• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trigger script when WAN IPv6 address changes

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    silentcreek
    last edited by Jan 19, 2018, 11:20 AM

    Hi,

    I'm new to pfSense, and frankly to the BSD universe, but I I got it set up and working the way I intended for the most part already.

    One thing I'm still looking for, is a way to execute a script whenever the WAN IPv6 address/prefix changes. I'm using DHCPv6 (Prefix Delegation) on WAN and the LAN interface is tracking WAN.

    Is there some kind of hook directory in which you can put scripts that will be triggered when the WAN IPv6 address changes or another way to trigger a custom task when that happens? Now, my ISP-assigned prefix doesn't change all that often, so for the time being a daily cron job works. But, obviously, I would prefer a cleaner solution that triggers when the DHCPv6 lease changes, so that there's is (long) delay between prefix change and script execution.

    Thanks!

    1 Reply Last reply Reply Quote 0
    • J
      JKnott
      last edited by Jan 19, 2018, 11:55 AM

      Does the address just change while the connection is up?  Does your prefix change?  One issue I had was the prefix could change for something as little as disconnecting/reconnecting the Ethernet cable.  However, that problem was fixed when the "Do not allow PD/Address release" option was added to pfSense.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • S
        silentcreek
        last edited by Jan 19, 2018, 1:15 PM

        The prefix usually only changes while the connection is up. So, rebooting the machine doesn't change the prefix. If I power off the machine for a longer time, though, (say, during a long vacation) the device might be assigned a new prefix after such a long downtime.

        And, as I said, prefix changes don't happen too often, usually the machine can use the same prefix for at least a month.

        1 Reply Last reply Reply Quote 0
        • J
          JKnott
          last edited by Jan 19, 2018, 2:24 PM

          Do you have that "Do not allow PD/Address release" option selected?  That's what's used to keep the prefix from changing.  It's on the WAN page.  IPv6 uses something called a "DHCPv6 Unique Identifier" (DUID)
          which the DHCPv6 server uses to assign a consistent prefix.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • S
            silentcreek
            last edited by Jan 19, 2018, 2:54 PM

            No, I have not. But why would I need that? My ISP specifies that the IPv6 prefix assigned is dynamic. So, I'm not trying to mess with that. The quantity of prefix changes also doesn't bother me, since it doesn't happen that often.

            Obviously, pfSense has all it needs, to handle Prefix Delegation in terms of routing, firewalling, etc.. I'm just looking for a way to hook my own script into that process, so I can execute tasks that pfSense can't do by default.

            1 Reply Last reply Reply Quote 0
            • J
              JKnott
              last edited by Jan 19, 2018, 3:28 PM

              You need that because you are complaining about changing addresses and that's how you fix that problem.
              Turn it on and see if your addresses continue to change.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • S
                silentcreek
                last edited by Jan 19, 2018, 4:17 PM

                Sorry, but no. I'm not complaining that my address or prefix changes. It may change by specification/design as ISPs are not required to hand out static prefixes to their customers (even though most seem to do so). Technically, this is not so different from IPv4 where ISPs may assign IPv4 addresses dynamically and the router reacts to an address change by updating its configuration.

                Now, as I said, I'm not at all experienced with BSD or pfSense. But on a Linux machine with the ISC DHCP Client dhclient, executing a script when the IP address or prefix received via DHCP(v4/v6) changes, is quite simple. Dhclient has a mechanism called enter- and exit-hooks. There you can put in scripts that will be executed when the address changes. Usually you only have hooks defined by packages on your system (such as restarting a daemon after an address change), but you may very well put in your own commands or scripts there.

                I'm assuming pfSense or FreeBSD has similar mechanisms. That's probably how the DynDNS service is integrated as well, because that needs to react to address changes as well, obviously. I just haven't identified how these DHCP update mechnisms work in pfSense and whether it's possible to utilize them for custom actions or whether they are all hardcoded.

                1 Reply Last reply Reply Quote 0
                • G
                  Grimson Banned
                  last edited by Jan 19, 2018, 9:40 PM

                  pfSense calls /etc/rc.newwanipv6 when the IPv6 WAN address changes, so you could call your script from there.

                  1 Reply Last reply Reply Quote 0
                  • S
                    silentcreek
                    last edited by Jan 20, 2018, 9:47 PM

                    Thanks. That seems like a good starting point.

                    I looked the script /etc/rc.newwanipv6 and it looks like I have two options:

                    a) Modify the script to call my script as well. But then I might have to change that file after every upgrade of pfsense, I'm assuming.
                    b) At the end of the script, there is a function to restart packages. Maybe I could package my script, so it will be called from there automatically? Will have to investigate this a bit more…

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received