This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCPv6 missing clients in IPv6 Lease table

Hi,

because I am not able find way how to submit support ticket about UTM9 then I try to ask here.

I have bit weird problem with DHCPv6 server, I set it up and it works properly, clients grab addresses and it works well, problem is with Lease table entries, actually I just testing IPv6 then I set up only 3 clients, all 3 clients get address but in Lease table I see only 2 clients, 3rd client is missing in that table but he have valid address and he periodically renew lease (it is Win10).

I looked also in file dhcpd6.leases and I see that client there but actually it have 2 entries, both active and with some weird looking ia-na.

I already try to stop dhcpv6 server, remove that lease file and start server again but nothing was changed.

With this client I have also another odd problem, if I set preferred-life and max-life to different times this client fail to renew IP at preferred-time and after short time it mark IP as "deprecated", only way is use ipconfig /renew6 or wait until max-life is reached. I looking in win logs and in Dhcp logs and seems client try to renew IP, he get response from dhcp but for unknown reason he ignore that reply. If I set both times to same value everything working well and no more "deprecated" IP.

Have anyone idea what is wrong ?

Thanks for any idea

/Tomi



This thread was automatically locked due to age.
  • Are all clients getting dynamic addresses, or are some fixed? I've noticed that on the XG (SFOS) the ipv6 lease table doesn't include fixed IP addresses, only dynamic. Different OS but maybe the same server (the one in busybox).

  • that is good point, that 2 clients (visible in lease table) are getting dynamic IP from beginning but that one problematic have at beginning  assigned static IP but later I remove it from Network definitions  to test all clients as dynamic... I removed that static entry for this client from UTM but maybe it is still some hidden record for this client somewhere and still is processed as static ?

    /Tomi

  • If you are using prefix advertisements, they don't show in the lease table.

    From the documentation:

    Note – Leases that have been granted via prefix advertisements are not shown in the table.

    Is this how your setup is running?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • seems PA have nothing to do with this problem, I turn it off and then try to release6/renew6 on client and I still see same messages in dhcp.log as before and all 3 clients have there same looking messages just only that one not appear in Lease table (all 3 clients getting IP from defined range on dhcp6 server)

    This is from log, this is that "hiding" client (IPs was bit redacted)

    2022:06:30-19:25:02 dhcpd6: Solicit message from fe80::1e1b:dff:fed7:xxxx port 546, transaction ID 0xF37D5200
    2022:06:30-19:25:02 dhcpd6: Advertise NA: address 2001:xxx:xx:xxx::fbaa to client with duid 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx iaid = 186391309 valid for 3600 seconds
    2022:06:30-19:25:02 dhcpd6: Sending Advertise to fe80::1e1b:dff:fed7:xxxx port 546
    2022:06:30-19:25:03 dhcpd6: Request message from fe80::1e1b:dff:fed7:xxxx port 546, transaction ID 0xF37D5200
    2022:06:30-19:25:03 dhcpd6: Reply NA: address 2001:xxx:xx:xxx::fbaa to client with duid 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx iaid = 186391309 valid for 3600 seconds
    2022:06:30-19:25:03 dhcpd6: Sending Reply to fe80::1e1b:dff:fed7:xxxx port 546

  • It's not PA, per-se, it's SLAAC, correct? And you should be able to have PA and DHCPv6 both, including having DHCP dynamic, DHCP static, and SLAAC IPs, or DHCP dynamic/static only and no SLAAC. (In theory, not sure what UTM supports.)

  • I do simple test, I stopped dhcpd6 server, remove file dhcpd6.leases (and backup ~) and start server again, then I issue /renew6 on client, in log it fails ofcourse, then I do /release6 and then /renew6... and client get IP but Lease table is still empty, here is part of log, there is clearly to see message "Picking pool address".

    2022:07:01-17:08:55  dhcpd6: Wrote 0 NA, 0 TA, 0 PD leases to lease file.
    2022:07:01-17:08:55  dhcpd6: Bound to *:547
    2022:07:01-17:08:55  dhcpd6: Listening on Socket/6/lag0/2001:xxx:xx:xxx::/64
    2022:07:01-17:08:55  dhcpd6: Sending on Socket/6/lag0/2001:xxx:xx:xxx::/64
    2022:07:01-17:08:55  dhcpd6: Server starting service.
    2022:07:01-17:09:06  dhcpd6: Renew message from fe80::1e1b:dff:xxxx:xxxx port 546, transaction ID 0xE93CF200
    2022:07:01-17:09:06  dhcpd6: Discarding Renew from fe80::1e1b:dff:xxxx:xxxx; not our server identifier (CLIENTID 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx, SERVERID 00:01:00:01:2a:46:41:57:d4:ae:xx:xx:xx:xx, server DUID 00:01:00:01:2a:51:ca:87:d4:ae:xx:xx:xx:xx)
    2022:07:01-17:09:16  dhcpd6: Renew message from fe80::1e1b:dff:xxxx:xxxx port 546, transaction ID 0xE93CF200
    2022:07:01-17:09:16  dhcpd6: Discarding Renew from fe80::1e1b:dff:xxxx:xxxx; not our server identifier (CLIENTID 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx, SERVERID 00:01:00:01:2a:46:41:57:d4:ae:xx:xx:xx:xx, server DUID 00:01:00:01:2a:51:ca:87:d4:ae:xx:xx:xx:xx)


    2022:07:01-17:09:18  dhcpd6: Release message from fe80::1e1b:dff:xxxx:xxxx port 546, transaction ID 0xF966A100
    2022:07:01-17:09:18  dhcpd6: Discarding Release from fe80::1e1b:dff:xxxx:xxxx; not our server identifier (CLIENTID 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx, SERVERID 00:01:00:01:2a:46:41:57:d4:ae:xx:xx:xx:xx, server DUID 00:01:00:01:2a:51:ca:87:d4:ae:xx:xx:xx:xx)


    2022:07:01-17:09:21  dhcpd6: Solicit message from fe80::1e1b:dff:xxxx:xxxx port 546, transaction ID 0xA6373600
    2022:07:01-17:09:21  dhcpd6: Picking pool address 2001:xxx:xx:xxx::fbaa
    2022:07:01-17:09:21  dhcpd6: Advertise NA: address 2001:xxx:xx:xxx::fbaa to client with duid 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx iaid = 186391309 valid for 3600 seconds
    2022:07:01-17:09:21  dhcpd6: Sending Advertise to fe80::1e1b:dff:xxxx:xxxx port 546
    2022:07:01-17:09:22  dhcpd6: Request message from fe80::1e1b:dff:xxxx:xxxx port 546, transaction ID 0xA6373600
    2022:07:01-17:09:22  dhcpd6: Reply NA: address 2001:xxx:xx:xxx::fbaa to client with duid 00:01:00:01:22:20:fd:59:1c:1b:xx:xx:xx:xx iaid = 186391309 valid for 3600 seconds
    2022:07:01-17:09:22  dhcpd6: Sending Reply to fe80::1e1b:dff:xxxx:xxxx port 546

    Still very odd why this client is not in Lease table at all.

    /Tomi

  • I do small test, I install Win7 (as VM) and he grab IPv6 from DHCP immediately after setup finished, do the same but with Win10 and result same, both get IPv6 from DHCP and they was showed in Lease table.... then seems something is probably wrong with that Win10 config although he grab IPv6 from pool correctly and everything works except he is missing in Lease table.

  • It may be blocking information being sent back to DHCP Server for some odd reason.  Microsoft says, 'You're welcome."  Stuck out tongue

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • just one idea, I looking in dhcpd6.leases file and this client have odd looking ia-na in file:

    ia-na "\015\033\034\013\000\001\000\001\" \375Y\034\033\015\327\331\326" {
      cltt 0 2022/07/03 07:14:59;
      iaaddr 2001:xxx:xx:xxx::fbaa {
        binding state active;
        preferred-life 3600;
        max-life 3600;
        ends 0 2022/07/03 08:14:59;
      }
    }

    With odd looking I mean that sequence in the middle of ia-na: \" \  , maybe UTM parser for Lease table have problem with this ? Or I just see something what is not there ? :)

    /Tomi