ipv6 dhcp server not handing out addresses

Bill Shirley bill at c3po.polymerindustries.biz
Thu Nov 16 19:20:43 UTC 2017 

Could the firewall on the DHCP6 server be blocking the replies?

Bill

On 11/16/2017 12:30 PM, Sten Carlsen wrote:
>
>
>
> On 16/11/2017 17:47, robert at spotswood-computer.net wrote:
>> I can see the solicits in the dhcp server logs, so I think that's
>> definitive that they are reaching the server. The advertises should show
>> up there too, but just in case I'm wrong, I ran wireshark on the server.
>> Saw the solicits as expected, but 0 advertises.
> Ok, just something that bit me.
>>> On 16/11/2017 17:05,robert at spotswood-computer.net  wrote:
>>>> I've trying to retire an old Debian server (v7 Wheezy). I've new one
>>>> built
>>>> (really a VM) and installed (v9 - Stretch). One by one, I'm moving the
>>>> services over. Going well, until I hit the IPv6 dhcp server. The ipv4
>>>> dhcp
>>>> server went smooth.
>>>>
>>>> The old server is running isc-dhcp-server 4.2.2, while the new server is
>>>> running isc-dhcp-server 4.3.5.
>>>>
>>>> I copied the configuration file, but not the lease database from old
>>>> server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
>>>> the new ones. The ipv6 dhcp server starts, and is listening, but it is
>>>> not
>>>> handing out addresses. I tested with two Windows machine: ipconfig
>>>> /release6 then ipconfig /renew6. Both machines had an ipv6 address from
>>>> the old dhcp server, so it's not a client problem, and can renew said
>>>> address.
>>>>
>>>> Out of frustration, I copied the old database to the new server and
>>>> restarted. Still not working.
>>>>
>>>> I finally fired up wireshark on the client, and the problem seems to be
>>>> there are no advertise reply to the solicit from the client, which does
>>>> show up in the dhcpd logs. So the server sees the request, but doesn't
>>>> answer it.
>>>>
>>>> I checked the ip6tables and everything is accept, so it's not a firewall
>>>> issue. Any ideas?
>>> You may want to try Wireshark on the server to see if the request
>>> actually gets there.
>>> Could be an issue with switches along the way. I had an issue with a
>>> switch that was set to prevent DDOS attacks and blocked packets with
>>> identical source and destination ports. Removing that check made a lot
>>> of things work again.
>>>> == config file ==
>>>> default-lease-time 6048;
>>>> max-lease-time 6048;
>>>> log-facility local7;
>>>> ddns-updates on;
>>>> ddns-update-style interim;
>>>> update-static-leases on;
>>>> authoritative;
>>>> #log-facility debug;
>>>>
>>>> subnet6 fd00:220:0:1::/64 {
>>>> 	#Range for clients
>>>> 	range6 fd00:220:0:1::601 fd00:220:0:1::800;
>>>> 	#Additional options
>>>> 	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
>>>> 	option dhcp6.domain-search "redacted.name";
>>>> }
>>>>
>>> --
>>> Best regards
>>>
>>> Sten Carlsen
>>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> -- 
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
>         "MALE BOVINE MANURE!!!"
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20171116/33c35a91/attachment.html>

More information about the dhcp-users mailing list