DHCPv6 range

Morta · August 01, 2023, 09:04:57 PM

Hi

I want for my clients a range from 2a02:XXX:a774::2 to 2a02:XXX:a774::ffff

I did this under Service -> DHCPv6 following settings

but mi clients has still addresses like this one, why?

2a02:XXX:a774:be33:de22:ab42:3245:ff32

Should look like this

2a02:XXX:a774::34d4

Maurice · August 01, 2023, 11:37:11 PM

Screenshot is unreadable, but assuming you configured it correctly: Probably SLAAC addresses. Do they have this pattern?

2a02:XXX:a774:be33:123:45ff:fe67:89ab

... and by the way: 2a02:XXX:a774::2 to 2a02:XXX:a774::ffff requires a /48 (because the subnet ID is 0x0000). Do you have a /48?

Morta · August 02, 2023, 04:16:24 AM

Where can I check if it's SLAAC adresses?

Second try

Morta · August 02, 2023, 04:21:21 AM

A screenshot from a client

No SLAAC at all

cstevens · August 02, 2023, 04:53:48 AM

Quote from: Maurice on August 01, 2023, 11:37:11 PM
Screenshot is unreadable, but assuming you configured it correctly: Probably SLAAC addresses. Do they have this pattern?

2a02:XXX:a774:be33:123:45ff:fe67:89ab

... and by the way: 2a02:XXX:a774::2 to 2a02:XXX:a774::ffff requires a /48 (because the subnet ID is 0x0000). Do you have a /48?

Are you sure? Let's uncompress the IP's then compare:

2a02:xxx:a774::2 = 2a02:xxx:a774:0000:0000:0000:0000:0002

2a02:xxx:a774::ffff = 2a02:xxx:a774:0000:0000:0000:0000:ffff

This range fits in a /64, and I'd argue a /112 too, if the range ended in ::fffe

I think you're confusing 2a02:xxx:a774::ffff with 2a02:xxx:a774:ffff:ffff:ffff:ffff:ffff

cstevens · August 02, 2023, 04:56:36 AM

Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN) Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Morta · August 02, 2023, 04:59:46 AM

Quote from: cstevens on August 02, 2023, 04:56:36 AM
Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)

Assisted

Morta · August 02, 2023, 05:07:38 AM

Quote from: cstevens on August 02, 2023, 04:56:36 AM
Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN) Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

Morta · August 02, 2023, 05:13:47 AM

Quote from: Morta on August 02, 2023, 05:07:38 AM
Quote from: cstevens on August 02, 2023, 04:56:36 AM
Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN) Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

cstevens · August 02, 2023, 05:30:21 AM

Quote from: Morta on August 02, 2023, 05:13:47 AM
Quote from: Morta on August 02, 2023, 05:07:38 AM
Quote from: cstevens on August 02, 2023, 04:56:36 AM
Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN) Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

Take a look at this thread: https://forum.opnsense.org/index.php?topic=35135.0

There's currently a bug where dynamic leases aren't showing up in the GUI. There's a patch available in that thread. But yes, it should be set to managed if you want DHCP to work.

Try restarting networking on the client (systemctl restart systemd-networkd) or just rebooting it.

Also, do you have a static IP assigned to the LAN interface? I remember there being bugs in the past if you were using "track interface"

Edit: actually, assisted should work also.

SLAAC stands for stateless address auto configuration, meaning, your workstation assigns itself an IP address based on what it sees in the router advertisements. It's kind of like a 169.254 address in ipv4. These self-assigned addresses COULD be based on your MAC address, unless your client has security extensions enabled, in which case they won't be based off your MAC.

Maybe you'll see something interesting if you tail your dhcp logs: tail -f /var/log/dhcpd/latest.log

Edit #2: is there anything in your /var/dhcpd/var/db/dhcpd6.leases file?

Morta · August 02, 2023, 06:09:07 AM

Quote from: cstevens on August 02, 2023, 05:30:21 AM
Quote from: Morta on August 02, 2023, 05:13:47 AM
Quote from: Morta on August 02, 2023, 05:07:38 AM
Quote from: cstevens on August 02, 2023, 04:56:36 AM
Quote from: Morta on August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN) Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

Take a look at this thread: https://forum.opnsense.org/index.php?topic=35135.0

There's currently a bug where dynamic leases aren't showing up in the GUI. There's a patch available in that thread. But yes, it should be set to managed if you want DHCP to work.

Try restarting networking on the client (systemctl restart systemd-networkd) or just rebooting it.

Also, do you have a static IP assigned to the LAN interface? I remember there being bugs in the past if you were using "track interface"

Edit: actually, assisted should work also.

SLAAC stands for stateless address auto configuration, meaning, your workstation assigns itself an IP address based on what it sees in the router advertisements. It's kind of like a 169.254 address in ipv4. These self-assigned addresses COULD be based on your MAC address, unless your client has security extensions enabled, in which case they won't be based off your MAC.

Maybe you'll see something interesting if you tail your dhcp logs: tail -f /var/log/dhcpd/latest.log

Edit #2: is there anything in your /var/dhcpd/var/db/dhcpd6.leases file?

1. I did the both patch and rebooted the router no affects...

2.

Code Select

<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="26"] Renew message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x78137F00
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="27"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="28"] Request message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x7731700
<191>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="29"] Picking pool address 2a02:168:a774::bdcb
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="30"] Reply NA: address 2a02:168:a774::bdcb to client with duid 00:01:00:01:2c:3e:a1:c8:3c:01:ef:53:31:f6 iaid = -279760394 valid for 7200 seconds
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="31"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="32"] Solicit message from fe80::be3b:ea53:bdd:9f8c port 546, transaction ID 0x43DB4400
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="33"] Reply NA: address 2a02:168:a774::f3b8 to client with duid

3.

Code Select


# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.3-P1

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 03:11:41;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:41;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:11:48;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:48;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:12:03;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:03;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:12:20;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:20;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:16:33;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:16:33;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:42:09;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:09;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:42:14;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:14;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:42:50;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:50;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:54:03;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:54:03;
  }
}

ia-na "\3661S\357\000\001\000\001,>\241\310<\001\357S1\366" {
  cltt 3 2023/08/02 04:01:08;
  iaaddr 2a02:168:a774::bdcb {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:01:08;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 04:07:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:07:11;
  }
}

Maurice · August 02, 2023, 11:40:20 AM

RA mode set to "Assisted" means devices can request an address via DHCPv6 and can also autoconfigure addresses (two for most devices - one based on the interface identifier and one temporary random one for privacy reasons). That's exactly what you can see in the screenshot of the client. Works as intended.

If you only want DHCPv6 addresses, set the RA mode to "Managed". But be aware that many devices don't support DHCPv6, so DHCPv6-only is usually not recommended.

Morta · August 02, 2023, 05:17:32 PM

Seems to work. The long IPv6 prefix is disappeared and the DHCPV6 serves only one dynamic IPv6 from the range to the clients. It's not IPv6 only. Thanks for the inputs.

Morta · August 02, 2023, 07:09:06 PM

One question more... Why are the static and dynamic leases not shown in the NDP table of DHCPv6 in spite of applied the two patches from the other thread?

DHCPv6 range

Morta

August 01, 2023, 09:04:57 PM Last Edit: August 01, 2023, 09:07:13 PM by Morta

Maurice

August 01, 2023, 11:37:11 PM #1 Last Edit: August 01, 2023, 11:41:51 PM by Maurice

Morta

August 02, 2023, 04:16:24 AM #2

Morta

August 02, 2023, 04:21:21 AM #3

cstevens

August 02, 2023, 04:53:48 AM #4

cstevens

August 02, 2023, 04:56:36 AM #5 Last Edit: August 02, 2023, 05:01:19 AM by cstevens

Morta

August 02, 2023, 04:59:46 AM #6

Morta

August 02, 2023, 05:07:38 AM #7

Morta

August 02, 2023, 05:13:47 AM #8 Last Edit: August 02, 2023, 05:16:04 AM by Morta

cstevens

August 02, 2023, 05:30:21 AM #9 Last Edit: August 02, 2023, 05:37:43 AM by cstevens

Morta

August 02, 2023, 06:09:07 AM #10

Maurice

August 02, 2023, 11:40:20 AM #11

Morta

August 02, 2023, 05:17:32 PM #12

Morta

August 02, 2023, 07:09:06 PM #13