Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] Stateless DHCPv6 support missing?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Stateless DHCPv6 support missing? (Read 7446 times)
Maurice
Hero Member
Posts: 1213
Karma: 158
[SOLVED] Stateless DHCPv6 support missing?
«
on:
November 20, 2017, 01:03:53 am »
Hello all,
This is my first post!
I'm currently virtualizing a router by migrating from an old embedded Linux box to a fresh install of OPNsense 17.7.7_1 in a Hyper-V VM. Pretty straightforward so far, but now I'm stuck at setting up stateless DHCPv6 for the LANs.
In the existing setup, clients use SLAAC for address autoconfiguration. Clients which don't support the RDNSS / DNSSL options in RAs (like older Windows versions) use stateless DHCPv6 for DNS server and domain information.
In OPNsense, the Router Advertisement "Assisted" mode seems to be the only one which sets the required A and O flags in RAs. But it also sets the M flag which indicates stateful DHCPv6. There seems to be no "A + O flag only" mode. Also, the DHCPv6 server can not be enabled unless you specify an address range.
I've never used an IPv6 router which doesn't support this, so I'm not sure whether this is really missing or I just can't figure out how to configure it (these are my first steps with OPNsense).
Thanks
Maurice
«
Last Edit: December 07, 2017, 02:58:23 pm by franco
»
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Stateless DHCPv6 support missing?
«
Reply #1 on:
November 20, 2017, 07:36:56 am »
Hi Maurice,
Forgive me for not being able to follow. What configuration combination is wrong and how can we flip the radvd config to the expected behaviour?
Cheers,
Franco
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Stateless DHCPv6 support missing?
«
Reply #2 on:
November 20, 2017, 01:15:18 pm »
Hi Franco,
I wouldn't say something is wrong, but something is missing. I did some more research and it seems that this was added to pfSense after the fork:
https://github.com/pfsense/pfsense/pull/1033
Maybe this can be added to OPNsense, too?
Background: There are 3 flags in RAs relevant for address configuration and optional information (DNS servers, domain search list etc.):
The A flag tells the client to autoconfigure an address using SLAAC.
The O flag tells the client to query a stateless DHCPv6 server for optional information.
The M flag tells the client to query a stateful DHCPv6 server for an address.
In
Services / DHCPv6 / Advertisements
there are 4 operating modes:
Router Only
sends RAs without any of these flags. Clients have to be configured in another way.
Unmanaged
sets the A flag only. Clients may autoconfigure an address and use the RDNSS / DNSSL options in RAs to get DNS servers and domain search list.
Managed
sets the M + O flags. Clients may query a stateful DHCPv6 server for an address and all the optional information.
Assisted
is like
Managed
but additionally sets the A flag so clients may autoconfigure an address (in additon to the address they get from DHCPv6).
What is missing is a mode which sets the A + O flags, indicating that clients may autoconfigure an address and query a stateless DHCPv6 server for optional information only.
Also, it should be possible to enable the DHCPv6 server (
Services / DHCPv6 / Server
) without specifying an address range so it is running in stateless mode.
Thanks
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Stateless DHCPv6 support missing?
«
Reply #3 on:
November 20, 2017, 09:28:35 pm »
Hi Maurice,
Thank you for the context! How about this then?
https://github.com/opnsense/core/commit/38c1daa
Apply from the console via:
# opnsense-patch 38c1daa
Run again to remove or revert back to a known state:
# opnsense-revert opnsense
Cheers,
Franco
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Stateless DHCPv6 support missing?
«
Reply #4 on:
November 22, 2017, 03:38:27 am »
Hi Franco,
Wow, that was quick! I'm seriously impressed.
Initially the patch failed to install, but I figured out I had to apply 97c4edf first. Then it worked.
Flags in RAs are looking good now and the DHCPv6 server can be enabled without specifying an address range.
Going further, there seem to be multiple issues with incorrect or missing RDNSS / DNSSL options in both RAs and DHCP replies. I'll investigate that in more detail and report back.
Thanks again!
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Stateless DHCPv6 support missing?
«
Reply #5 on:
November 22, 2017, 06:09:13 am »
Hi Maurice,
Thanks, I totally forgot about 97c4edf. Nice catch.
Just let me know what we are still missing and then we can ship the whole batch of improvements in a subsequent 17.7.x.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Stateless DHCPv6 support missing?
«
Reply #6 on:
December 07, 2017, 02:58:14 pm »
This was shipped today in 17.7.9.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] Stateless DHCPv6 support missing?