Trigger script when WAN IPv6 address changes
-
Hi,
I'm new to pfSense, and frankly to the BSD universe, but I I got it set up and working the way I intended for the most part already.
One thing I'm still looking for, is a way to execute a script whenever the WAN IPv6 address/prefix changes. I'm using DHCPv6 (Prefix Delegation) on WAN and the LAN interface is tracking WAN.
Is there some kind of hook directory in which you can put scripts that will be triggered when the WAN IPv6 address changes or another way to trigger a custom task when that happens? Now, my ISP-assigned prefix doesn't change all that often, so for the time being a daily cron job works. But, obviously, I would prefer a cleaner solution that triggers when the DHCPv6 lease changes, so that there's is (long) delay between prefix change and script execution.
Thanks!
-
Does the address just change while the connection is up? Does your prefix change? One issue I had was the prefix could change for something as little as disconnecting/reconnecting the Ethernet cable. However, that problem was fixed when the "Do not allow PD/Address release" option was added to pfSense.
-
The prefix usually only changes while the connection is up. So, rebooting the machine doesn't change the prefix. If I power off the machine for a longer time, though, (say, during a long vacation) the device might be assigned a new prefix after such a long downtime.
And, as I said, prefix changes don't happen too often, usually the machine can use the same prefix for at least a month.
-
Do you have that "Do not allow PD/Address release" option selected? That's what's used to keep the prefix from changing. It's on the WAN page. IPv6 uses something called a "DHCPv6 Unique Identifier" (DUID)
which the DHCPv6 server uses to assign a consistent prefix. -
No, I have not. But why would I need that? My ISP specifies that the IPv6 prefix assigned is dynamic. So, I'm not trying to mess with that. The quantity of prefix changes also doesn't bother me, since it doesn't happen that often.
Obviously, pfSense has all it needs, to handle Prefix Delegation in terms of routing, firewalling, etc.. I'm just looking for a way to hook my own script into that process, so I can execute tasks that pfSense can't do by default.
-
You need that because you are complaining about changing addresses and that's how you fix that problem.
Turn it on and see if your addresses continue to change. -
Sorry, but no. I'm not complaining that my address or prefix changes. It may change by specification/design as ISPs are not required to hand out static prefixes to their customers (even though most seem to do so). Technically, this is not so different from IPv4 where ISPs may assign IPv4 addresses dynamically and the router reacts to an address change by updating its configuration.
Now, as I said, I'm not at all experienced with BSD or pfSense. But on a Linux machine with the ISC DHCP Client dhclient, executing a script when the IP address or prefix received via DHCP(v4/v6) changes, is quite simple. Dhclient has a mechanism called enter- and exit-hooks. There you can put in scripts that will be executed when the address changes. Usually you only have hooks defined by packages on your system (such as restarting a daemon after an address change), but you may very well put in your own commands or scripts there.
I'm assuming pfSense or FreeBSD has similar mechanisms. That's probably how the DynDNS service is integrated as well, because that needs to react to address changes as well, obviously. I just haven't identified how these DHCP update mechnisms work in pfSense and whether it's possible to utilize them for custom actions or whether they are all hardcoded.
-
pfSense calls /etc/rc.newwanipv6 when the IPv6 WAN address changes, so you could call your script from there.
-
Thanks. That seems like a good starting point.
I looked the script /etc/rc.newwanipv6 and it looks like I have two options:
a) Modify the script to call my script as well. But then I might have to change that file after every upgrade of pfsense, I'm assuming.
b) At the end of the script, there is a function to restart packages. Maybe I could package my script, so it will be called from there automatically? Will have to investigate this a bit more…