Archive > 19.7 Legacy Series

IPv6 DUID-EN Support

(1/5) > >>

gstuartj:
My ISP requires DUID-EN support for IPv6 prefix delegation to work correctly. This involves setting an enterprise number, along with an identifier. pfSense supports DUID-EN, as does the DHCPv6 service used in OPNSense.

I found this closed GitHub issue about DUID-EN support, but although it was added to the 19.1 milestone I can't seem to find this functionality in the latest dev branch release. (OPNsense 19.7.a_442-amd64)

Am I missing something, or does DUID-EN support not exist? If not, will it be supported in the near-future? I can't run a functional IPv6 stack without it. Thanks!

gstuartj:
Figured it out when I expanded the info for the DUID textarea in Interface>Settings. For posterity: OPNSense does support DUID-EN, but it will not generate it for you from the decimal enterprise number + hex ID. You must generate the DUID-EN manually and the form validation will accept it.

franco:
Hi there,

Indeed. Not sure why EN generation was left out. Are there any best practices for generating such a DUID? Maybe we can add it too.


Cheers,
Franco

gstuartj:
Sure, it's not actually difficult, I just wasn't sure that it would accept a manually formatted string. Having it do the conversion in the UI would be helpful.

With DUID-EN you have two pieces of static info: the enterprise number (e.g., 3562) and the identifier (e.g., xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx). These are assigned by the ISP/enterprise.

* First, we have to indicate that this is a type 2 DUID (EN) by prepending two octets: "00:02"
* Then, we have to convert the decimal enterprise number to hex and format it as four octets, so "3562" becomes "00:00:0D:EA". Append it to the type indicator.

* Lastly, we have to append the DUID identifier.So the final DUID-EN string for the DHCPv6 client becomes: "00:02:00:00:0D:EA:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

marjohn56:
EN was in the original PR I did, I thought you left it out when you cherry picked the PR as technically it needs to be registered like Cisco xxx etc.

Navigation

[0] Message Index

[#] Next page

Go to full version