OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: norg on January 04, 2019, 11:32:11 pm

Title: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: norg on January 04, 2019, 11:32:11 pm: Hi,

since I'm happy that my rather old IPv6 Bug (see https://forum.opnsense.org/index.php?topic=6613.msg28400#msg28400) doesn't occure anymore I have another minor issue.

I have a Deutsche Telekom VDSL business uplink with a static /56 IPv6 net which works quite fine thanks to RouterAdvertisment and PrefixDelegation. But on some of my machines I wondered why there are two IPv6 adresses and saw that one came via DHCPv6 and I saw the DHCP daemon running. So for now my workaround is just to disable the DHCPv6 but wouldn't it be better to have a better setup for this case?

And even if it's enabled I would like to configure it by the UI, when I enter the "Services->DHCPv6" I don't have relay enabled and under leases I see my leases and can stop the service.

I found the config file "/var/dhcpd/etc/dhcpdv6.conf" which looks like this:
Code: [Select]
option domain-name "localdomain"; default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet6 20XX:a:14XX:de24::/64 { range6 20XX:a:14XX:de24::1000 20XX:a:14XX:de24::2000; option dhcp6.name-servers 20XX:a:14XX:de24:f690:eaff:fe00:25ce; prefix6 20XX:a:14XX:de80:: 20XX:a:14XX:def0::/62; } ddns-update-style none;
Which even uses the correct prefix I configured (24). But I can't change any of those options and thus one of my systems has two IPv6 adresses:

Code: [Select]
inet6 20XX:a:14XX:de24::2000/128 scope global dynamic noprefixroute valid_lft 6221sec preferred_lft 3521sec inet6 20XX:a:14XX:de24:43bb:36aa:a555:de5/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86400sec preferred_lft 14400sec
Which is rather confusing. But matches the range configured.

Is this intented to have the DHCPv6 running in that scenario and further more that it can't be configured?

Besides that it runs very smooth now with IPv6!

Thanks so far :)
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: marjohn56 on January 05, 2019, 10:27:25 am: It's not unusual to see a client with more than one IPv6 address, more the norm in fact. It's part of the 'privacy' usage of IPv6. Looking at the client I am using to type this message it has three plus a link local. You'll often see one of them marked as the 'preferred' address and the others are 'temporary'.

If you set a static mapping for a specific client you should always see the client gets that address as one of its IPv6 addresses, it does not mean it will be the only address it gets.

In windows you can turn off privacy extensions for IPv6 thus limiting the number of temporary addresses.

If you think that a single /64 prefix, this is normally what a LAN consists of has 18,446,744,073,709,551,616 addresses it's unlikely that you would have that many clients on the LAN! The reason is the use of temporary addresses for privacy and the fact that every time you restart your PC ( unless statics have been set ) it will get and use a new set of addresses.
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: norg on January 05, 2019, 11:03:50 pm: I know all about this regarding IPv6 and having more IPv6 addresses is normal, but what's rather unusual to have one assigned by SLAAC and one by DHCPv6, especially in my scenario where I don't need it. Thanks for the explanation but I know enough basics of IPv6 :)

My two points are:

1. Should there be a better solution then just disabling the DHCPv6 to honor that it should be configured via SLAAC
2. How can I change the config of the DHCPv6 daemon within the UI instead of the file via CLI
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: marjohn56 on January 06, 2019, 12:04:41 am: Not unusual at all.

https://thenetworkway.wordpress.com/2014/07/02/ipv6-address-assignment-stateless-stateful-dhcp-oh-my/ (https://thenetworkway.wordpress.com/2014/07/02/ipv6-address-assignment-stateless-stateful-dhcp-oh-my/)
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: norg on January 06, 2019, 12:26:34 am: The other informations for sure but I see no advantage of assigning another IPv6 via DHCPv6 in my scenario, especially when I can't even configure that part in detail (like the range for example).

But now I found the "Allow manual adjustment of DHCPv6 and Router Advertisements" option on the LAN interface :p that results in more DHCPv6 settings available.
This would offer me the chance to add some "static" IPv6 to my servers. At least in theory.

Ok I could set the DHCPv6 settings now and RouterAdvertisement as well, but what's not working is the "DHCPv6 Static Mappings for this interface" part. I copy pasted the correct DUID but it still uses the DHCPv6 Range configured instead of the static mapping. It's also interesting that the current lease doesn't show up anymore within the leases section.

Does anyone have any hints how I might debug this? The config looks like this

Code: [Select]
root@OPNsense:~ # cat /var/dhcpd/etc/dhcpdv6.conf option domain-name "localdomain"; default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet6 20XX:a:14XX:de24::/64 { range6 20XX:a:14XX:de24:0:0:23:9000 20XX:a:14XX:de24:0:0:23:9999; option dhcp6.name-servers 20XX:a:14XX:de24:f690:eaff:fe00:25ce; prefix6 20XX:a:14XX:de00:: 20XX:a:14XX:de00::/62; } host s_lan_0 { host-identifier option dhcp6.client-id 00:01:00:01:22:1f:47:1d:00:1b:21:22:46:10; fixed-address6 20XX:a:14XX:de24:0:0:22:8876; option host-name chandra; } ddns-update-style none;
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: marjohn56 on January 06, 2019, 09:47:34 am: There is a fix for the leases not showing up already done. It will appear in the next release. As for static assignment not working - it does work or my mail server would not. Have you rebooted the client after setting up the static assignment in Opnsense?
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: norg on January 06, 2019, 07:27:38 pm: I did restart but didn't work yesterday, but it does today :)
So it seems that the lease was still valid at the OPNSense and thus it didn't assign the new IPv6. With the bugfix I might be able to delete it before I add new static assignments.

Can you link me to the fix so I can test it?
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: marjohn56 on January 06, 2019, 08:27:21 pm: You'd need to install 19.1b.
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: franco on January 06, 2019, 08:56:26 pm: DHCPv6 always runs if you have IPv6 WAN and a LAN tracking that connection. It wasn't shown in the services in this edge case for a long time but that recently changed. If you see DHCPv6 running and it's red, IPv6 is misconfigured and should be disabled. If it's green and doing ok that's fine, if it's not doing ok set LAN to manual tracking and do the DHCPv6 configuration manually (including deciding to turn DHCPv6 on or off).

Cheers,
Franco
Title: Re: DHCPv6 runs although not needed with PPPoE and RA/PD
Post by: norg on January 06, 2019, 10:05:01 pm: I will give the 19.x version a try on my second device to easily switch between those, too.

@franco is it worth adding this to the documentation section? If yes I would write something about that, if not I will just publish it somewhere on my side :)

The manual part did the trick for me but thought it's somethign to "dangerous" as I read the help text.