Services / DHCPv6 Server & RA / LAN / DHCPv6 Server Range Error



  • I previously had my system set up with prefix delegation and the range was entered as ::1000 to ::2000. I'm trying to set up another LAN with IPv6. I can't get pfsense to accept any input for the range. No matter what I enter, it's not accepted.

    Here is the error:

    The following input errors were detected:
    The specified range lies outside of the current subnet.

    This is with ::1000 and ::2000. I tried entering the prefix, but it rejected that.

    This seems to be a bug. At the minimum, instead of such a cryptic error message, it should say what values are expected.

    Any suggestions?



  • Further to the previous, it shows the range as "to ::ffff:ffff:ffff:ffff".

    I tried entering the range as if the prefix is static (e.g., 2001:xxxx:xxxx:1d00::1000 and 2001:xxxx:xxxx:1d00::2000).

    As expected, it was rejected with the following error:

    The following input errors were detected:
    The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx
    The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx

    If I enter numbers in that format (e.g., ::0:0:0:1000 and ::0:0:0:2000), they are rejected.

    The following input errors were detected:
    The specified range lies outside of the current subnet.

    I left off the leading :: and got this error:

    The following input errors were detected:
    A valid range must be specified.
    A valid range must be specified.

    If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

    The following input errors were detected:
    The specified range lies outside of the current subnet.

    Something must be broken.



  • If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

    ::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

    Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

    I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.



  • @virgiliomi:

    If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

    ::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

    Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

    I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.

    Thanks for the suggestion. Unfortunately, I tried ::1 to various higher numbers, but nothing was accepted.



  • I tried to hack dhcpdv6.conf to insert the subnet definitions, but I couldn't get the file to load. After I saved the file, I restarted dhcpd from the services status, but that didn't work. I tried rebooting, but the file was wiped back to the original configuration with no subnet definitions.



  • It is a "bug" that has been made evident by recent improvements to the checks made by in_range_v6() by:
    https://github.com/pfsense/pfsense/commit/8c48089f83a12d6ca2caed83d4fae575dd4325cc

    When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
    gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

    This should fix it:
    https://github.com/pfsense/pfsense/pull/3209

    or sme other underlying fix to the functions.



  • That did the trick. Thanks very much!



  • @phil.davis:

    When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
    gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

    For what it's worth, according to rfc 4291, by definition, an unspecified address is 0:0:0:0:0:0:0:0 which shortens to :: and according to rfc 5952, addresses should be shortened as much as possible, favoring ::. The loopback address is 0:0:0:0:0:0:0:1 which shortens to ::1, but I'm not sure if ::0 is correct. I don't think so, but it's probably less incorrect than 0::. I guess it comes down to semantics.



  • Yeh, I agree, "::" seems to be the proper valid compression of "0:0:0:0:0:0:0:0".
    IBM thinks so, so it must be right  :P
    http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hale001/ipv6d003999564.htm



  • @phil-davis It is still a bug and its August 2018.