Need to find WAN (em0) DUID for ipv6
-
Hi all,
Just started with PFSense and at first glance it seems great.
Works really well in my homelab and it's showing great potential.Nearly all the things I need are set up. But one missing is IPv6.
I have business subscription and for my provider (Telenet, Belgium) I need the DUID address of the router before they can give me a fixed ipv6 address.Without it don't have ipv6.
I've been looking for it and even decripted my DUID from the command "hexdump -v -C /var/db/dhcp6c_duid"
A value comes out of it. But when I enter it in my providers configuration section I receive the message "DUID invalid"So the question now is, am I looking in the wrong direction? Am I using the wrong command? Or can't this be done?
I need the DUID to receive my fixed IPV6 address and to make it work on my servers.Any ideas?
Many thanks!
Don
-
????
I don't think I've ever heard of a DUID address. A DUID == DHCP Unique IDentifier. All it does is provide a unique ID for your router, which the ISP assigns an address block to. Since it's supposed to be consistent, the ISP will assign the same address block indefinitely. Perhaps you can better describe what's happening or not happening.
-
Hi J.
I think you could say its like a MAC address for IPv6.
Pfsense should create this on its own. But isn't doing it.It should be stated under the interfaces of my server for EM0.
And I need it for my provider, as the router (pfsense) should advertise it.Cheers,
Don
-
Was a little interested so built a vm :-
*** Welcome to pfSense 2.3.3-RELEASE-p1 (amd64 full-install) on pfsense-vm1 ***
WAN (wan) -> em0 -> v4/DHCP4: 192.168.12.129/24
LAN (lan) -> em1 -> v4/DHCP4: 172.16.2.34/24
v6/DHCP6: 2a02:XXXX:XXXX:2::2000/128Enter an option: 8
[2.3.3-RELEASE][admin@pfsense-vm1.localdomain]/root: od -h /var/db/dhcp6c_duid
0000000 000e 0100 0100 9620 e054 0c00 1429 eaab
0000020
[2.3.3-RELEASE][admin@pfsense-vm1.localdomain]/root:Looks like it juggles some of the info about, check out the attached screen shot from my main router that it got an IP from :-
-
As I said before, you need to better describe the issues. Do you not get an IPv6 address at all? Not get a prefix??? Without knowing more details, it's hard to know what you need. And yes, I know it's an ID, like the MAC for DHCP and was even thinking about mentioning it. However, the DUID is not an address, though it may, but not necessarily, be based on the MAC.
pfSense will create the DUID as required. Also, you'll want to use a recent version of pfSense, that has the setting "Do not allow PD/Address release", on the WAN config, to provide a consistent prefix. With earlier versions, that didn't have that option, the prefix could change for something as trivial as unplugging the WAN cable.
-
I think hes saying he needs to provide his ISP the DUID before they will provide him IPv6.
-
Sorry. Typing from my mobile.
Exactly what Nog said.I need the DUID of EM0 before my ISP will give me a fixed IPv6 address.
-
I need the DUID of EM0 before my ISP will give me a fixed IPv6 address.
So you are getting an IPv6 prefix, but it changes? Then can I assume your router gets an address, as that does not require a DUID? The DUID is included in the DHCPv6-PD request and that's how the ISP is supposed to get it. It then provides the prefix previously associated with that DUID. It all happens automagically.
-
Maybe you'll be able to see it with a packet capture on the wan interface after enabling IPv6.
Open the capture up in wireshark and filter for dhcpv6, then look at the middle window, you may see it in the dhcpv6 packets.
It sort of sucks that your ISP is asking for it as you'll need to inform them when your hardware changes.
-
I have used Wireshark to look at the DUID. I used a small managed switch, configured for port mirroring, to monitor with my notebook computer.
I agree it's strange that the ISP requires a customer to provide that, as they're breaking DHCPv6-PD.
Is the DUID even stored anywhere? Or is it just generated when needed?
-
If pfsense still uses ISC dhcpv6 its created once at first boot based on MAC address and time.
It does make me wonder if my pfSense virtual machines that I've cloned then renamed are trying to use the same DUID.
I think its stored where Dom mentioned, I can see elements of my DUID in the previous post.
-
I just verified /var/db/dhcp6c_duid contains the same DUID as shown in Wireshark. Also, it was created in Dec, which, IIRC, was when I installed the version that allowed retaining the same prefix. I used to have a DUID from last May, when I first started running pfSense. One other thing I noticed is the byte order, in each 16 bits is reversed. For example, where the file shows "d3f2", Wireshark displays "f2d3". Also, that file contains 16 bytes, but one 14 are displayed in Wireshark, with the remaining 2 bytes in the length field, and in the same byte order
So the OP can either copy that file or use the results of that command to get the DUID for the ISP.
Still, it's strange the ISP requires that.
-
So this is what I'm talking about.
My ISP does give you a IPv6 address, but that's a DHCP lease.If you want a permanent IPv6 address, you need to enter your routers (pfsense) WAN DUID address so they can grant you permanent fixed one.
-
Are they charging €28 for IPv6? (the €28 is all I understood of that quote) My ISP provides a /56 prefix (256 x /64) for no extra cost over what I pay for a single IPv4 address. In fact, when I changed to a plan that provided the modem needed for IPv6, my bill dropped by about $50/month (TV, Internet & home phone bundle). What size prefix are they providing for that? Also, for 6 years, prior to my ISP offering native IPv6, I used a 6in4 tunnel, with a /56 prefix at absolutely no cost. Another tunnel provider offers a /48 (65536 x /64) for free.
-
If you use pfsense 2.4 beta, the DUID is displayed in System / Advanced / Networking / IPv6 Options / DHCP6 DUID. It's a DUID-LLT format.
-
It does make me wonder if my pfSense virtual machines that I've cloned then renamed are trying to use the same DUID.
Had a play and cloned a VM today, changed the mac addresses and they both seem to use the same DUID.
If you delete /var/db/dhcp6c_duid a new version with a different DUID is created after a reboot.
-
In Interfaces/WAN check "Start DHCP6 client in debug mode" and watch the DHCP tab in system logs at reconnect.
-
Thank you all for the tips, I will check this out.
Upgrading to a beta is not something I wish to do as last (stable) upgrade made my pfsense unbootable…I will wait for the latest version and watch for my DUID or try one of the other tests to see what I can gather.
About my provider. I have a fixed IP already as it's included in my business account.
The price you see is for a non-business user to get one.What they do is basicly map a static to your device through address reservation ( MAC and/ or DUID).
-
So I've upgraded to 2.3.4 and I do not see the IPv6 DUID listed under Advanced / Networking / IPv6.
Attached are screenshots of my version and IPv6 view.
-
You have to upgrade to 2.4 beta to see the DUID in GUI. In 2.3.x you either have to decode the /var/db/dhcp6c_duid file, snif it or start the dhcp6 client in debug mode and watch the logs. IMO starting the dhcp6 client in debug mode seems the sensible solution.
