DHCP6c behavior changed in 2.4.4 (seems to)



  • Hi all,
    this is just a warning what could happen if you have a bit more complex v6 setup. Provider gives fixed /56, pfsense gets /60 from modem and sets /64 per interface via Track Interface. After updating my APU from 2.4.3-p1 to 2.4.4 first test from clients (via RA) connectivity seems to be ok over v6. But a bit later i was alerted, that NO Server is reachable via IPv6. After some confusion i realized, that the subnet prefix changed. It was "f1" before and now it is "e1". No way to change this. After some debugging, restarting, reinstalling, restoring i had to give up and have to manually change fixed interfaces on servers, DNS/ACL's/Configurations manually on all systems. Even with sed and grep some hours work..
    I know this is not a complete description, but pressure was a bit high.


  • Rebel Alliance Developer Netgate

    Track hands out what the ISP gives you. I don't think anything changed there much if at all. It sounds like the ISP gave you a different prefix, are you certain that it's the same static prefix you had before?



  • @jimp it is for 101% the same /56 prefix as before. But the /60 handed out by modem changed. Could find no parameter to change this. The Modem was restarted too. P.S. I do not blame pfsense for this. But the update was the trigger.

    2a01:a1f2:fecb::5a00::/56 from Provider (obfuscated)

    2a01:a1f2:fecb::5a00::/60
    2a01:a1f2:fecb::5a10::/60
    ::::
    2a01:a1f2:fecb::5ad0::/60
    2a01:a1f2:fecb::5ae0::/60 new under 2.4.4
    2a01:a1f2:fecb::5af0::/60 before with 2.4.3-p1

    Then add "IPv6 Prefix ID" 1 on Track Interface and the result is:
    2a01:a1f2:fecb::5ae1::/64 new under 2.4.4
    2a01:a1f2:fecb::5af1::/64 before with 2.4.3-p1



  • Ok, found probably the cause. I checked the external logs several times and then i realized, that the however generated DUID changed. Overlooked this because only the middle part changed.

    00:01:00:01:22:56:08:42:00:0a:9b:a2:91:a3
    00:01:00:01:23:3d:32:32:00:0a:9b:a2:91:a3

    As i understand starting with 2.4.4 we can restore this (or search for it in local log) But it is NOT in the backup... Workaround before upgrade:

    grep DUID /var/log/dhcpd.log
    

    And copy DUID (could be multiple)
    Will try later to look what happens when i reboot with the old DUID inserted in " System/Advanced/Networking". Report follows.



  • I can confirm, that restoring DUID helped to change to former subnet. And now there is a entry stored in 2.4.4 config.

    <global-v6duid>00:01:00:01:22:56:08:42:00:0a:9b:a2:91:a3</global-v6duid>