DHCP6C Custom DUID per interface

[jxlarrea]

Is there any way to set a custom DUID *per interface* when requesting a prefix via IPv6 PD?

Currently, a single global DUID is used for all WAN interfaces.

Thanks!

[jxlarrea]

Just in case anyone else is interested in the future:

I got it working by modifying the dhcp6c code, compiling and installing it on my opnsense box.

The code basically reads the DUID from /var/db/dhcp6c_duid_ifname, where ifname is the name of the interface. If the file is not found, it will use the original /var/db/dhcp6c_duid file.

Be aware that my knowledge of C is primitive at best and the code is certainly ugly and dirty - but works.

Now, the reason for this: my trash tier ISP only provides 2 /64 prefixes. I have 4 VLANs so this is a problem.

With this modification, I can plug my ONT into a switch and from the switch connect to 2 or more interfaces into my OpnSense box. The first interface (WAN) handles IPv4 plus 2 IPv6 prefixes for 2 VLANs. The second interface (WAN2) only handles IPv6 for the 2 other VLANs.

Anyway, hopefully this functionality is implemented natively in OpnSense in the future. It really helps with garbage ISPs like mine.

[franco]

> I got it working by modifying the dhcp6c code, compiling and installing it on my opnsense box.

I'm a little rusty on the details but I'm relatively sure this being unique per device is intentional.


Cheers,
Franco

[patient0]

DUID is supposed to be unique per device, not per interface. DUID + IAID is for identifing a single interface (See https://datatracker.ietf.org/doc/html/rfc3315#section-10).

Did you try to set different interface IDs in the DHCPv6 client config for the WANs (Configuration Mode 'Advanced') and see if you get different prefixes for the two WANs?

There are ISP who don't do IPv6 well but not sure that dhcp6c will be changed to violate RFCs.

[jxlarrea]

DUID is supposed to be unique per device, not per interface. DUID + IAID is for identifing a single interface (See https://datatracker.ietf.org/doc/html/rfc3315#section-10).

Did you try to set different interface IDs in the DHCPv6 client config for the WANs (Configuration Mode 'Advanced') and see if you get different prefixes for the two WANs?

There are ISP who don't do IPv6 well but not sure that dhcp6c will be changed to violate RFCs.

I did try different interface IDs and many other things but unfortunately if I try to request more than 2 /64 prefixes, no matter the settings, the server won't reply at all.  Only per interface DUIDs made it work.

[jxlarrea]

> I got it working by modifying the dhcp6c code, compiling and installing it on my opnsense box.

I'm a little rusty on the details but I'm relatively sure this being unique per device is intentional.


Cheers,
Franco

I'm sure it is! But this "workaround" would really help people only getting a single /64 prefix.

[Monviech (Cedrik)]

Isn't there an ISP to choose from that sucks a little less? I wouldn't pay for bad service like that if theres at least one more option even if more expensive.

[jxlarrea]

Isn't there an ISP to choose from that sucks a little less? I wouldn't pay for bad service like that if theres at least one more option even if more expensive.

I wish that was the case. My current ISP is the best in my area when it comes to reliability and bandwidth. Unfortunately, they are clueless when it comes to IPv6.

After several weeks of trying to find someone to talk to that even knows what Prefix Delegation is, their proposed solution was to upgrade to one of their $2000/month corporate plans (currently paying $130 for 1.2Gbps) that would provide me the same bandwidth plus 5 /64 prefixes. LMAO.

Anyway, my dhcp6c hack is working wonderfully, so, screw them.