Services / DHCPv6 Server & RA / LAN / DHCPv6 Server Range Error

bimmerdriver

I previously had my system set up with prefix delegation and the range was entered as ::1000 to ::2000. I'm trying to set up another LAN with IPv6. I can't get pfsense to accept any input for the range. No matter what I enter, it's not accepted.

Here is the error:

The following input errors were detected:
The specified range lies outside of the current subnet.

This is with ::1000 and ::2000. I tried entering the prefix, but it rejected that.

This seems to be a bug. At the minimum, instead of such a cryptic error message, it should say what values are expected.

Any suggestions?

bimmerdriver

Further to the previous, it shows the range as "to ::ffff:ffff:ffff:ffff".

I tried entering the range as if the prefix is static (e.g., 2001:xxxx:xxxx:1d00::1000 and 2001:xxxx:xxxx:1d00::2000).

As expected, it was rejected with the following error:

The following input errors were detected:
The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx
The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx

If I enter numbers in that format (e.g., ::0:0:0:1000 and ::0:0:0:2000), they are rejected.

The following input errors were detected:
The specified range lies outside of the current subnet.

I left off the leading :: and got this error:

The following input errors were detected:
A valid range must be specified.
A valid range must be specified.

If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

The following input errors were detected:
The specified range lies outside of the current subnet.

Something must be broken.

MikeV7896

If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.

bimmerdriver

@virgiliomi:

If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.

Thanks for the suggestion. Unfortunately, I tried ::1 to various higher numbers, but nothing was accepted.

bimmerdriver

I tried to hack dhcpdv6.conf to insert the subnet definitions, but I couldn't get the file to load. After I saved the file, I restarted dhcpd from the services status, but that didn't work. I tried rebooting, but the file was wiped back to the original configuration with no subnet definitions.

phil.davis

It is a "bug" that has been made evident by recent improvements to the checks made by in_range_v6() by:
https://github.com/pfsense/pfsense/commit/8c48089f83a12d6ca2caed83d4fae575dd4325cc

When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

This should fix it:
https://github.com/pfsense/pfsense/pull/3209

or sme other underlying fix to the functions.

bimmerdriver

That did the trick. Thanks very much!

bimmerdriver

@phil.davis:

When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

For what it's worth, according to rfc 4291, by definition, an unspecified address is 0:0:0:0:0:0:0:0 which shortens to :: and according to rfc 5952, addresses should be shortened as much as possible, favoring ::. The loopback address is 0:0:0:0:0:0:0:1 which shortens to ::1, but I'm not sure if ::0 is correct. I don't think so, but it's probably less incorrect than 0::. I guess it comes down to semantics.

phil.davis

Yeh, I agree, "::" seems to be the proper valid compression of "0:0:0:0:0:0:0:0".
IBM thinks so, so it must be right  :P
http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hale001/ipv6d003999564.htm

Coconutdog

@phil-davis It is still a bug and its August 2018.