Need to find WAN (em0) DUID for ipv6
-
I need the DUID of EM0 before my ISP will give me a fixed IPv6 address.
So you are getting an IPv6 prefix, but it changes? Then can I assume your router gets an address, as that does not require a DUID? The DUID is included in the DHCPv6-PD request and that's how the ISP is supposed to get it. It then provides the prefix previously associated with that DUID. It all happens automagically.
-
Maybe you'll be able to see it with a packet capture on the wan interface after enabling IPv6.
Open the capture up in wireshark and filter for dhcpv6, then look at the middle window, you may see it in the dhcpv6 packets.
It sort of sucks that your ISP is asking for it as you'll need to inform them when your hardware changes.
-
I have used Wireshark to look at the DUID. I used a small managed switch, configured for port mirroring, to monitor with my notebook computer.
I agree it's strange that the ISP requires a customer to provide that, as they're breaking DHCPv6-PD.
Is the DUID even stored anywhere? Or is it just generated when needed?
-
If pfsense still uses ISC dhcpv6 its created once at first boot based on MAC address and time.
It does make me wonder if my pfSense virtual machines that I've cloned then renamed are trying to use the same DUID.
I think its stored where Dom mentioned, I can see elements of my DUID in the previous post.
-
I just verified /var/db/dhcp6c_duid contains the same DUID as shown in Wireshark. Also, it was created in Dec, which, IIRC, was when I installed the version that allowed retaining the same prefix. I used to have a DUID from last May, when I first started running pfSense. One other thing I noticed is the byte order, in each 16 bits is reversed. For example, where the file shows "d3f2", Wireshark displays "f2d3". Also, that file contains 16 bytes, but one 14 are displayed in Wireshark, with the remaining 2 bytes in the length field, and in the same byte order
So the OP can either copy that file or use the results of that command to get the DUID for the ISP.
Still, it's strange the ISP requires that.
-
So this is what I'm talking about.
My ISP does give you a IPv6 address, but that's a DHCP lease.If you want a permanent IPv6 address, you need to enter your routers (pfsense) WAN DUID address so they can grant you permanent fixed one.
-
Are they charging €28 for IPv6? (the €28 is all I understood of that quote) My ISP provides a /56 prefix (256 x /64) for no extra cost over what I pay for a single IPv4 address. In fact, when I changed to a plan that provided the modem needed for IPv6, my bill dropped by about $50/month (TV, Internet & home phone bundle). What size prefix are they providing for that? Also, for 6 years, prior to my ISP offering native IPv6, I used a 6in4 tunnel, with a /56 prefix at absolutely no cost. Another tunnel provider offers a /48 (65536 x /64) for free.
-
If you use pfsense 2.4 beta, the DUID is displayed in System / Advanced / Networking / IPv6 Options / DHCP6 DUID. It's a DUID-LLT format.
-
It does make me wonder if my pfSense virtual machines that I've cloned then renamed are trying to use the same DUID.
Had a play and cloned a VM today, changed the mac addresses and they both seem to use the same DUID.
If you delete /var/db/dhcp6c_duid a new version with a different DUID is created after a reboot.
-
In Interfaces/WAN check "Start DHCP6 client in debug mode" and watch the DHCP tab in system logs at reconnect.
-
Thank you all for the tips, I will check this out.
Upgrading to a beta is not something I wish to do as last (stable) upgrade made my pfsense unbootable…I will wait for the latest version and watch for my DUID or try one of the other tests to see what I can gather.
About my provider. I have a fixed IP already as it's included in my business account.
The price you see is for a non-business user to get one.What they do is basicly map a static to your device through address reservation ( MAC and/ or DUID).
-
So I've upgraded to 2.3.4 and I do not see the IPv6 DUID listed under Advanced / Networking / IPv6.
Attached are screenshots of my version and IPv6 view.
-
You have to upgrade to 2.4 beta to see the DUID in GUI. In 2.3.x you either have to decode the /var/db/dhcp6c_duid file, snif it or start the dhcp6 client in debug mode and watch the logs. IMO starting the dhcp6 client in debug mode seems the sensible solution.
-
If you use pfsense 2.4 beta, the DUID is displayed in System / Advanced / Networking / IPv6 Options / DHCP6 DUID. It's a DUID-LLT format.
As Bimmnerdriver says.
Use version 2.4B. The DUID is then stored in the config file and will never change. Earlier pfSense versions can lose the DUID, especially if you are using a RAM disk. Goto System / Advanced / Networking / IPv6 Options / DHCP6 DUID and click SAVE.
If you use an earlier version then the DUID is created by the dhcp6c client, and is created in /var/db, it goes by the name pf dhcp6c_duid. It's a binary file so you would need to read it in a hex editor.
However, as I have said, if you use and earlier version than 2.4B you run the risk of the DUID changing.