Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Clients not receiving DHCP6 lease

    Scheduled Pinned Locked Moved DHCP and DNS
    10 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ronald82
      last edited by

      Hi there,

      Please bear with me as I'm just starting to learn IPv6.

      I have setup a new pfSense box with a WAN, LAN, DMZ (with public subnet) and IPv6 tunnel from tunnelbroker.
      I have both DHCP and DHCP6 configured on my DMZ interface, but while IPv4 leases come through the IPv6 do not.

      I first tried with the DNS forwarder enabled, this gave an error stating dhcpleases.pid is missing. I then disabled the DNS forwarder and enabled the DNS resolver.

      DHCPv6 settings

      • I've set a range.
      • I've set the prefix delegation size.
      • DNS server has been left empty but is currently configured for the DMZ interface IPv6 address.
      • Domain name has been set.
      • NTP server has been set.
      • All other settings are either blank or default.

      Router Advertisements:

      • Router mode has been set to Assisted
      • Router priority to Normal.
      • All other settings where left untouched.

      My DHCP logs do not show any error messages. I can see my client receiving an IPv4 address immediately, but there's no logs at all for IPv6 (except for DHCP listening on IPv6.

      Requesting a new lease on the client show a continuous loop of the following:

      Listening on Socket/ens192
      Sending on   Socket/ens192
      PRC: Previous lease is devoid of active addresses.
      PRC: Soliciting for leases (INIT).
      XMT: Forming Solicit, 0 ms elapsed.
      XMT:  X-- IA_NA 29:60:1d:97
      XMT:  | X-- Request renew in  +3600
      XMT:  | X-- Request rebind in +5400
      XMT: Solicit on ens192, interval 1060ms.
      XMT: Forming Solicit, 1060 ms elapsed.
      XMT:  X-- IA_NA 29:60:1d:97
      XMT:  | X-- Request renew in  +3600
      XMT:  | X-- Request rebind in +5400
      XMT: Solicit on ens192, interval 2020ms.
      

      I'm not sure where to look anymore and hope someone might have a suggestion to get me a bit further with this.
      Any help would be much appreciated.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        please make a screenshot of what you have done
        interfaces must be set with /64 prefix
        check if you forgot to Enable DHCPv6 server on interface
        if the client is linux you need to launch dhclient with -6
        or configure the interface with iface interface inet6 auto

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        R 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott
          last edited by

          Also, Packet Capture can help.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • R
            ronald82 @kiokoman
            last edited by

            @kiokoman @JKnott
            Hey there,
            Thanks for your reply.
            On the client (Debian server) the /etc/network/interfaces looks like:

            auto lo
            iface lo inet loopback
            
            auto ens192
            iface ens192 inet dhcp
            iface ens192 inet6 dhcp
            

            The IPv6 configuration on the DMZ interface has been set to static and is configured like in the attached screenshot.
            DMZ Interface

            Here's a screenshot of DHCP6 on the DMZ being enabled:
            DHCP6

            When on the client I perform a:
            ifdown ens192 && ifup ens192
            The pfSense logfile shows only the following for IPv4 while on the client I can clearly see it's trying to request an IPv6 lease:
            DHCP Log

            A Packet capture shows the following:
            Packet Capture

            I'm at a total loss here. I've done this on previous occasions where everything just worked, but I can't seem to figure this one out.

            Thanks for any suggestions. If any more info is needed, let me know. I'll gladly provide you with more.

            JKnottJ 1 Reply Last reply Reply Quote 0
            • R
              ronald82
              last edited by

              I also did a second packet capture with full details:

              00:54:36.250784 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 0) (IA_NA IAID:694164887 T1:3600 T2:5400))
              
              00:54:37.312074 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 106) (IA_NA IAID:694164887 T1:3600 T2:5400))
              00:54:39.364341 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 311) (IA_NA IAID:694164887 T1:3600 T2:5400))
              
              00:54:43.398582 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 714) (IA_NA IAID:694164887 T1:3600 T2:5400))
              
              
              1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @ronald82
                last edited by JKnott

                @ronald82

                By itself, the packet capture in pfSense doesn't show much. You can download the capture and view it in Wireshark, which will provide more info.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • kiokomanK
                  kiokoman LAYER 8
                  last edited by

                  check firewall rules for ipv6
                  check from terminal if the service is running

                  ps aux | grep dhcpd
                  

                  you should have something like this

                  dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf   /var/run/dhcpdv6.pid ix0 ix0.30 ix0.100
                  

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  R 1 Reply Last reply Reply Quote 0
                  • R
                    ronald82 @kiokoman
                    last edited by ronald82

                    @kiokoman
                    I've done like you said and it seems as though dhcp6 is not running:
                    grep dhcpd
                    EDIT: I might be wrong with my conclusion as my client connected to the LAN interface has not problem getting an IPv6 lease. :(

                    Also these are the rules configured on the paticular interface:
                    DMZ rules

                    Any idea what might cause DHCP6 not to start without giving error messages in the GUI?

                    EDIT 2: I'm getting more and more confused by the minute. I noticed my DMZ client did had an IPv6 address attached to it. However I thought this would be from a previous setup. Now when I looked closer is seems the DMZ client has an IPv6 address in the range configured in DHCP6. However when I do a:

                    ifdown ens192 && ifup ens192
                    

                    it still keeps hanging at the IPv6 lease part. I've also tried to temporarily disable IPv6 on the client and refreshing it's lease for IPv4 and done a reboot at which time IPv6 was being enabled again.
                    As expected it takes ages to boot on the requesting lease part.
                    The client also doesn't appear in the IPv6 leases on pfSense.

                    Sorry for all the edits.

                    1 Reply Last reply Reply Quote 0
                    • kiokomanK
                      kiokoman LAYER 8
                      last edited by

                      there is no dhcp6 on pfsense,
                      there is dhcpd and dhcpd -6
                      it's truncated but i think that you have it running as you have 2 istances of dhcpd

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 0
                      • R
                        ronald82
                        last edited by

                        Thanks for that clarification.
                        I assumed that much as my LAN clients have no problem getting IPv6 leases.
                        I think I'm going to wipe this machine and build a new one. I would love to thinker with it and find out what exactly is causing this but unfortunately I just don't have that much time.
                        Thanks a lot for the help so far, it's really appreciated.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.