Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Services / DHCPv6 Server & RA / LAN / DHCPv6 Server Range Error

    2.4 Development Snapshots
    4
    10
    7.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bimmerdriver
      last edited by

      I previously had my system set up with prefix delegation and the range was entered as ::1000 to ::2000. I'm trying to set up another LAN with IPv6. I can't get pfsense to accept any input for the range. No matter what I enter, it's not accepted.

      Here is the error:

      The following input errors were detected:
      The specified range lies outside of the current subnet.

      This is with ::1000 and ::2000. I tried entering the prefix, but it rejected that.

      This seems to be a bug. At the minimum, instead of such a cryptic error message, it should say what values are expected.

      Any suggestions?

      1 Reply Last reply Reply Quote 0
      • B
        bimmerdriver
        last edited by

        Further to the previous, it shows the range as "to ::ffff:ffff:ffff:ffff".

        I tried entering the range as if the prefix is static (e.g., 2001:xxxx:xxxx:1d00::1000 and 2001:xxxx:xxxx:1d00::2000).

        As expected, it was rejected with the following error:

        The following input errors were detected:
        The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx
        The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx

        If I enter numbers in that format (e.g., ::0:0:0:1000 and ::0:0:0:2000), they are rejected.

        The following input errors were detected:
        The specified range lies outside of the current subnet.

        I left off the leading :: and got this error:

        The following input errors were detected:
        A valid range must be specified.
        A valid range must be specified.

        If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

        The following input errors were detected:
        The specified range lies outside of the current subnet.

        Something must be broken.

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

          ::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

          Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

          I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • B
            bimmerdriver
            last edited by

            @virgiliomi:

            If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:

            ::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.

            Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.

            I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.

            Thanks for the suggestion. Unfortunately, I tried ::1 to various higher numbers, but nothing was accepted.

            1 Reply Last reply Reply Quote 0
            • B
              bimmerdriver
              last edited by

              I tried to hack dhcpdv6.conf to insert the subnet definitions, but I couldn't get the file to load. After I saved the file, I restarted dhcpd from the services status, but that didn't work. I tried rebooting, but the file was wiped back to the original configuration with no subnet definitions.

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                It is a "bug" that has been made evident by recent improvements to the checks made by in_range_v6() by:
                https://github.com/pfsense/pfsense/commit/8c48089f83a12d6ca2caed83d4fae575dd4325cc

                When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
                gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

                This should fix it:
                https://github.com/pfsense/pfsense/pull/3209

                or sme other underlying fix to the functions.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                CoconutdogC 1 Reply Last reply Reply Quote 0
                • B
                  bimmerdriver
                  last edited by

                  That did the trick. Thanks very much!

                  1 Reply Last reply Reply Quote 0
                  • B
                    bimmerdriver
                    last edited by

                    @phil.davis:

                    When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
                    gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()

                    For what it's worth, according to rfc 4291, by definition, an unspecified address is 0:0:0:0:0:0:0:0 which shortens to :: and according to rfc 5952, addresses should be shortened as much as possible, favoring ::. The loopback address is 0:0:0:0:0:0:0:1 which shortens to ::1, but I'm not sure if ::0 is correct. I don't think so, but it's probably less incorrect than 0::. I guess it comes down to semantics.

                    1 Reply Last reply Reply Quote 0
                    • P
                      phil.davis
                      last edited by

                      Yeh, I agree, "::" seems to be the proper valid compression of "0:0:0:0:0:0:0:0".
                      IBM thinks so, so it must be right  :P
                      http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hale001/ipv6d003999564.htm

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • CoconutdogC
                        Coconutdog @phil.davis
                        last edited by

                        @phil-davis It is still a bug and its August 2018.

                        1 Reply Last reply Reply Quote 1
                        • C casperghst42-real-one referenced this topic on
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.