: Wan interface:     set dhcp6-prefix-hint 2001:XXX:XXXX:ed3f::/64     I have played with the "set dhcp6-prefix-hint" before but it looks like this setting is not necessary. Lan interface         Enabled in my config:     set dhcp6-prefix-delegation     Not enabled in my config:     set ip6-manage-flag     set ip6-other-flag

      Again,I remember playing with these parameters because they where mentioned on various forums but it works without them.

Here are the steps I've taken to find my error. In this situation, the internal hosts receive their ipv6 but cant reach the internet. hyperion # get router info6 interface ppp1                       [up/up]     2axx:xxxx:xxxx:b6ac:926c:ac5b:fffe:c509     fe80::926c:ac5b:fffe:c509 lan                        [up/up]     2axx:xxxx:xxxx:a800::10     fe80::926c:acff:fe5b:c50b Then check if your FG can reach ipv6 hosts externally. hyperion # execute ping6 ipv6.google.com PING ipv6.google.com(2a00:1450:4001:825::200e) 56 data bytes 64 bytes from 2a00:1450:4001:825::200e: icmp_seq=1 ttl=54 time=10.3 ms 64 bytes from 2a00:1450:4001:825::200e: icmp_seq=2 ttl=54 time=10.4 ms From my desktop I tried to ping the link local ip of the lan interface (fe80::926c:acff:fe5b:c50b). This was OK. The I tried to ping its offical ip (2axx:xxxx:xxxx:a800::10). This failed. C:\Users\Bart>ipconfig /all  ....    Autoconfiguration Enabled . . . . : Yes    IPv6 Address. . . . . . . . . . . : 2axx:xxxx:xxxx:a810:7596:b234:eb2f:8722(Preferred)    Temporary IPv6 Address. . . . . . : 2axx:xxxx:xxxx:a810:ea:18c6:d614:30ca(Preferred)    Link-local IPv6 Address . . . . . : fe80::7596:b234:eb2f:8722%4(Preferred)    Default Gateway . . . . . . . . . : fe80::926c:acff:fe5b:c50b%4 ... As you can see my desktop recieved an IP in the 2axx:xxxx:xxxx:a810 range but the lan interface is on 2axx:xxxx:xxxx:a800. I did not notice this before. So on the lan interface I changed the subnet parameter of the ip6-delegated-prefix-list config part. Renew leases, et voila!

Hope this helps!