Services / DHCPv6 Server & RA / LAN / DHCPv6 Server Range Error
-
I previously had my system set up with prefix delegation and the range was entered as ::1000 to ::2000. I'm trying to set up another LAN with IPv6. I can't get pfsense to accept any input for the range. No matter what I enter, it's not accepted.
Here is the error:
The following input errors were detected:
The specified range lies outside of the current subnet.This is with ::1000 and ::2000. I tried entering the prefix, but it rejected that.
This seems to be a bug. At the minimum, instead of such a cryptic error message, it should say what values are expected.
Any suggestions?
-
Further to the previous, it shows the range as "to ::ffff:ffff:ffff:ffff".
I tried entering the range as if the prefix is static (e.g., 2001:xxxx:xxxx:1d00::1000 and 2001:xxxx:xxxx:1d00::2000).
As expected, it was rejected with the following error:
The following input errors were detected:
The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxx
The prefix (upper 64 bits) must be zero. Use the form ::xxxx:xxxx:xxxx:xxxxIf I enter numbers in that format (e.g., ::0:0:0:1000 and ::0:0:0:2000), they are rejected.
The following input errors were detected:
The specified range lies outside of the current subnet.I left off the leading :: and got this error:
The following input errors were detected:
A valid range must be specified.
A valid range must be specified.If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:
The following input errors were detected:
The specified range lies outside of the current subnet.Something must be broken.
-
If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:
::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.
Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.
I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.
-
If I enter ::0 to ::ffff:ffff:ffff:ffff, it says:
::0 would be invalid. I'm pretty sure that all host bits can't be 0, just as in IPv4. That's the network address. Not sure if ::ffff:ffff:ffff:ffff is also invalid or not… I thought I remembered that IPv6 didn't have a network broadcast address like IPv4... but I'm not certain on that.
Regardless, ::1 to ::ffff:ffff:ffff:fffe should be 100% valid.
I'll let someone else address the others as I don't know about how or why pfSense might be handling some of those in the manner that they are.
Thanks for the suggestion. Unfortunately, I tried ::1 to various higher numbers, but nothing was accepted.
-
I tried to hack dhcpdv6.conf to insert the subnet definitions, but I couldn't get the file to load. After I saved the file, I restarted dhcpd from the services status, but that didn't work. I tried rebooting, but the file was wiped back to the original configuration with no subnet definitions.
-
It is a "bug" that has been made evident by recent improvements to the checks made by in_range_v6() by:
https://github.com/pfsense/pfsense/commit/8c48089f83a12d6ca2caed83d4fae575dd4325ccWhen Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()This should fix it:
https://github.com/pfsense/pfsense/pull/3209or sme other underlying fix to the functions.
-
That did the trick. Thanks very much!
-
When Track Interface is set, the IP address is unknown (for the purposes of setting the DHCPv6 range) and is set to "::".
gen_subnetv6("::",64) returns blank "", unfortunately, when it might be expected to return "0::" or "::0". And the blank value for the start of the subnet is no longer let through by the parameter checks of in_range_v6()For what it's worth, according to rfc 4291, by definition, an unspecified address is 0:0:0:0:0:0:0:0 which shortens to :: and according to rfc 5952, addresses should be shortened as much as possible, favoring ::. The loopback address is 0:0:0:0:0:0:0:1 which shortens to ::1, but I'm not sure if ::0 is correct. I don't think so, but it's probably less incorrect than 0::. I guess it comes down to semantics.
-
Yeh, I agree, "::" seems to be the proper valid compression of "0:0:0:0:0:0:0:0".
IBM thinks so, so it must be right :P
http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hale001/ipv6d003999564.htm -
@phil-davis It is still a bug and its August 2018.
