Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6 failover peer broken due to 'deny dynamic bootp clients' in dhcpdv6.conf

    Scheduled Pinned Locked Moved
    2.1 Snapshot Feedback and Problems - RETIRED
    2
    3
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justanotherpfsenseuser
      last edited by

      Having tried to enable failover for ipv6 dns I added the backup firewall's ipv6 address to the dhcpdv6 config page and the subsequent restart of dhcpd failed:

      fw1 php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vr1_vlan69' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.5-P1 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 15: expecting allow/deny key deny dynamic ^ /etc/dhcpdv6.conf line 15: expecting a parameter or declaration deny dynamic bootp clients; ^ Configuration file errors encountered – exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the

      Having looked at the /var/dhcpd/etc/dhcpdv6.conf file I see it has not actually added teh config for a failover peer, however has inserted the following:

      subnet6 2001:40a0:1011:69::/64 {
      deny dynamic bootp clients;

      I can see mention of this in dhcpd.conf man page that suggests this should be used when a failover peer is configured, althought the example config puts this command within the pool { } config section that seems not to be present here?

      Does anyone else have a working ipv6 dhcp failover config?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • J
        justanotherpfsenseuser
        last edited by

        still broken, this may be something to look at before progressing to RC2 as it doesnt seem like you can have a resilient pair of firewalls if you want to use DHCP for ipv6 address assignment :(

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          DHCPv6 does not support failover, not sure why the options were in the GUI, but aside from the one that broken the backup config, they were not in the backend.

          Current recommendation is to run them independently with separate pools.

          We're considering maybe having the DHCPv6 daemon shut down in a failover config if the interface is in a CARP backup status, but that isn't quite so easy.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post