DHCP6 in Pending status
-
Since upgrading to PFsense 22.01 I am unable to get DHCP6 to work. I am getting the following error message in the system log files :/status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid mvneta1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 15: range6 start address is outside the subnet \x09range6 ::1000 : ^ Configuration file errors encountered -- exiting If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'"
-
You need to set the correct DHCP6 ranges on all interfaces
related to https://redmine.pfsense.org/issues/12527
-
@viktor_g
i use a tool to help me with my ipv6 config for local use, everything I try is the same result. This is the address I am using "fdae:72f4:b50c:906d::1 is that out of range? -
That is a unique local address, not global unique address. A ULA is equivalant to RFC1918 on IPv4. Is that what you want? Also, is there some reason you're using DHCPv6 instead of SLAAC? Android devices don't support DHCPv6.
-
@jknott thanks for replying. Yes I am trying to create local addresses. I was using SLAC but after watching this content from pfsense https://www.youtube.com/watch?v=u4aZJpZJFeI&t=2040s, detailing that the individual client not the firewall provides the protection I changed it. Based on your replies it seems the range are legitimate ranges for local use, and maybe the error message may be a bug.
-
I have not set up a DHCPv6 server, as I use SLAAC. However, ULA addresses start with fc or fd. There was a distintion between the two in that the fc block was supposed to use some server to co-ordinate assignments, though I don't believe that went anywhere. I don't know what could cause that error. What protection are you referring to? Given that ULA addresses are not to be passed over the Internet, there's not much to attack you.