• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DHCP6 Client generates LL-T DUID from hardware MAC even when MAC is spoofed to a different value

DHCP and DNS
1
1
83
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jhg
    last edited by jhg Jan 27, 2025, 6:17 AM Jan 27, 2025, 5:39 AM

    I'm having difficulties with DHCPv6 in a Comcast home network after upgrading my pfSense hardware. For a few days I was able to get it to work by spoofing the MAC address on the new system to the old system's MAC.

    Now, I seem to have lost IPv6 entirely. I get a delegated prefix /64, and pfSense uses it for LAN hosts, but IPv6 packets never see a response. They exit the WAN adapter (checked with tcpdump) but no replies are received.

    Could this be a result of a mismatch between the MAC provided in the DHCP SOLICIT Client Identifier section (the real hardware MAC) not matching the spoofed MAC? Should pfSense be sending the spoofed MAC in the DHCP SOLICIT?

    Here's a pcap of the DHCPv6 transaction
    dhcp6b.pcap

    Additional info - I tried pinging an external host that has IPv6, and where I have a shell and root access:

    • Ping 6 from pfSense - works correctly
    • Ping 4 from LAN host - works correctly
    • Ping 6 from LAN host - ICMPv6 packets are seen to exit pfSense's WAN interface, but do not arrive at the remote host.

    pfSense CE on Beelink EQ12 (N100 CPU, dual 2.5Gbe Intel NICs)
    Hitron CODA56 - Comcast 2.5Gb cable

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.