IPv6

Hi brushedmoss,

I just found another DHCPv6 issue that you may want to take a look at.

I reserved an IPv6 address within my DHCPv6 pool for a specific client using the DHCP Server > Reservations config page. My DHCPv6 pool is 2004::2 through 2004::50. The reservation I made was for client MAC 33:33:33:33:44:55 to IPv6 address 2004::3.

I then connected multiple DHCPv6 clients to the m0n0wall router with different MAC addresses (none of them had a MAC of 33:33:33:33:44:55). One of these clients obtained the 2004::3 reserved address. So the issue seems to be that the DHCPv6 reservation process does not work as expected.

The strange thing is that my dhcpv6 server config looks good - see the output from exec.php:

$ cat /var/etc/dhcp6s.em0.conf
   
option domain-name "local";
option domain-name-servers 2004::1;


interface em0 {
   preference 255;
   address-pool poolem0 7200 86400;
};

pool poolem0 {

        range 2004::2 to 2004::50 ;
};

host m0n0wall {
        duid 08:00:27:8a:d4:c9;
        address 2004::1 infinity;
};
host reserved0 {
        duid 33:33:33:33:44:55;
        address 2004::3 7200;

};  

What is the Client OS ?

It appears windows 7 and vista use a MS genereated duid instead of duid-ll or duid-llt (or even duid-en), so dhcp6s can't match the reservation.

Specifying the full duid in the config works, but this is quite a long number and unfriendly (plus needs a gui change for the reservation element of m0n0).

Thank you very much for your filter.inc, dhcp is working now for me !

I know dhcpv6 reservation problem due to use of DUID (not MAC address like ipv4), where find it, value OS dependent, etc..
Do you confirm that GUI is not ready for DUID and for dhcp lease ?
Do exec.php permit found and list ipv6 dhcp leases?

Thx !

Giancarlo

if the OS uses duid-ll or duid-llt, then just the mac is required in the reservation as the dhcp server can reference the duid from this, but for other OS's you need the full duid

There is now support for duid entering

http://svn.m0n0.ch/wall/branches/freebsd6/phpconf/inc/services.inc
http://svn.m0n0.ch/wall/branches/freebsd6/phpconf/inc/util.inc
http://svn.m0n0.ch/wall/branches/freebsd6/webgui/services_dhcp_edit.php

upload with /exec.php and copy with

cp /tmp/*.inc /etc/inc
cp /tmp/*.php /usr/local/www

This dhcp6 server doesn't support holding the leases in a db, so on restart it can allocate addresses to people already using them :-( , also to get a list of leases you would have to enable debugging and parse the output, or collect to a file.

As we are keeping m0n0wall as small as possible, we are using dhcp6s (wide dhcp6) which is much smaller footprint but has less features than ISC dhcp for example.

Consider using it for DNS and other options only, and using auto configuration for the client ip if this is a problem for you. (i.e. select the O flag and not the M flag on the RA announce).

Great, I will try it.

I know that radv support RNDDNS option, so dhcp only for DNS is not so usefull for my network.

A very important feature of dhcp is DNS dynamic update in a enterprise network to track client activity.
Do you think that dhcp6s  will offer this feature?
To avoid installation of another server in parallel to Monowall to host Dhcp-ISC (like my network now), can I customize Monowall with dhcp-ISC?

Thx a lot for your time ! 

Giancarlo

The RA daemon in m0n0wall doesn't support giving DNS options, and AFAIK, client side support for receiving this information and configuring the client doesn't exist in windows or mac etc.  Hence using dhcpv6.

You could customize m0n0wall to do dns updating, by using dhcp6s debug to a log and a cron job to take this into the dns forwarder in m0n0wall (dnsmasq).

You can customize m0n0wall to add ISC dhcp, but it won't fit in the existing image size (unless you want to delete other stuff), you would need to expand the image size too.  This isn't too much of a problem if you know what you are doing, there are some guides in the forum.  so aswell as adding isc dhcp, you would need to add code to make the v6 configs for isc , and some function changes to start it, instead of dhcp6s. 

MK hopes to move m0n0 to a newer file system and structure, maybe to freebsd 8, and consider overhauling captive portal etc.  Somewhere in there we could consider making the base image bigger, which would allow newer versions of ISC and snmp too....  but there is no date set.

Oh, haven't been here for a while..

I can't get either DHCP or RA to work..
Perhaps it's time to reinstall and see if that helps
I'm using a tunnel /64 and have a /48 on the inside. But RA isn't working.
Getting some grey hairs here..

/L

Subnet the /48 into /64's or further for RA to work.  Quickest way to do this is just use /64 as the mask instead of /48.  In 1.31 this is explictly in the notes for the RA

 
YES!

It works! Thank you very very much!

BTW, when will 1.31 be available?

Released today