Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 3 subscribers
  • Views 1941 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCPv6 Relay configuration allows only interface, however, unicast is needed for multi-hop setup

rbremer

To whom it may concern,

I have been fighting with DHCPv6 addresses in an UTM2UTM network for quite some time now. DHCPv6 relay works great in the datacenter locations, but never worked in the remote sites. I finally figured out why.

The UTM uses the DHCRELAY daemon from ISC, which allows for operation in 2 modes. This is based on the documentation:

-u [address%]ifname

Specifies the ‘‘upper’’ network interface for DHCPv6 relay mode: the interface to which queries from clients and other relay agents should be forwarded. At least one -u option must be included in the command line when running in DHCPv6 mode. The interface name ifname is a mandatory parameter. The destination unicast or multicast address can be specified by address%; if not specified, the relay agent will forward to the DHCPv6 All_DHCP_Relay_Agents_and_Servers multicast address.

 

The Web GUI of the UTM only allows for a selection of upper (facing the server) interfaces, which will lead to this entry in the dhcrelay6.config file:

INTERFACES_UPPER="-u redc7 -u redc10"

Which will transmit the DHCP request packet on the upper interface destined to the default DHCP all servers multicast: FF08::3:1. However, this will not be routed by the next Sophos UTM, so you will never see a DHCPv6 address coming back to the client.

 

In order to get multi-hop DHCPv6 relay to work, all whats is needed is to specify the unicast destination IPv6 address of the DHCPv6 server (much like for DHCP relay v4) as well, like this:

INTERFACES_UPPER="-u 2001:67c:17b0:1000::28%redc7 -u redc10"

So in-fact the Web GUI needs to ask for both a server IPv6 address (of the DHCPv6 server, as it does for DHCPv4 already) and the interface to forward the request on (upper interface, like today). The DHCPv6 needs to be added as an option, if its not set, the DHCRELAY6 will automatically work like today and send it to FF08::3:1, if its set, it will forward it directly to that server.

 

And now the DHCPv6 packets get routed through the network, reach the DHCPv6 server and an address is handed out.

 

Could this be added to the Web GUI somehow?

 

Thank you for your consideration,

 

Ronny



This thread was automatically locked due to age.
Unfiltered HTML