ipv6 dhcp server not handing out addresses

robert at spotswood-computer.net robert at spotswood-computer.net
Thu Nov 16 19:23:18 UTC 2017 

Firewall is wide open. I checked that too.

> Could the firewall on the DHCP6 server be blocking the replies?
>
> Bill
>
> On 11/16/2017 12:30 PM, Sten Carlsen wrote:
>>
>>
>>
>> On 16/11/2017 17:47, robert at spotswood-computer.net wrote:
>>> I can see the solicits in the dhcp server logs, so I think that's
>>> definitive that they are reaching the server. The advertises should
>>> show
>>> up there too, but just in case I'm wrong, I ran wireshark on the
>>> server.
>>> Saw the solicits as expected, but 0 advertises.
>> Ok, just something that bit me.
>>>> On 16/11/2017 17:05,robert at spotswood-computer.net  wrote:
>>>>> I've trying to retire an old Debian server (v7 Wheezy). I've new one
>>>>> built
>>>>> (really a VM) and installed (v9 - Stretch). One by one, I'm moving
>>>>> the
>>>>> services over. Going well, until I hit the IPv6 dhcp server. The ipv4
>>>>> dhcp
>>>>> server went smooth.
>>>>>
>>>>> The old server is running isc-dhcp-server 4.2.2, while the new server
>>>>> is
>>>>> running isc-dhcp-server 4.3.5.
>>>>>
>>>>> I copied the configuration file, but not the lease database from old
>>>>> server. Then I stopped the old ipv6 (and ipv4) dhcp servers and
>>>>> started
>>>>> the new ones. The ipv6 dhcp server starts, and is listening, but it
>>>>> is
>>>>> not
>>>>> handing out addresses. I tested with two Windows machine: ipconfig
>>>>> /release6 then ipconfig /renew6. Both machines had an ipv6 address
>>>>> from
>>>>> the old dhcp server, so it's not a client problem, and can renew said
>>>>> address.
>>>>>
>>>>> Out of frustration, I copied the old database to the new server and
>>>>> restarted. Still not working.
>>>>>
>>>>> I finally fired up wireshark on the client, and the problem seems to
>>>>> be
>>>>> there are no advertise reply to the solicit from the client, which
>>>>> does
>>>>> show up in the dhcpd logs. So the server sees the request, but
>>>>> doesn't
>>>>> answer it.
>>>>>
>>>>> I checked the ip6tables and everything is accept, so it's not a
>>>>> firewall
>>>>> issue. Any ideas?
>>>> You may want to try Wireshark on the server to see if the request
>>>> actually gets there.
>>>> Could be an issue with switches along the way. I had an issue with a
>>>> switch that was set to prevent DDOS attacks and blocked packets with
>>>> identical source and destination ports. Removing that check made a lot
>>>> of things work again.
>>>>> == config file ==
>>>>> default-lease-time 6048;
>>>>> max-lease-time 6048;
>>>>> log-facility local7;
>>>>> ddns-updates on;
>>>>> ddns-update-style interim;
>>>>> update-static-leases on;
>>>>> authoritative;
>>>>> #log-facility debug;
>>>>>
>>>>> subnet6 fd00:220:0:1::/64 {
>>>>> 	#Range for clients
>>>>> 	range6 fd00:220:0:1::601 fd00:220:0:1::800;
>>>>> 	#Additional options
>>>>> 	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
>>>>> 	option dhcp6.domain-search "redacted.name";
>>>>> }
>>>>>
>>>> --
>>>> Best regards
>>>>
>>>> Sten Carlsen
>>>>
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> --
>> Best regards
>>
>> Sten Carlsen
>>
>> No improvements come from shouting:
>>
>>         "MALE BOVINE MANURE!!!"
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list