Project

General

Profile

Feature #8173

dhcp6c - RAW Options

Added by Martin Wasley over 1 year ago. Updated 9 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
12/09/2017
Due date:
% Done:

0%

Estimated time:

Description

The lack of available options in dhcp6c prevents pfSense from being used with certain ISPs.

For example, Orange France require three options to be sent that are not currently supported in dhcp6c.

I have now issued a PR upstream at hrs-allbsd/wide-dhcpv6 that allows the use of the Keyword RAW as an option. Here is an example of a part of the config file when using the RAW options.

  1. User class "+FSVDSL_livebox.Internet.softathome.Livebox3";
    send raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:33;
  2. Vendor class "sagem"
    send raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d;
  3. Authentication
    send raw-option 11 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:65:78:61:6d:70:6c:65;
  4. IA-PD
    send ia-pd 0;
  5. Requests : authentication, domain-name, domain-name-servers;
    send raw-option 6 00:0b:00:11:00:17:00:18;

Several users have been using the modified version of dhcp6c for several months with no issues, but obliviously it would be better if the version of dhcp6c that ships with pfSense supported this 'out of the box'.

History

#1 Updated by Martin Wasley over 1 year ago

Sorry, that's not looking at what I have written... the keyword is raw-option in the config, not RAW.

#2 Updated by Jim Pingle over 1 year ago

  • Description updated (diff)

#3 Updated by frederic lubrano 12 months ago

Hello,

view patch https://github.com/opnsense/dhcp6c

his is the WIDE-DHCPv6 client maintained by the OPNsense project.

Improvements include the following:

- Reload the client configuration on SIGHUP
- Removed all unused binaries except dhcp6c
- Raw option send and receive support

Thanks

#4 Updated by frederic lubrano 12 months ago

The improvement request https://redmine.pfsense.org/issues/8173 is essential for IPv6 authentication for Orange (France, UK, Spain, ...),
this method of authentication via DHCPv6 this generalizes to European ISPs. For IPv4, the problem is solved by upgrading https://redmine.pfsense.org/issues/7425.
For your information, this is not a problem for Opensense https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html / https://github.com/opnsense/dhcp6c.
We have no problem, on solutions PaloAlto, Fortinet, ....

To summarize Pfsense allows authentication with IPv4 but not with IPv6, it's really a pity ☹ ☹ ☹

Thanks for the helps.

best regards,

fred

#5 Updated by Jim Pingle 9 days ago

  • Category set to Interfaces

Also available in: Atom PDF