Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: ipv6 dhcp server not handing out addresses (Bill Shirley)
2. Re: ipv6 dhcp server not handing out addresses
(rob...@spotswood-computer.net)
3. Re: ipv6 dhcp server not handing out addresses (Bill Shirley)
4. Re: ipv6 dhcp server not handing out addresses (Bill Shirley)
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Nov 2017 14:20:43 -0500
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: ipv6 dhcp server not handing out addresses
Message-ID:
<115b08a7-1625-fec2-61a0-0440d214d...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Could the firewall on the DHCP6 server be blocking the replies?
Bill
On 11/16/2017 12:30 PM, Sten Carlsen wrote:
>
>
>
> On 16/11/2017 17:47, rob...@spotswood-computer.net wrote:
>> I can see the solicits in the dhcp server logs, so I think that's
>> definitive that they are reaching the server. The advertises should show
>> up there too, but just in case I'm wrong, I ran wireshark on the server.
>> Saw the solicits as expected, but 0 advertises.
> Ok, just something that bit me.
>>> On 16/11/2017 17:05,rob...@spotswood-computer.net wrote:
>>>> I've trying to retire an old Debian server (v7 Wheezy). I've new one
>>>> built
>>>> (really a VM) and installed (v9 - Stretch). One by one, I'm moving the
>>>> services over. Going well, until I hit the IPv6 dhcp server. The ipv4
>>>> dhcp
>>>> server went smooth.
>>>>
>>>> The old server is running isc-dhcp-server 4.2.2, while the new server is
>>>> running isc-dhcp-server 4.3.5.
>>>>
>>>> I copied the configuration file, but not the lease database from old
>>>> server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
>>>> the new ones. The ipv6 dhcp server starts, and is listening, but it is
>>>> not
>>>> handing out addresses. I tested with two Windows machine: ipconfig
>>>> /release6 then ipconfig /renew6. Both machines had an ipv6 address from
>>>> the old dhcp server, so it's not a client problem, and can renew said
>>>> address.
>>>>
>>>> Out of frustration, I copied the old database to the new server and
>>>> restarted. Still not working.
>>>>
>>>> I finally fired up wireshark on the client, and the problem seems to be
>>>> there are no advertise reply to the solicit from the client, which does
>>>> show up in the dhcpd logs. So the server sees the request, but doesn't
>>>> answer it.
>>>>
>>>> I checked the ip6tables and everything is accept, so it's not a firewall
>>>> issue. Any ideas?
>>> You may want to try Wireshark on the server to see if the request
>>> actually gets there.
>>> Could be an issue with switches along the way. I had an issue with a
>>> switch that was set to prevent DDOS attacks and blocked packets with
>>> identical source and destination ports. Removing that check made a lot
>>> of things work again.
>>>> == config file ==
>>>> default-lease-time 6048;
>>>> max-lease-time 6048;
>>>> log-facility local7;
>>>> ddns-updates on;
>>>> ddns-update-style interim;
>>>> update-static-leases on;
>>>> authoritative;
>>>> #log-facility debug;
>>>>
>>>> subnet6 fd00:220:0:1::/64 {
>>>> #Range for clients
>>>> range6 fd00:220:0:1::601 fd00:220:0:1::800;
>>>> #Additional options
>>>> option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
>>>> option dhcp6.domain-search "redacted.name";
>>>> }
>>>>
>>> --
>>> Best regards
>>>
>>> Sten Carlsen
>>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
> "MALE BOVINE MANURE!!!"
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20171116/33c35a91/attachment-0001.html>
------------------------------
Message: 2
Date: Thu, 16 Nov 2017 14:23:18 -0500
From: rob...@spotswood-computer.net
To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
Subject: Re: ipv6 dhcp server not handing out addresses
Message-ID:
<f7b6d3e39879a2be62ad17864b55d0a1.squir...@email.powweb.com>
Content-Type: text/plain;charset=iso-8859-1
Firewall is wide open. I checked that too.
> Could the firewall on the DHCP6 server be blocking the replies?
>
> Bill
>
> On 11/16/2017 12:30 PM, Sten Carlsen wrote:
>>
>>
>>
>> On 16/11/2017 17:47, rob...@spotswood-computer.net wrote:
>>> I can see the solicits in the dhcp server logs, so I think that's
>>> definitive that they are reaching the server. The advertises should
>>> show
>>> up there too, but just in case I'm wrong, I ran wireshark on the
>>> server.
>>> Saw the solicits as expected, but 0 advertises.
>> Ok, just something that bit me.
>>>> On 16/11/2017 17:05,rob...@spotswood-computer.net wrote:
>>>>> I've trying to retire an old Debian server (v7 Wheezy). I've new one
>>>>> built
>>>>> (really a VM) and installed (v9 - Stretch). One by one, I'm moving
>>>>> the
>>>>> services over. Going well, until I hit the IPv6 dhcp server. The ipv4
>>>>> dhcp
>>>>> server went smooth.
>>>>>
>>>>> The old server is running isc-dhcp-server 4.2.2, while the new server
>>>>> is
>>>>> running isc-dhcp-server 4.3.5.
>>>>>
>>>>> I copied the configuration file, but not the lease database from old
>>>>> server. Then I stopped the old ipv6 (and ipv4) dhcp servers and
>>>>> started
>>>>> the new ones. The ipv6 dhcp server starts, and is listening, but it
>>>>> is
>>>>> not
>>>>> handing out addresses. I tested with two Windows machine: ipconfig
>>>>> /release6 then ipconfig /renew6. Both machines had an ipv6 address
>>>>> from
>>>>> the old dhcp server, so it's not a client problem, and can renew said
>>>>> address.
>>>>>
>>>>> Out of frustration, I copied the old database to the new server and
>>>>> restarted. Still not working.
>>>>>
>>>>> I finally fired up wireshark on the client, and the problem seems to
>>>>> be
>>>>> there are no advertise reply to the solicit from the client, which
>>>>> does
>>>>> show up in the dhcpd logs. So the server sees the request, but
>>>>> doesn't
>>>>> answer it.
>>>>>
>>>>> I checked the ip6tables and everything is accept, so it's not a
>>>>> firewall
>>>>> issue. Any ideas?
>>>> You may want to try Wireshark on the server to see if the request
>>>> actually gets there.
>>>> Could be an issue with switches along the way. I had an issue with a
>>>> switch that was set to prevent DDOS attacks and blocked packets with
>>>> identical source and destination ports. Removing that check made a lot
>>>> of things work again.
>>>>> == config file ==
>>>>> default-lease-time 6048;
>>>>> max-lease-time 6048;
>>>>> log-facility local7;
>>>>> ddns-updates on;
>>>>> ddns-update-style interim;
>>>>> update-static-leases on;
>>>>> authoritative;
>>>>> #log-facility debug;
>>>>>
>>>>> subnet6 fd00:220:0:1::/64 {
>>>>> #Range for clients
>>>>> range6 fd00:220:0:1::601 fd00:220:0:1::800;
>>>>> #Additional options
>>>>> option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
>>>>> option dhcp6.domain-search "redacted.name";
>>>>> }
>>>>>
>>>> --
>>>> Best regards
>>>>
>>>> Sten Carlsen
>>>>
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> --
>> Best regards
>>
>> Sten Carlsen
>>
>> No improvements come from shouting:
>>
>> "MALE BOVINE MANURE!!!"
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Thu, 16 Nov 2017 14:54:02 -0500
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: ipv6 dhcp server not handing out addresses
Message-ID:
<4d1b03bf-e9c8-de70-647b-1c64cef41...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Have you tried looking at traffic on the DHCP6 server with tcpdump:
[0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan4, link-type EN10MB (Ethernet), capture size 262144 bytes
14:49:26.162028 IP6 fe80::74b4:e117:e83:e565.dhcpv6-client >
ff02::1:2.dhcpv6-server: dhcp6 renew
14:49:26.164029 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server >
fe80::74b4:e117:e83:e565.dhcpv6-client: dhcp6 reply
14:50:26.595666 IP6 fe80::f976:c419:fe5b:11c.dhcpv6-client >
ff02::1:2.dhcpv6-server: dhcp6 renew
14:50:26.597087 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server >
fe80::f976:c419:fe5b:11c.dhcpv6-client: dhcp6 reply
Substitute your interface for lan4.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20171116/81bcda67/attachment-0001.html>
------------------------------
Message: 4
Date: Thu, 16 Nov 2017 15:00:52 -0500
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: ipv6 dhcp server not handing out addresses
Message-ID:
<48f61fe1-d356-4ee1-ee1d-89b290330...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Also, verify that your DHCP6 server has an address on the defined subnet:
[0:root@elmo clamav]$ ip -o -6 addr | grep 'inet6 fd'
2: lan4??? inet6 fd03:e4d:8a00:20f7::1/64 scope global \?????? valid_lft
forever preferred_lft forever
5: wifi??? inet6 fd03:e4d:8a00:20f8::1/64 scope global \?????? valid_lft
forever preferred_lft forever
Bill
On 11/16/2017 2:54 PM, Bill Shirley wrote:
> Have you tried looking at traffic on the DHCP6 server with tcpdump:
> [0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on lan4, link-type EN10MB (Ethernet), capture size 262144 bytes
> 14:49:26.162028 IP6 fe80::74b4:e117:e83:e565.dhcpv6-client >
> ff02::1:2.dhcpv6-server: dhcp6 renew
> 14:49:26.164029 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server >
> fe80::74b4:e117:e83:e565.dhcpv6-client: dhcp6 reply
> 14:50:26.595666 IP6 fe80::f976:c419:fe5b:11c.dhcpv6-client >
> ff02::1:2.dhcpv6-server: dhcp6 renew
> 14:50:26.597087 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server >
> fe80::f976:c419:fe5b:11c.dhcpv6-client: dhcp6 reply
>
> Substitute your interface for lan4.
>
> Bill
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20171116/fcc8d44e/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 109, Issue 11
*******************************************
