Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6 Static Leases - how to assign a unique address per interface not per system

    DHCP and DNS
    2
    3
    131
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisJenk
      last edited by

      This has been asked before in 2019:

      https://forum.netgate.com/topic/144154/dhcpv6-static-leases-how-to-set-uniquely-per-interface-duid-iaid

      and has been referenced a few times since but there have been no answers. This is really important for me; I have many systems that have multiple interfaces which are concurrently active and I want to use DHCPv6 to assign their addresses via static mappings. Currently the KEA backend only supports defining the device's DUID (which identifies the device, not individual interfaces) rather than DUID+IAID.

      Is there any way to achieve this in the latest pfSense Plus release? It's hard to imagine that this is not possible and yet it seems like DHCP6 is way behind DHCP4 in this regard.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @ChrisJenk
        last edited by

        @ChrisJenk

        I'm not sure if I understand correctly, but I have 2 interfaces on my Thinkpad, Ethernet and WiFi. They get different addresses with both Linux and Windows. I'm using SLAAC on IPv6 though, not DHCPv6.

        BTW, Thanks to some genius at Google, Android devices don't work with DHCPv6, so only use it if you really need it.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        C 1 Reply Last reply Reply Quote 0
        • C
          ChrisJenk @JKnott
          last edited by ChrisJenk

          @JKnott SLAAC isn't a problem since only the prefix gets provided by the RAs and then the system generates its own address in such away as to ensure no conflicts. DHCP6 also isn't a problem if you just need dynamic address allocation, that also work fine for different interfaces since the DHCP6 server can use the IAID values to distinguish different interfaces on the same host.

          The issue is if you use DHCP6 together with static leases (think DHCP4 reservations where an IP address is tied to a specific MAC address). A DHCP6 client uses the same DUID for all DHCP6 requests (since the DUID identifies the host) but each interface uses a different IAID so the combination of DUID+IAID uniquely identifies a specific interface on a specific host.

          Unfortunately, in pfSense when you create a static DHCP6 lease to tie a specific dynamic IP address to a specific interface pfSense only allows you to define the DUID not the IAID. So if I have a macOS system, say, with a DUID of, say, 00:01:00:01:2b:b9:95:35:5c:e9:1e:e4:6b:67 and I define a DHCP6 static lease for that DUID with an address of, say, fd00::25/64 then if the macOS system connects to the network via Ethernet if gets assigned that IP address. If its WiFi interface also then connects to the same network it also gets assigned the same IP address -> very bad.

          If pfSense allowed you to define both the DUID and IAID as part of a static lease then this issue would be resolved. Sadly it does not, which seems like quite an oversight...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post