Feature #8173
opendhcp6c - RAW Options
0%
Description
The lack of available options in dhcp6c prevents pfSense from being used with certain ISPs.
For example, Orange France require three options to be sent that are not currently supported in dhcp6c.
I have now issued a PR upstream at hrs-allbsd/wide-dhcpv6 that allows the use of the Keyword RAW as an option. Here is an example of a part of the config file when using the RAW options.
- User class "+FSVDSL_livebox.Internet.softathome.Livebox3";
send raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:33; - Vendor class "sagem"
send raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d; - Authentication
send raw-option 11 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:65:78:61:6d:70:6c:65; - IA-PD
send ia-pd 0; - Requests : authentication, domain-name, domain-name-servers;
send raw-option 6 00:0b:00:11:00:17:00:18;
Several users have been using the modified version of dhcp6c for several months with no issues, but obliviously it would be better if the version of dhcp6c that ships with pfSense supported this 'out of the box'.
Updated by Martin Wasley about 7 years ago
Sorry, that's not looking at what I have written... the keyword is raw-option in the config, not RAW.
Updated by frederic lubrano over 6 years ago
Hello,
view patch https://github.com/opnsense/dhcp6c
his is the WIDE-DHCPv6 client maintained by the OPNsense project.
Improvements include the following:
- Reload the client configuration on SIGHUP
- Removed all unused binaries except dhcp6c
- Raw option send and receive support
Thanks
Updated by frederic lubrano over 6 years ago
The improvement request https://redmine.pfsense.org/issues/8173 is essential for IPv6 authentication for Orange (France, UK, Spain, ...),
this method of authentication via DHCPv6 this generalizes to European ISPs. For IPv4, the problem is solved by upgrading https://redmine.pfsense.org/issues/7425.
For your information, this is not a problem for Opensense https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html / https://github.com/opnsense/dhcp6c.
We have no problem, on solutions PaloAlto, Fortinet, ....
To summarize Pfsense allows authentication with IPv4 but not with IPv6, it's really a pity ☹ ☹ ☹
Thanks for the helps.
best regards,
fred
Updated by Nigel Smith almost 3 years ago
Is there any workaround for this? I'm experiencing problems because this isn't implemented - with Orange in FR. I've seen some reports that others have installed the opnsense version on their devices, but I haven't been able to find anything concrete. All advice appreciated.
Updated by Tue Madsen over 2 years ago
Please let us have these features added to pfSense. Half of france is using OPNsense because nothing happens on this issue with pfSense.
I'm running with a patched dhcpv6 to resolve this issue, but that can't be right i 2022
Updated by Paul M over 2 years ago
I have added a PR with the changes of the dhcp6 client : https://github.com/pfsense/FreeBSD-ports/pull/1181
Until the changes are reviewed / applied, you can look my github if you want the dhcp6 client compiled and learn how to make it by yourself for FreeBSD 12.2 armv7 : https://github.com/Superpaul209/dhcp6c-armv7
You can also look this repo https://ftp.yrzr.tk/opnsense/ to download dhcp6c for aarch64.
I hope pfsense devs will update this client asap because we really need those features...
Updated by Sylvain A over 1 year ago
Hi there. This seems a pretty old request, but still no change so far.
Some ISP actually require to send specific raw options to be able to get an IPv6. So far it was working by swapping the pfsense dhpc6c binary with the one coming from opnsense, but this is not a satisfactory solution (but which is still working to date with the last pfsense plus version).
Updated by eeee cccc 2 months ago
Hello,
I confirm some ISP actually require to send specific raw options to be able to get an IPv6. 4 solutions to resolve this issue:
- Replace the binary (but need to replace this binary after each update, and this binary could be not compatible with the future updates)
- Replace WIDE-DHCPv6 client maintained by the OPNsense project, directly in the pfsense code source
- Add WIDE-DHCPv6 client and keep legacy DHCP binary and add radio buttons to switch beetween the 2 options (same model as HDCP Server Backend, between Kea and ISC)
- Install OPNsense instead of Pfsense
The best solution for me is the third (have 2 options with radio buttons), or maybe the second. What do you think ?