ISP assigns IPv6 based on DUID



  • Anyone know perhaps how to generate or get the DUID from /var/db/dhcp6c_duid.



  • @Ofloo:

    Anyone know perhaps how to generate or get the DUID from /var/db/dhcp6c_duid.

    What is the real question?  DUID is client or server generated: https://tools.ietf.org/html/rfc3315#section-9 Are you referring to a server or client?  Anyway, what are you trying to do?

    Bear in mind this forum is for feedback to the 2.3 beta for pfSense and hence your question is almost certainly in the wrong forum and probably in the wrong part of the world altogether.

    Cheers
    Jon



  • No I'm using 2.3-beta, .. and yes my isp assigns prefix based on duid so I need the duid for the client/interface. They kinda do like static arp, from what I understand.

    So basically I give my ISP the DUID for my client interface and they assign an prefixed based on that DUID, to me. I did same for IPv4 they asked my mac address of the router then assigned me a static IPv4, now I need to get the DUID for that same interface so they can assign a static IPv6 prefix.



  • I believe the DUID file is generated the first time DHCP6c is executed, so you'll need to set up your WAN for DHCP6 in order for the file to be created, even if your ISP isn't set up yet. Also, I believe it needs to be read with a HEX viewer in order to properly extract the DUID from the file. Otherwise you'll just get the ASCII characters for the hex values in the file.

    Additionally, you may want to back up that DUID file, because if you ever need to reload pfSense from scratch in the future, a new DUID would be generated.



  • @virgiliomi:

    I believe the DUID file is generated the first time DHCP6c is executed, so you'll need to set up your WAN for DHCP6 in order for the file to be created, even if your ISP isn't set up yet. Also, I believe it needs to be read with a HEX viewer in order to properly extract the DUID from the file. Otherwise you'll just get the ASCII characters for the hex values in the file.

    Additionally, you may want to back up that DUID file, because if you ever need to reload pfSense from scratch in the future, a new DUID would be generated.

    I found this

    The DUID is supposed to be stored in permanent storage, not to be changed during a products lifetime.

    I wonder if the DUID should be, if not already, saved as part of the config backup.



  • Oddly enough that you mention that… there actually is a tag in the config for the DUID... however, it's empty, and there's no place in the GUI to set it... so I would imagine that it's there for possible future use.

    The issue with the DUID can be seen two different ways...

    1. It should NEVER change. The user should not be able to manually modify the DUID. The RFC states this is the way it should be, to the extent that this is possible (obviously any operating system will keep the DUID in a file somewhere, and if the filesystem is wiped and OS reloaded, then a new DUID will be generated).

    2. It should be able to change, because if I'm changing hosts, routers, whatever, I don't want to be receiving a new prefix (or in the case of the OP, having to provide the ISP the new DUID).

    I can only imagine that #1 is why the ability to save/modify the DUID - there's a feature request for this over a year old - hasn't been added yet (though like I mentioned, someone was thinking about it at some point). However, there are many people that feel #2 is more important, for whatever the reason may be.



  • Found a script that should work, .. however don't get assigned a ipv6 prefix is there somewhere i can add send duid in the dhcpv6c advanced options? If so how?

    #!/usr/local/bin/perl -w
    
    #### client DUID generator for WIDE-DHCPv6
    #### (C)2007 Jeffrey F. Blank <jfb@mtu.edu>/ Michigan Technological University
    
    use Config;
    use Getopt::Std;
    use POSIX;
    
    #//$FN = getcwd() . '/var/db/dhcp6c_duid';
    $FN = '/var/db/dhcp6c_duid';
    getopts('hm:t:', \%opts);
    
    if ( defined($opts{h}) ) {
    	&usage;
    	exit 0;
    }
    
    if ( (defined($opts{m}) && $#ARGV >= 0) ||
    	(!defined($opts{m}) && ($#ARGV != 0 || $ARGV[0] =~ /^-/o)) )
    {
    	&usage;
    	exit 1;
    }
    
    if ( defined($opts{t}) ) {
    	# timestamp specified; check its format (positive int or "now")
    	$opts{t} = time() if $opts{t} eq 'now';
    	if ( $opts{t} !~ /^\d+$/o ) {
    		&usage;
    		exit 1;
    	}
    	# LLT DUID type
    	$duidtype = 1;
    } else {
    	# LL DUID type
    	$duidtype = 3;
    }
    
    if ( defined($opts{m}) ) {
    	# MAC address specified; use it instead of running 'ifconfig'
    	$l = $opts{m};
    } else {
    	# interface name specified; run 'ifconfig' to retrieve its MAC address
    
    	# start with a default of /sbin/ifconfig and update it if found in $PATH
    	$ifconfig = '/sbin/ifconfig';
    	@path = split(/:/o, $ENV{PATH});
    	foreach(@path) {
    		if ( -e "$_/ifconfig" ) {
    			$ifconfig = "$_/ifconfig";
    			last;
    		}
    	}
    
    	# popen ifconfig command and read its output
    	open(IFC, "$ifconfig $ARGV[0]|")
    		or die "$0: can't popen $ifconfig: $!\n";
    	if ( ! (@ifc=<ifc>) ) {
    		# no need to print an error, as ifconfig probably already did
    		exit ($? >> 8);
    	}
    	close(IFC);
    
    	# we expect the MAC address to be preceded by "hwaddr" or "ether"
    	# and colon-separated
    	@ifc = grep { /(ether|hwaddr)\s*[0-9a-f]{1,2}(:[0-9a-f]{1,2}){5}/oi } @ifc;
    
    	if ( $#ifc != 0 ) {
    		print STDERR "$0: cannot decipher 'ifconfig' output\n";
    		exit 3;
    	}
    
    	chomp ($l=shift @ifc);
    	$l =~ s/^.*(hwaddr|ether)\s*//oi;
    	$l =~ s/\s.*//oi;
    }
    
    # form the first two words of the DUID data: DUID type and link type.
    # link-type is assumed to be ethernet(6)!
    
    $duid_data = chr(0) . chr($duidtype) . chr(0) . chr(6);
    
    if ( defined($opts{t}) ) {
    	# create string from byte values, host byte order
    	for ( $i=24; $i >= 0; $i -= 8 ) {
    		$duid_data .= chr(($opts{t} >> $i) & 0xff);
    	}
    }
    
    @mb = split(/:/o, $l);
    foreach(@mb) {
    	$duid_data .= chr(hex($_));
    }
    
    # first two bytes are DUID length, so figure that out
    $duidlen = length($duid_data);
    
    open(DUID, ">$FN") or die "$0: can't create $FN: $!\n";
    
    # DUID length must be in network byte order, so check what perl thinks its
    # byte order is. could use htons() from Net::Inet, but that's not included
    # in at least some base installations.
    if ( substr($Config{byteorder}, 0, 1) eq '1' ) {
    	# reverse bytes on little-endian hosts
    	printf DUID "%c%c", $duidlen & 0xff, $duidlen >> 8;
    } else {
    	# big-endian host; DUID length is already in network byte order
    	printf DUID "%c%c", $duidlen >> 8, $duidlen & 0xff;
    }
    
    # DUID itself is written in host byte order
    print DUID $duid_data;
    close(DUID) or die "$0: error closing dhpc6c_duid: $!\n";
    
    # print out DUID for potential use in server config file
    $fmt = "successfully created $FN\nDUID is %02x" . (':%02x' x ($duidlen - 1)) . "\n";
    @duid_bytes = ();
    for ( $i=0; $i < $duidlen; $i++ ) {
    	push @duid_bytes, ord(substr($duid_data, $i, 1));
    }
    printf $fmt, @duid_bytes;
    
    ### end main
    ##############
    
    sub usage {
    	print STDERR "usage:\t$0 [ -t <time>] { -m <macaddr>| <ifname>}\n" .
    	    "\tif specified, <macaddr>must be 6 colon-separated hex values\n" .
    	    "\tif specified, <time>must be an integer or 'now'\n";
    }
    
    1;</time></macaddr></ifname></macaddr></time></ifc></jfb@mtu.edu> 
    

    When i hexdump the file the values are in reverse by 2 xxyy become yyxx


Log in to reply