DHCPv6 Relay not working properly?
-
I have the latest pfSense running on a box which has (for this example) two networks on separate interfaces. Interface em0.1 has my DHCPv4 and DHCPv6 servers on it. Interface em0.6 has a machine on it which gets its address via DHCP. Relay is enabled for both protocols. The DHCPv4 relay works perfectly.
However, the DHCPv6 relay doesn't. What happens is that the relay receives the request, forwards it onto the DHCPv6 servers, which see the request. They then send a relay reply back to the relay (on its ULA). The reply does indeed hit the relay, which is indeed listening on port 547 on the ULA address.
Logs from the DHCPv6 server (the pfSense em0.1 interface is on :1000::254, its em0.6 interface is on :6405::254);
Apr 15 08:05:57 server dhcpd: Relay-forward message from <ula>:1000::254 port 547, link address <gua>:6405::254, peer address <lla> Apr 15 08:05:57 server dhcpd: –> Client-DUID: <duid> Apr 15 08:05:57 server dhcpd: Sending Relay-reply to <ula>:1000::254 port 547</ula></duid></lla></gua></ula>
Netstat on the pfSense box shows something listening on udp6 port 547 and the dhrelay is running;
udp6 0 0 *.547 *.* root 12792 0.0 0.4 12116 4416 - Is Wed22 0:00.15 /usr/local/sbin/dhcrelay -6 -pf /var/run/dhcrelay6.pid -l em0.6 -u <ula>:1000::253%em0.1 -u <ula>:1000::252%em0.1</ula></ula>
The addresses all look right. The downstream for dhcrelay -6 is set to em0.6, and the upstream is set to the ULAs of my two DHCPv6 servers. The relay is actually listening on all addresses (port 547) and I see the relay reply packets hit it. I've also tried putting in a broad-spectrum "allow all the things on port 547" on the firewall to see if it made any difference. It didn't. The DHCPv6 server seems to be doing the right thing - it gets the relay forward, it has the right DUID from the right ULA, and it sends it back to the relay. But the client never gets the reply, and indeed the pfSense box never even tries to send it. It's like the dhcrelay just swallows it.
Anyone know what's going on? Could this be complicated by my DHCPv6 server passing out two networks (a GUA network and a ULA network) to each client?