Archive > 19.7 Legacy Series
IPv6 DUID-EN Support
gstuartj:
My ISP requires DUID-EN support for IPv6 prefix delegation to work correctly. This involves setting an enterprise number, along with an identifier. pfSense supports DUID-EN, as does the DHCPv6 service used in OPNSense.
I found this closed GitHub issue about DUID-EN support, but although it was added to the 19.1 milestone I can't seem to find this functionality in the latest dev branch release. (OPNsense 19.7.a_442-amd64)
Am I missing something, or does DUID-EN support not exist? If not, will it be supported in the near-future? I can't run a functional IPv6 stack without it. Thanks!
gstuartj:
Figured it out when I expanded the info for the DUID textarea in Interface>Settings. For posterity: OPNSense does support DUID-EN, but it will not generate it for you from the decimal enterprise number + hex ID. You must generate the DUID-EN manually and the form validation will accept it.
franco:
Hi there,
Indeed. Not sure why EN generation was left out. Are there any best practices for generating such a DUID? Maybe we can add it too.
Cheers,
Franco
gstuartj:
Sure, it's not actually difficult, I just wasn't sure that it would accept a manually formatted string. Having it do the conversion in the UI would be helpful.
With DUID-EN you have two pieces of static info: the enterprise number (e.g., 3562) and the identifier (e.g., xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx). These are assigned by the ISP/enterprise.
* First, we have to indicate that this is a type 2 DUID (EN) by prepending two octets: "00:02"
* Then, we have to convert the decimal enterprise number to hex and format it as four octets, so "3562" becomes "00:00:0D:EA". Append it to the type indicator.
* Lastly, we have to append the DUID identifier.So the final DUID-EN string for the DHCPv6 client becomes: "00:02:00:00:0D:EA:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
marjohn56:
EN was in the original PR I did, I thought you left it out when you cherry picked the PR as technically it needs to be registered like Cisco xxx etc.
Navigation
[0] Message Index
[#] Next page
Go to full version