DHCP6 server not working on LAN interface.
-
I am running pfsense from the 2.1-DEVELOPMENT-i386-20120315-1104 snapshot which was installed to the hard disk. The WAN interface is disconnected. Currently I am only trying to get dhcpv6 working on the LAN interface. I have left the default IP assignments for the LAN NIC: 192.168.1.1 and fe80::192:168:1:1/64. DHCPv4 server is running and assigning leases. However, I am unable to enable the DHCPv6 server. The subnet on the DHCPv6 property page in the web configurator is blank and any attempt to enable DHCPv6 fails with an error that the specified range is not within the subnet. But since there is no subnet displayed I can't see what it thinks the subnet is. The range that I am specifying involves a permutation of the last octet of the static v6 IP address. Sorry if this has been covered some where or I have missed something since I am new to pfsense. However, I believe that this basic level of functionality should just work (as it does for dhcpv4).
A couple of other comments:
I notice that you are using fe80::192:168:1:1 for the default static IP address, which would correspond to the default ipv4 address of 192.168.1.1, except that v6 uses hexadecimal notion. Did you perhaps intend fe80::c0:a8:1:1? Just wondering.
Also, from the console menu option 2 only allows assignment of the ipv4 static address. It would be nice if the option to assign an ipv6 address also were permitted here.
-
But since there is no subnet displayed I can't see what it thinks the subnet is.
In fe80::192:168:1:1/64 the "/64" is the subnet mask indicating the first 64 bits of the address is the network number.
The prefix fe80:: is usually used to indicate a "link local" address with the remaining 64 bits derived from the MAC address (where appropriate). You probably shouldn't be trying to have DHCP assign link local IPv6 addresses. If you have been assigned an IPv6 network by your ISP you should probably be working off that rather than the link local addresses.
-
The prefix fe80:: is usually used to indicate a "link local" address with the remaining 64 bits derived from the MAC address (where appropriate). You probably shouldn't be trying to have DHCP assign link local IPv6 addresses. If you have been assigned an IPv6 network by your ISP you should probably be working off that rather than the link local addresses.
Hi,
I just added (in service_dhcpv6.php) a check to prevent tab display for interfaces with such IPv6 IP's.
Pierre
-
I didn't configure anything. This is the way the box came up. The default v6 IP is definitely NOT derived from the MAC address.
I just added (in service_dhcpv6.php) a check to prevent tab display for interfaces
with such IPv6 IP's. <You also need to fix the code that created this address since it was created by your code. All you have done is fix the symptom. Indeed, it may no longer be possible to see what IP6 address YOU have configured.
-
Just to be clear, I want dhcp6 to assign IP addresses from a range within the link local subnet, which is perfectly legal. These addresses are intentionally non-routable.
-
Just to be clear, I want dhcp6 to assign IP addresses from a range within the link local subnet, which is perfectly legal. These addresses are intentionally non-routable.
Yes I agree, but actually (dev version), "local link" addresses are skipped in several screens and several places in the code.
So to clarify, for the moment, my fix was just to have a coherent behavior in dhcpv6 as in those other screens/places in the code.
Pierre
-
Oh, OK! Looks like the link local address static address configured on the LAN interface is what is not working. I tried configuring a routable static address and then the dhcp6 began to work. However, getting the server running revealed three additional bugs:
1. The dhcp6 clients are receiving the v6 autoconfig address of the the LAN interface on the router as the gateway instead of the routable static IP address which was configured. This doesn't work due to whatever other problems you are having with the link local addresses.
2. The webconfigurator UI doesn't have a field to configure the default route.
3. So I tried manually editing the config since there is an XML element for the gateway in the dhcp6 config. However, that is also ignored.
By contrast dhcp6 clients ARE receiving the correct routable v6 IP address for the DNS server.
Thanks for your help.
-
DHCPv6 doesn't deliver a gateway to clients, that's handled by router advertisements (rtadvd).
-
DHCPv6 doesn't deliver a gateway to clients, that's handled by router advertisements (rtadvd).
Thanks for your response. The fact that rtadvd is responsible for advertising the gateway, and not dhcp6, doesn't change the fact that my dhcp6 clients are unable to communicate. The default behavior should be to just work. if I configure a static v6 IP address on an interface and then enable dhcp6 server on the interface then I expect the clients to be receiving advertisement of a functional gateway. So somewhere along the line between configuring the static address on an interface and enabling dhcp6 server on the interface the rtadvd config should get updated so that things work. Or at least the UI should give an indication that another step is needed to get things working.
-
What mode do you have selected at the top of the DHCPv6 page?
-
Hint: You probably want "assisted"
-
Hint: You probably want "assisted"
The mode was "Managed;" now it is "Assisted." The change doesn't make any difference. I tried rebooting after changing the configuration just in case. No joy. Interestingly, there is an entry in the routing table for the static IP which was configured. According to the following link, "If there is no configuration file entry for an interface, or if the configuration file does not exist altogether, rtadvd sets all the parameters to their default values. In particular, rtadvd reads all the interface routes from the routing table and advertises them as on-link prefixes." http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=rtadvd. This leads me to believe that rtadvd should be advertising the static IP as an interface route as default behavior. Is there any way to list the on-link prefixes that are actually being advertised on an interface?
-
Well to see what's actually being advertised you can just run a packet capture on the LAN for icmp6 and see what turns up. That said, I think you have some misconceptions about how Router Advertisement works.
"rtadvctl show" will show the status of rtadvd on an interface but it doesn't list what's being advertised. You could watch them on the command line with tcpdump
tcpdump -vvvnei em0 icmp6 and 'ip6[40] = 134'
IIRC Router Advertisements always broadcast the link-local address of an interface, not it's static IP. The IP/prefix is used to define where the router is advertised, not what IP gets advertised.
We've been trying to change that, though, so that we can broadcast a CARP VIP or similar for failover to work properly.
-
IIRC Router Advertisements always broadcast the link-local address of an interface, not it's static IP. The IP/prefix is used to define where the router is advertised, not what IP gets advertised.
Probably that would be ok except that the link local addresses aren't actually working right now, for whatever reason, the code handling them has been commented out, as was indicated above. If I give the client a static configuration with the router's static IP as the gateway then I am able to ping the router, which is progress. However, I am still not able to connect to the web configurator using the v6 IP address. This leads me to believe that the web configurator is not actually listening on the v6 interface. Maybe that also is a good thing since probably you would want the web configuration to listen on the non-routable link local interface and not over a routable address which might be accessible from the Internet.
-
The following link appears to discuss this precise problem: http://www.macfreek.nl/memory/Non-Local_IPv6_Router_Advertisement. The recommended solution is to install the radvd package which is able to send a router advertisement with the R flag set as defined in RFC 6275. The BSD rtadvd server isn't able to set this flag. Don't know if this functionality could be ported to rtadvd or using radvd is preferable. However, having this functionality available would appear to be a useful option.