dhcpd: Log pollution

Started by direx, April 13, 2019, 11:25:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 13, 2019, 11:25:01 AM
Hi,

I am using IPv6 on my OPNsense box (dynamic prefix, with prefix tracking on LAN interface). I am not using any manual IPv6 configuration.

What bugs me a little is that every 10 second I am getting a log message for each client on my network in /var/log/dhcpd.log:

Code Select

Apr 13 09:03:26 opnsense dhcpd: Information-request message from fe80::96de:80ff:fe79:xxxx port 546, transaction ID 0x87D31C00
Apr 13 09:03:26 opnsense dhcpd: Sending Reply to fe80::96de:80ff:fe79:xxxx port 546


Does anybody know what is up with that? Does that really need to show up in the log? As I said these messages are logged every 10 seconds for almost every IPv6 client on my network (except Android clients).

I am a little worried about my flash media here because this really causes a lot of writes.
April 13, 2019, 11:44:54 AM #1
You could assign logs to ram, that will prevent the writes to flash. Goto System:Settings:Miscellaneous: Disk/Memory and select Use memory file system for /var.


It does mean that the log files will be in volatile and a hard reset will wipe them, not a major issue for many users.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 14, 2019, 12:24:51 PM #2
Hi,

thanks, that /var trick would work around the flash issue.

I would like to know though why these Information-request messages are logged in the first place every ten seconds. This still looks like something is broken.


- direx

April 14, 2019, 06:00:38 PM #3
Find the device fe80::96de:80ff:fe79:xxxx and take it offline. If the logs are then quiet you have found the culprit. Think a friend of mine once had a similar issue, turned out to be an Apple Airport causing the problem.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 14, 2019, 06:46:50 PM #4
Quote from: marjohn56 on April 14, 2019, 06:00:38 PM
Find the device fe80::96de:80ff:fe79:xxxx and take it offline.

It's not just a single device, it's literally all of the computers on my network.

But I found out what is causing this:

By default OPNsense configures radvd to send RAs every ten seconds. Since by default the RAs are of type "stateless" (Statless Autoconfig and optional DHCPv6 Server queries"), whenever a RA is received by the clients they query the DHCPv6 server for additional information (such as DNS servers). I am not sure if that is a bug or a feature, but I think sending DHCPv6 queries every ten seconds is a bit too much.

There are two workarounds (I personally use use both now):


  • Increase the RA interval (radvd default is 600, OPNsense uses 10)
  • Use completely unmanaged  Router Advertisements (no DHCPv6 at all, not even for additional information)

You can define the RA type and interval on a per-interface basis by selecting "Allow manual adjustment of DHCPv6 and Router Advertisements" for every interface. You can then configure "Router Advertisements" under "Services".

I chose to increase the RA interval to 30 seconds (that's the default interval which Cis*o recommends) and I also set the RA type to unmanaged. Now these log messages have disappeared completely. And I don't need a DHCPv6 running at all.  :)
Print
Go Up Pages1
User actions