4. Clients not receiving DHCP6 lease

Clients not receiving DHCP6 lease

  • R

    Hi there,

    Please bear with me as I'm just starting to learn IPv6.

    I have setup a new pfSense box with a WAN, LAN, DMZ (with public subnet) and IPv6 tunnel from tunnelbroker.
    I have both DHCP and DHCP6 configured on my DMZ interface, but while IPv4 leases come through the IPv6 do not.

    I first tried with the DNS forwarder enabled, this gave an error stating dhcpleases.pid is missing. I then disabled the DNS forwarder and enabled the DNS resolver.

    DHCPv6 settings

    • I've set a range.
    • I've set the prefix delegation size.
    • DNS server has been left empty but is currently configured for the DMZ interface IPv6 address.
    • Domain name has been set.
    • NTP server has been set.
    • All other settings are either blank or default.

    Router Advertisements:

    • Router mode has been set to Assisted
    • Router priority to Normal.
    • All other settings where left untouched.

    My DHCP logs do not show any error messages. I can see my client receiving an IPv4 address immediately, but there's no logs at all for IPv6 (except for DHCP listening on IPv6.

    Requesting a new lease on the client show a continuous loop of the following:

    Listening on Socket/ens192
Sending on   Socket/ens192
PRC: Previous lease is devoid of active addresses.
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:60:1d:97
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on ens192, interval 1060ms.
XMT: Forming Solicit, 1060 ms elapsed.
XMT:  X-- IA_NA 29:60:1d:97
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on ens192, interval 2020ms.

    I'm not sure where to look anymore and hope someone might have a suggestion to get me a bit further with this.
    Any help would be much appreciated.

    0
  • LAYER 8

    please make a screenshot of what you have done
    interfaces must be set with /64 prefix
    check if you forgot to Enable DHCPv6 server on interface
    if the client is linux you need to launch dhclient with -6
    or configure the interface with iface interface inet6 auto

    0
    R
     1 Reply

  • Also, Packet Capture can help.

    0
  • R

    @kiokoman @JKnott
    Hey there,
    Thanks for your reply.
    On the client (Debian server) the /etc/network/interfaces looks like:

    auto lo
iface lo inet loopback

auto ens192
iface ens192 inet dhcp
iface ens192 inet6 dhcp

    The IPv6 configuration on the DMZ interface has been set to static and is configured like in the attached screenshot.
    DMZ Interface

    Here's a screenshot of DHCP6 on the DMZ being enabled:
    DHCP6

    When on the client I perform a:
    ifdown ens192 && ifup ens192
    The pfSense logfile shows only the following for IPv4 while on the client I can clearly see it's trying to request an IPv6 lease:
    DHCP Log

    A Packet capture shows the following:
    Packet Capture

    I'm at a total loss here. I've done this on previous occasions where everything just worked, but I can't seem to figure this one out.

    Thanks for any suggestions. If any more info is needed, let me know. I'll gladly provide you with more.

    0 1 Reply
  • R

    I also did a second packet capture with full details:

    00:54:36.250784 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 0) (IA_NA IAID:694164887 T1:3600 T2:5400))

00:54:37.312074 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 106) (IA_NA IAID:694164887 T1:3600 T2:5400))
00:54:39.364341 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 311) (IA_NA IAID:694164887 T1:3600 T2:5400))

00:54:43.398582 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 714) (IA_NA IAID:694164887 T1:3600 T2:5400))
    0

  • @ronald82

    By itself, the packet capture in pfSense doesn't show much. You can download the capture and view it in Wireshark, which will provide more info.

    0
  • LAYER 8

    check firewall rules for ipv6
    check from terminal if the service is running

    ps aux | grep dhcpd

    you should have something like this

    dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf   /var/run/dhcpdv6.pid ix0 ix0.30 ix0.100
    0
    R
     1 Reply
  • R

    @kiokoman
    I've done like you said and it seems as though dhcp6 is not running:
    grep dhcpd
    EDIT: I might be wrong with my conclusion as my client connected to the LAN interface has not problem getting an IPv6 lease. :(

    Also these are the rules configured on the paticular interface:
    DMZ rules

    Any idea what might cause DHCP6 not to start without giving error messages in the GUI?

    EDIT 2: I'm getting more and more confused by the minute. I noticed my DMZ client did had an IPv6 address attached to it. However I thought this would be from a previous setup. Now when I looked closer is seems the DMZ client has an IPv6 address in the range configured in DHCP6. However when I do a:

    ifdown ens192 && ifup ens192

    it still keeps hanging at the IPv6 lease part. I've also tried to temporarily disable IPv6 on the client and refreshing it's lease for IPv4 and done a reboot at which time IPv6 was being enabled again.
    As expected it takes ages to boot on the requesting lease part.
    The client also doesn't appear in the IPv6 leases on pfSense.

    Sorry for all the edits.

    0
  • LAYER 8

    there is no dhcp6 on pfsense,
    there is dhcpd and dhcpd -6
    it's truncated but i think that you have it running as you have 2 istances of dhcpd

    0
  • R

    Thanks for that clarification.
    I assumed that much as my LAN clients have no problem getting IPv6 leases.
    I think I'm going to wipe this machine and build a new one. I would love to thinker with it and find out what exactly is causing this but unfortunately I just don't have that much time.
    Thanks a lot for the help so far, it's really appreciated.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy