ipv6 dhcp server not handing out addresses

Sten Carlsen stenc at s-carlsen.dk
Thu Nov 16 17:30:09 UTC 2017 


On 16/11/2017 17:47, robert at spotswood-computer.net wrote:
> I can see the solicits in the dhcp server logs, so I think that's
> definitive that they are reaching the server. The advertises should show
> up there too, but just in case I'm wrong, I ran wireshark on the server.
> Saw the solicits as expected, but 0 advertises.
Ok, just something that bit me.
>
>>
>> On 16/11/2017 17:05, robert at spotswood-computer.net wrote:
>>> I've trying to retire an old Debian server (v7 Wheezy). I've new one
>>> built
>>> (really a VM) and installed (v9 - Stretch). One by one, I'm moving the
>>> services over. Going well, until I hit the IPv6 dhcp server. The ipv4
>>> dhcp
>>> server went smooth.
>>>
>>> The old server is running isc-dhcp-server 4.2.2, while the new server is
>>> running isc-dhcp-server 4.3.5.
>>>
>>> I copied the configuration file, but not the lease database from old
>>> server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
>>> the new ones. The ipv6 dhcp server starts, and is listening, but it is
>>> not
>>> handing out addresses. I tested with two Windows machine: ipconfig
>>> /release6 then ipconfig /renew6. Both machines had an ipv6 address from
>>> the old dhcp server, so it's not a client problem, and can renew said
>>> address.
>>>
>>> Out of frustration, I copied the old database to the new server and
>>> restarted. Still not working.
>>>
>>> I finally fired up wireshark on the client, and the problem seems to be
>>> there are no advertise reply to the solicit from the client, which does
>>> show up in the dhcpd logs. So the server sees the request, but doesn't
>>> answer it.
>>>
>>> I checked the ip6tables and everything is accept, so it's not a firewall
>>> issue. Any ideas?
>> You may want to try Wireshark on the server to see if the request
>> actually gets there.
>> Could be an issue with switches along the way. I had an issue with a
>> switch that was set to prevent DDOS attacks and blocked packets with
>> identical source and destination ports. Removing that check made a lot
>> of things work again.
>>> == config file ==
>>> default-lease-time 6048;
>>> max-lease-time 6048;
>>> log-facility local7;
>>> ddns-updates on;
>>> ddns-update-style interim;
>>> update-static-leases on;
>>> authoritative;
>>> #log-facility debug;
>>>
>>> subnet6 fd00:220:0:1::/64 {
>>> 	#Range for clients
>>> 	range6 fd00:220:0:1::601 fd00:220:0:1::800;
>>> 	#Additional options
>>> 	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
>>> 	option dhcp6.domain-search "redacted.name";
>>> }
>>>
>> --
>> Best regards
>>
>> Sten Carlsen
>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20171116/f674c719/attachment-0001.html>

More information about the dhcp-users mailing list