From wiki
Jump to navigation Jump to search

Dynamic Host Configuration Protocol


IPv6 addresses can be advertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the ISC dhcp server is used you need separate instances for the IPv4 and the IPv6 server.

Sample configuration file (/etc/dhcp/dhcpd6.conf).

log-facility local7;
default-lease-time 86400;
max-lease-time 604800;

subnet6 your:site:ipv6:prefix::/64 {
#  range6 your:ipv6:prefix:address:1::f000 your:ipv6:prefix:address:1::ffff;

  option dhcp6.domain-search "local.domain.tld";
  option dhcp6.name-servers <name-server-address>;
  option ntp-servers ntp.domain.tld;

  host host1name {
   host-identifier option dhcp6.client-id 00:a4:00:01:45:26:4d:8e:98:8e:76:d1:09:32;
   fixed-address6 <full ipv6-address>;

Hosts for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases.

The firewall on the client needs to be open on the Link Local address (in the FE80::/10) range on port 546


Sample configuration file (/etc/dhcp/dhcpd.conf).

ddns-update-style none;

# option definitions common to all supported networks.
option domain-name "domain.tld";
option domain-name-servers,;
option routers;
option broadcast-address;
option ntp-servers;

# 1 day (fine for home networks, e.g. hotspots should have far shorter lease times) 
default-lease-time 86400;
# 1 week
max-lease-time 604800;


log-facility local7;

# Known hosts get fixed IP address defined in DNS-server
group {
 deny unknown-clients;
 # One week, these are sort of fixed addresses.
 default-lease-time 604800;

 host host1name {
  hardware ethernet ff:ff:ff:ff:ff:ff;
  fixed-address host1name.domain.tld;
 host host2name {
  hardware ethernet ff:ff:ff:ff:ff:ff;
  fixed-address host2name.domain.tld;
# All other get an address from the range
subnet netmask {

The leases are kept track of in /var/lib/dhcp/dhcpd.leases An ordinary entry looks like: tstp and cltt are for the failover protocol, most other entries are self-explaining I think.

lease {
  starts 6 2021/03/18 11:22:00;
  ends 0 2021/03/19 11:22:00;
  tstp 0 2021/03/19 11:22:00;
  cltt 6 2021/03/19 11:22:00;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet ff:ff:ff:ff:ff:ff;
  client-hostname "host3name";

Traffic check

tcpdump -i eth0 port 547
Check on server side
tcpdump -i eth0 port 546
Check on client side