Bug #16133
open
DHCPv6 not issuing IPv6 addresses with RA set to managed or assisted
0%
Description
Have updated from a working CE 2.7.2 config using ISC DHCP and where RA advertisements are set to Assisted mode. In 2.7.2 all clients received a valid SLAAC address and a valid DHCPv6 address. Static DHCPv6 allocations worked fine.
After the upgrade to the beta of 2.80 (2.8.0.b.20250407.1736.1500029) with no change to the configuration results in no DHCPv6 addresses being handed out. SLAAC still works.
Changing the RA mode to Managed results in no addresses other than link-local being assigned to the clients.
Changing to Kea DHCP has no effect on the above results.
DHCPv6 prefixes on all LAN-side networks are set to track the WAN prefix.
Files
Updated by Warren Linton 6 days ago
Marcos M wrote in #note-1:
I'm not able to reproduce this. I set up pfSense upstream with Kea DHCPv6 Server and managed RA. Then I verified that the downstream pfSense CE 2.7.2 client received leases as expected. After upgrading the client to 2.8.0, the address was still leased and on the interface. I then cleared the lease upstream and toggled the client's IPv6 config (set to None, save/apply, set to DHCP6, save/apply). The client - pfSense CE 2.8.0 - was still able to get a lease.
It is the upstream pfSense box that was upgraded from 2.7.2 to 2.8.0. The downstream clients are Windows 11 machines and Apple iPhones. It is the Windows 11 boxes and iPhones that do not get a DHCPv6 lease.
Probably worth mentioning that pfSense runs as a VM on Proxmox using virtio interfaces.
Updated by Marcos M 6 days ago
I mixed up my comment with notes from another test, apologies. I'll remove it and clarify here:
- pfSense 2.7.2 VM with DHCPv6 Server and managed RA leasing to a pfSense+ 25.03 VM and Windows 11 VM.
The 25.03 VM's WAN is configured for DHCP6. - Upgrade 2.7.2 VM to 2.8.0.
- The 25.03 VM still has a working lease. I toggled the 25.03 WAN config between None/DHCP6 to force the requests; the 25.03 VM picked up the lease again.
- Tested with a Windows 11 client as well - it also received a lease form the pfSense CE 2.8.0 DHCPv6 Server.
Updated by Warren Linton 6 days ago
Thanks. I'll run some packet captures and have a closer look at what is going on.
Updated by Warren Linton 5 days ago
- File dhcpv6 pfsense 2.7.2 actual packets filtered.pcapng dhcpv6 pfsense 2.7.2 actual packets filtered.pcapng added
- File dhcpv6 pfsense 2.8.0 actual packets ISC filtered.pcapng dhcpv6 pfsense 2.8.0 actual packets ISC filtered.pcapng added
- File dhcpv6 pfsense 2.8.0 actual packets KEA filtered.pcapng dhcpv6 pfsense 2.8.0 actual packets KEA filtered.pcapng added
Have attached 3 packet captures from a Windows 11 client. The first is from the original 2.7.2 system. You can see the RA messages and a release of the IPv6 address followed by the reacquisition of the IPv6 address - as it should be. Then there are two captures from after the upgrade to 2.8.0. The first with ISC and then after a change to KEA providing the DHCP service. There is no response to the solicit packet in either. The filtering was done using "dhcpv6 || icmpv6.type == 134" in wireshark.
What I did notice was directly after the upgrade, the RADVD service needed restarting. You can see that in the 2.8.0 ISC file where RA packets only started arriving halfway through the capture.
I have restarted the DHCP service to see if that fixed it but with no result.
So, at this stage I think the issue is something blocking the solicit packet getting to the DHCP service (new default firewall rule perhaps?) rather than an issue in RADVD (although needing to do the restart of the service indicated a separate problem).
Updated by Marcos M 5 days ago
It'd be best to continue the discussion on the forum for now - please open a thread there:
https://forum.netgate.com/category/93/ce-2-8-0-development-snapshots
Below is a link you can use to share the full PCAPs as well as the System and DHCP logs so we can get a better idea about what may be happening:
https://nc.netgate.com/nextcloud/s/dte9FdAQSEHdyFY
Updated by Warren Linton 5 days ago
Thanks. Have uploaded the full pcaps and logs. Will continue on the forum.