PFSense Not Working with DHCPV6 or Stateless on tracking interface
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
Interfaces/WAN/DHCP6 Client Configuration - Do not allow PD/Address release.
DUID hold is in System/Advanced/Networking.
-
I don't see that, even under Advanced Configuration. I'm running pfSense 2.3.2_1.
-
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent" -
@hda:
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent"Did I fail to mention that… Beg pardon 8)
-
DHCP6 Client Configuration, 2.4B
There's a version 2.4B???
I'm supposedly at the latest and I don't see that setting anywhere.
-
DUID hold is in System/Advanced/Networking.
I don't see that one either. My version of pfSense must have come from a parallel universe or something, as it doesn't appear to have either of those settings.
-
It's a setting in the pfSense 2.4 beta.
-
I'll have to watch for that new version. Any idea when it will be available?
-
I'll have to watch for that new version. Any idea when it will be available?
For several months now… Its in beta but its very stable. Either install from clean, my preference, or you can select 2.4 as you should find it in update/update settings.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
Incidentally, why did pfSense send a DHCPv6 release when the computers was merely disconnected from the modem & reconnected? I could see that happening when I monitored the connection with Wireshark. A release is something that should be specifically requested and not occur for something as trivial as a disconnect/reconnect.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
Incidentally, why did pfSense send a DHCPv6 release when the computers was merely disconnected from the modem & reconnected? I could see that happening when I monitored the connection with Wireshark. A release is something that should be specifically requested and not occur for something as trivial as a disconnect/reconnect.
Because dhcp6c exits and on exit it sends a release, hence the addition of the no-release flag and an updated dhcp6c client.
-
The question is why it sends the release by default. With IPv4 DHCP, a device normally requests the same address on re-connection and gets it if available. You have to specifically request a release. Why shouldn't it be the same with IPv6?
-
The question is why it sends the release by default. With IPv4 DHCP, a device normally requests the same address on re-connection and gets it if available. You have to specifically request a release. Why shouldn't it be the same with IPv6?
Because it's a totally different client and bears little resemblance to its v4 counterpart.
-
DHCPv6 has something called "DUID" the purpose of which is to identify the client so it get the same prefix. Having the default release means that no longer works. With IPv4, a changed address could affect a single device, but on IPv6 at least a /64, but often more, affecting potentially gazillions of addresses. When the prefix changed, I had to go and update all the DNS entries for devices on my network, even if I did nothing more than connect in a managed switch, so that I could monitor the traffic with Wireshark. I don't think the release should be happening, unless specifically requested, as happens with IPv4.
-
That's why it's been modified along with the DUID stored in the config.
-
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
It appears to work. I have disconnected/reconnected the WAN cable several times since yesterday. My prefix stays the same and I'm not seeing any DHCPv6 release.
-
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
It appears to work. I have disconnected/reconnected the WAN cable several times since yesterday. My prefix stays the same and I'm not seeing any DHCPv6 release.
:) That's OK then.
I began the work on dhcp6c almost a year ago when my ISP rolled out IPv6. There were quite a few issues to deal with, dhcp6 before RA being the first. Then there was loss of PD when ever the connection dropped, partially corrected by the no-release flag but if you ran a RAM drive then the DUID would change, this could be avoided by using an early shell command to copy the DUID from the drive to the RAM at boot, but it was still not held in the config; this was done a couple of months back. We are now awaiting a further PR to be accepted upstream which adds a few other features missing from dhcp6c. I and my testers are running it and we now have VERY quiet logs.
-
I'll keep an eye on it for a while. If it fails again, I'll report back.
-
It's been tested to death for the last 'n' months, solid as a rock. The only time we see any change in PD now is when the ISP resets their servers, and there's nothing we can do about that.