Can't get IPV6 to receive an address
I'm trying to get IPV6 working on my fortigate 60D.
The ISP i have is KPN, which is a dutch provider which uses PPPOE, dhcp-pd and SLAAC for the ipv6 side.
As i understand the process on this provider (i found some setup-guides for different devices) i should create a pppoe connection for and IPV4 address and request a /48 subnet and ipv6 address using dhcp on the same connection.
When i configure ipv6 as DHCP it doesn't receive an address, and when i configure it as a PPPOE connection it only gets a link-local address.
The strange thing is that the host systems in my internal network do seem to get a proper ipv6 address however are unable to connect to the internet, as it appears that the fortinet doesn't know what the next hop in the network is.
I can not ping external ipv6 addresses from the host systems or from the fortinet cli.
Am i missing something in my config, or did i do something wrong? Gateway # diag ipv6 address listdev=26 devname=ppp1 flag=P scope=253 prefix=10 addr=fe80::a5b:e6f:fffe:387cdev=23 devname=vsys_fgfm flag=P scope=254 prefix=128 addr=::1dev=21 devname=vsys_ha flag=P scope=254 prefix=128 addr=::1dev=16 devname=root flag=P scope=254 prefix=128 addr=::1dev=5 devname=wan1 flag=P scope=253 prefix=10 addr=fe80::a5b:eff:fe6f:387cdev=7 devname=internal1 flag=P scope=253 prefix=10 addr=fe80::a5b:eff:fe6f:387adev=7 devname=internal1 flag= scope=0 prefix=64 addr=2a02:XXXX:XXXX::1 preferred=102405 valid=188805 Gateway # show system interface wan1config system interface edit "wan1" set vdom "root" set mode pppoe set allowaccess ping set vlanforward enable set type physical set spillover-threshold 12500 set estimated-upstream-bandwidth 100000 set estimated-downstream-bandwidth 100000 set role wan set snmp-index 2 config ipv6 set ip6-mode pppoe set ip6-allowaccess ping set dhcp6-prefix-delegation enable set dhcp6-prefix-hint ::/48 set autoconf enable end set username "XXX@direct-adsl" set password ENC nextend Gateway # show system interface internal1config system interface edit "internal1" set vdom "root" set ip 10.9.28.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet fgfm radius-acct capwap set vlanforward enable set type physical set alias "Local Lan" set device-identification enable set device-identification-active-scan enable set role lan set snmp-index 1 config ipv6 set ip6-mode delegated set ip6-allowaccess ping https ssh snmp set ip6-send-adv enable set ip6-manage-flag enable disable set ip6-upstream-interface "wan1" set ip6-subnet ::1/64 config ip6-delegated-prefix-list edit 1 set upstream-interface "wan1" set autonomous-flag enable set onlink-flag enable set subnet ::/64 next end end nextend Gateway # show firewall policy6config firewall policy6 edit 3 set name "local-ipv6" set uuid 2a82ad84-20b2-51e8-17ee-c356f376f04a set srcintf "internal1" set dstintf "wan1" set srcaddr "local ipv6 subnet" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all next edit 1 set name "Default out" set uuid 113d6d60-2089-51e8-8f23-04ae3c89a6f1 set srcintf "internal1" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all next edit 2 set name "Allow ICMP in" set uuid 11852786-2089-51e8-28cc-df82a34d651a set srcintf "wan1" set dstintf "internal1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL_ICMP6" set logtraffic all nextend Gateway # show router static6 3config router static6 edit 3 set device "wan1" nextend
post edited by marijn - 2018/03/07 10:39:04