Bug #3450
closedDHCPv6 Lease Status shows no Leases
0%
Description
Viewing DHCPv6 Leases under the Status menu shows no active or configured leases, despite multiple devices on LAN having DHCPv6-assign addresses within the DHCPv6 pool range.
Files
Updated by Vinícius Zavam over 10 years ago
2.1.2-RELEASE (amd64)
- same issue as the original incident report
- DHCPv6 Leases page is empty
- NDP Table shows acquired addresses
- small /64 IPv6 networks in one intel NIC (em) using VLAN
- two DHCPv6 running
- DHCP for IPv4 is also running on each VLAN
How to Reproduce?
DHCPv6 Server/RA (for one /64 network)
- Subnet = 2001:db8:fb5d:2014::/64
- Range = 2001:db8:fb5d:2014:: 2001:db8:fb5d:2014:ffff:ffff:ffff:ffff
- Prefix Delegation Range (empty)
- Prefix Delegation Size (64)
- DNS? Give it a chance to Google's :)
- Change DHCPv6 display lease time from UTC to local time.
- Router Advertisements (Assisted)
- Router Advertisements DNS (Use same settings as DHCPv6 server)
Will my pfSense Work as IPv6 Router?
- yeah!
- the hosts behind your pfSense will reach the dangerous Internet world :)
NOTE
It may be obvious, but...
- RFC3849 addresses will not be routed to reach Internet hosts!
- Please use a valid IPv6 pool/network/range to test this setup ont the Internet.
- Of course there's no NAT!
- Advanced Outbound NAT was set to Manual for running IPv4 networks.
Updated by Vinícius Zavam over 10 years ago
2.1.5-RELEASE (amd64)
- DHCPv6 Server seems to be not in a good shape
- it works only if RA is enable, but RA must be as Assisted mode
- the default route for the DHCP clients is the pfsense's "fe80::" address
- RA does not work as Managed mode
- it doesn't matter if it's getting same DNS configurations from the DHCPv6 or not.
root@pfsense# pfctl -sr -i em2 -v
... pass quick on em2 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server" [ Evaluations: 688 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] pass quick on em2 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] pass quick on em2 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] pass quick on em2 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server" [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] pass in quick on em2 inet6 proto udp from fe80::/10 to 2001:db8:fb5d:2014::1 port = dhcpv6-client keep state label "allow access to DHCPv6 server" [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] pass out quick on em2 inet6 proto udp from 2001:db8:fb5d:2014::1 port = dhcpv6-server to fe80::/10 keep state label "allow access to DHCPv6 server" [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 75200 ] ...
From the firewall log page (https://pfsense/diag_logs_filter.php), it was possible to see blocked connections from a host trying to send requests on em2 (LAN) from fe80::15c3:7ddc:ae9b:45cd port 546 to ff02::1:2 port 547. Even after using the "Easy Rule: Pass this traffic" button to allow this kind of traffic.
A new Floating rule, created as test purpose, was added to pass (quick) inet6 traffic on em2 (LAN) from fe80::/10 to ff02::/16 proto UDP. Same thing happened! The DHCPv6 traffic/messages was blocked.
NOTE: The last two rules for this LAN interface are rules to block and log all (any) traffic. One rule for IPv4 and another one for IPv6.
Updated by Vinícius Zavam over 10 years ago
Quick Update: I am using RFC3849 (2001:db8::/32) address space here, but all IPv6 addresses I own to configure the pfSense machine here are from the Global Unicast range.
A better way for you guys to see how it's the scenario:
- 2001:db8:fb5d::/48
- WAN Subnet = 2001:db8:fb5d:ce::/64
- Address 2001:db8:fb5d:ce:f1a::45
- Upstream Gateway 2001:db8:fb5d:ce::f1a
- LAN Subnet = 2001:db8:fb5d:2014::/64
- Address 2001:db8:fb5d:2014::1
- Upstream Gateway none
- WAN Subnet = 2001:db8:fb5d:ce::/64
- DHCPv6 Settings
- WAN
- Disabled!
- LAN
- Enable DHCPv6 server on LAN interface
- Subnet 2001:db8:fb5d:2014::
- Subnet mask 64 bits
- Available range 2001:db8:fb5d:2014:: - 2001:db8:fb5d:2014:ffff:ffff:ffff:ffff
- -
- Range 2001:db8:fb5d:2014:: - 2001:db8:fb5d:2014:ffff:ffff:ffff:ffff
- Prefix Delegation Range blank to blank
- Prefix Delegation Size 64
- DNS Servers
- 2001:db8:fb5d:2014::1
- 2001:db8:fb5d:ce:f1a::33
- Change DHCPv6 display lease time from UTC to local time.
- NTP Servers
- 2001:db8:fb5d:2014::1
- 2001:db8:fb5d:ce:f1a::46
- WAN
- Router Advertisements
- WAN
- Disabled
- Router Priority Low
- LAN
- Managed
- Router Priority Normal
- DNS
- Use same settings as DHCPv6 server
- WAN
Updated by Vinícius Zavam about 10 years ago
- File Diagnostics_NDP_Table_2014-10-01_18-02-13_BRT.png Diagnostics_NDP_Table_2014-10-01_18-02-13_BRT.png added
- File Status_DHCPv6_leases_2014-10-01_17-57-40_BRT.png Status_DHCPv6_leases_2014-10-01_17-57-40_BRT.png added
Manual Action is Needed!
- pfSense's "DHCPv6 Leases" page can show the hosts after that.
# dhclient -6 eth0 # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:2a:3f:92 inet addr:172.16.0.13 Bcast:172.16.0.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe2a:3f92/64 Scope:Link inet6 addr: fd00:2001:db8:fb5d:185d:e6bb:99bc:12e4/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:356 errors:0 dropped:0 overruns:0 frame:0 TX packets:225 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43691 (43.6 KB) TX bytes:37547 (37.5 KB)
How to Reproduce?
- Read the last feedbacks on this page :)
- Set a small network using VirtualBox...
- Put just the basic configurations to start DHCPv6 (server) + RA.
- It's alive!
There's a screenshot here that shows the client machine (ubuntu-14.10-i386) listed on "DHCPv6 Leases" page. The other screenshot you can see here is from the "NDP Table" page (the other client machine is a freebsd-10.1-beta1-i386).
pfSense as "DHCP Forwarder"
If we choose RA as Managed, it would be sweet to put pfSense as the primary DHCP server on the network by default. No? Than the user/admin can change it, if needed. This change looks like the Assisted mode, but... why does pfSense keeps the DHCPv6 up and running if it's known/possible to have another server on the net?
Updated by Vinícius Zavam about 10 years ago
pfSense used in notes #4 was i386/32bit.
Updated by Chris Buechler about 10 years ago
- Status changed from New to Rejected
I don't see any actual bugs here. All DHCPv6 leases are shown in every instance I've seen. Whether they're "active" status depends on whether the host has used that IP recently enough for it to be in the NDP table. Depending on whether you're having your clients use DHCPv6 only or also SLAAC and the configuration of the clients themselves will determine what IPs the clients use. Far more clients support SLAAC than DHCPv6, though that's changing, it's a near certainty that's where the other devices are getting their IPs. The other comments are misunderstandings about how things should work with v6 in general.
On the original issue, if you can show a dhcpd6.leases file that doesn't match the status page, that would be a valid bug report. Start a new one since this has become a mess of unrelated stuff. The rest of everything discussed in this thread needs to be discussed on the forum or mailing list first, where someone should be able to help you figure things out.
Updated by Jose Baars over 8 years ago
Hi,
See attached screen dump.
A lease file with a lease but nothing showing on the leases page.
Being an absolute noob, I have maybe overlooked a lot of things, but this looks to me as a bug.
Updated by Jose Baars over 8 years ago
Nonsense. Sorry to bother. Just had anactual lease com in. And it works.