marjohn56
commented
3 years ago PR issued #4659
Closed marjohn56 closed 3 years ago
marjohn56
commented
3 years ago PR issued #4659
OPNsense-bot
commented
3 years ago This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Any tracking interface is giving out prefix delegations with the same prefix as the /64 interface itself.
Steps to reproduce the behavior:
Just look at /var/dhcpd/etc/dhcpdv6.conf : You'll also see the prefix delegations at line 1318/1319 are using the same prefix as the interface. This is not a good idea. The prefix delegations must not use the same prefix as the interface itself.
A clear and concise description of what you expected to happen.
PD's must not use the same prefix as the parent, The prefix delegations should get another prefix in the range of prefixes available from the delegation by dhcp6c. For example, when a /60 prefix is set on an interface and there is only one LAN it's possible to delegate a minimum of two prefixes using a /61 mask, one prefix is used on the LAN interface and is then presented as a /64 and the other prefix should be used as PD in the form of the other /61 prefix. Where there are two LANs then one prefix is used for both LANs, the difference being the 64th nibble which is incremented, thus fitting the two /64s into a single /62 prefix., that leaves three to be handed out for PD, so you could give two to the first LANs PD and one to the second, and so on and so forth. However, it's easier just to give out one each, or use a /63 prefix and give out two /63 PDs, that leaves a remainder but unless it's manually configured in the GUI then a full auto will use the same number of pd allocations for each interfaces.
In the example config below, We have four LANs, We have generated multiple /64 PD's for each interface,
subnet6 xxxx:xxxx:xxxx:ff00::/64 { range6 xxxx:xxxx:xxxx:ff00:: xxxx:xxxx:xxxx:ff00:ffff:ffff:ffff:ffff; option dhcp6.name-servers xxxx:xxxx:xxxx:ff00:20e:c4ff:fed2:8142; prefix6 xxxx:xxxx:xxxx:ff04:: xxxx:xxxx:xxxx:ff06::/64; }
subnet6 xxxx:xxxx:xxxx:ff01::/64 { range6 xxxx:xxxx:xxxx:ff01:: xxxx:xxxx:xxxx:ff01:ffff:ffff:ffff:ffff; option dhcp6.name-servers xxxx:xxxx:xxxx:ff01:20e:c4ff:fed2:8142; prefix6 xxxx:xxxx:xxxx:ff07:: xxxx:xxxx:xxxx:ff09::/64; }
subnet6 xxxx:xxxx:xxxx:ff02::/64 { range6 xxxx:xxxx:xxxx:ff02:: xxxx:xxxx:xxxx:ff02:ffff:ffff:ffff:ffff; option dhcp6.name-servers xxxx:xxxx:xxxx:ff02:20e:c4ff:fed2:8142; prefix6 xxxx:xxxx:xxxx:ff0a:: xxxx:xxxx:xxxx:ff0c::/64; }
subnet6 xxxx:xxxx:xxxx:ff03::/64 { range6 xxxx:xxxx:xxxx:ff03:: xxxx:xxxx:xxxx:ff03:ffff:ffff:ffff:ffff; option dhcp6.name-servers xxxx:xxxx:xxxx:ff04:20e:c4ff:fed2:8142; prefix6 xxxx:xxxx:xxxx:ff0d:: xxxx:xxxx:xxxx:ff0f::/64; }
There's a bit of binary maths involved in working out the valid prefixes, but I have done it and will post a PR tomorrow that resolves the issue. the routines could also be used to generate a pd delegation table for use in the GUI to assist those doing manual configuration.
OPNsense 21.1.r_1-amd64 FreeBSD 12.1-RELEASE-p12-HBSD OpenSSL 1.1.1i 8 Dec 2020