Clients not receiving DHCP6 lease

ronald82

Hi there,

Please bear with me as I'm just starting to learn IPv6.

I have setup a new pfSense box with a WAN, LAN, DMZ (with public subnet) and IPv6 tunnel from tunnelbroker.
I have both DHCP and DHCP6 configured on my DMZ interface, but while IPv4 leases come through the IPv6 do not.

I first tried with the DNS forwarder enabled, this gave an error stating dhcpleases.pid is missing. I then disabled the DNS forwarder and enabled the DNS resolver.

DHCPv6 settings

I've set a range.
I've set the prefix delegation size.
DNS server has been left empty but is currently configured for the DMZ interface IPv6 address.
Domain name has been set.
NTP server has been set.
All other settings are either blank or default.

Router Advertisements:

Router mode has been set to Assisted
Router priority to Normal.
All other settings where left untouched.

My DHCP logs do not show any error messages. I can see my client receiving an IPv4 address immediately, but there's no logs at all for IPv6 (except for DHCP listening on IPv6.

Requesting a new lease on the client show a continuous loop of the following:

Listening on Socket/ens192
Sending on   Socket/ens192
PRC: Previous lease is devoid of active addresses.
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:60:1d:97
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on ens192, interval 1060ms.
XMT: Forming Solicit, 1060 ms elapsed.
XMT:  X-- IA_NA 29:60:1d:97
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on ens192, interval 2020ms.

I'm not sure where to look anymore and hope someone might have a suggestion to get me a bit further with this.
Any help would be much appreciated.

kiokoman

please make a screenshot of what you have done
interfaces must be set with /64 prefix
check if you forgot to Enable DHCPv6 server on interface
if the client is linux you need to launch dhclient with -6
or configure the interface with iface interface inet6 auto

JKnott

Also, Packet Capture can help.

ronald82

@kiokoman @JKnott
Hey there,
Thanks for your reply.
On the client (Debian server) the /etc/network/interfaces looks like:

auto lo
iface lo inet loopback

auto ens192
iface ens192 inet dhcp
iface ens192 inet6 dhcp

The IPv6 configuration on the DMZ interface has been set to static and is configured like in the attached screenshot.

Here's a screenshot of DHCP6 on the DMZ being enabled:
DHCP6

When on the client I perform a:
ifdown ens192 && ifup ens192
The pfSense logfile shows only the following for IPv4 while on the client I can clearly see it's trying to request an IPv6 lease:
DHCP Log

A Packet capture shows the following:

I'm at a total loss here. I've done this on previous occasions where everything just worked, but I can't seem to figure this one out.

Thanks for any suggestions. If any more info is needed, let me know. I'll gladly provide you with more.

ronald82

I also did a second packet capture with full details:

00:54:36.250784 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 0) (IA_NA IAID:694164887 T1:3600 T2:5400))

00:54:37.312074 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 106) (IA_NA IAID:694164887 T1:3600 T2:5400))
00:54:39.364341 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 311) (IA_NA IAID:694164887 T1:3600 T2:5400))

00:54:43.398582 00:0c:29:60:1d:97 > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 118: (flowlabel 0x93c42, hlim 1, next-header UDP (17) payload length: 64) fe80::20c:29ff:fe60:1d97.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=f9821e (client-ID hwaddr/time type 1 time 622075167 000c29601d97) (option-request DNS-server DNS-search-list Client-FQDN SNTP-servers) (elapsed-time 714) (IA_NA IAID:694164887 T1:3600 T2:5400))

JKnott

@ronald82

By itself, the packet capture in pfSense doesn't show much. You can download the capture and view it in Wireshark, which will provide more info.

kiokoman

check firewall rules for ipv6
check from terminal if the service is running

ps aux | grep dhcpd

you should have something like this

dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf   /var/run/dhcpdv6.pid ix0 ix0.30 ix0.100

ronald82

@kiokoman
I've done like you said and it seems as though dhcp6 is not running:
grep dhcpd
EDIT: I might be wrong with my conclusion as my client connected to the LAN interface has not problem getting an IPv6 lease. :(

Also these are the rules configured on the paticular interface:
DMZ rules

Any idea what might cause DHCP6 not to start without giving error messages in the GUI?

EDIT 2: I'm getting more and more confused by the minute. I noticed my DMZ client did had an IPv6 address attached to it. However I thought this would be from a previous setup. Now when I looked closer is seems the DMZ client has an IPv6 address in the range configured in DHCP6. However when I do a:

ifdown ens192 && ifup ens192

it still keeps hanging at the IPv6 lease part. I've also tried to temporarily disable IPv6 on the client and refreshing it's lease for IPv4 and done a reboot at which time IPv6 was being enabled again.
As expected it takes ages to boot on the requesting lease part.
The client also doesn't appear in the IPv6 leases on pfSense.

Sorry for all the edits.

kiokoman

there is no dhcp6 on pfsense,
there is dhcpd and dhcpd -6
it's truncated but i think that you have it running as you have 2 istances of dhcpd

ronald82

Thanks for that clarification.
I assumed that much as my LAN clients have no problem getting IPv6 leases.
I think I'm going to wipe this machine and build a new one. I would love to thinker with it and find out what exactly is causing this but unfortunately I just don't have that much time.
Thanks a lot for the help so far, it's really appreciated.