Text only | Text with Images

OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: sifrmoja on November 04, 2025, 05:29:13 AM

Title: Not Creating Routes Received from IPv6 RA
Post by: sifrmoja on November 04, 2025, 05:29:13 AM
I have 2 downstream servers (Linux) that have a /64 network each on a bridge for VMs/LXC containers. I have configured them to advertise the route to the /64 and the servers add each other as a route to their respective /64. I know the RAs are working.

My OPNsense router can see those Route Advertisements but are not adding a route into their routing table. I am still learning IPv6 but have a solid understanding of routing. I can manually add these routes but I was hoping to have it working auttomatically.

The radvd.conf on each of the servers is as follows.

Code Select
interface eth0
{
    AdvSendAdvert on;
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    AdvReachableTime 0;
    AdvRetransTimer 0;
    AdvCurHopLimit 64;
    AdvDefaultLifetime 0;
    AdvHomeAgentFlag off;
    AdvDefaultPreference medium;
    AdvSourceLLAddress on;

    route 2001:db8:0:b33f::1/64
    {
        AdvRoutePreference medium;
        AdvRouteLifetime 3600;
    }; # End of route definition

}; # End of interface definition

On the router I can see this RA is received on the LAN interface using radvdump.

Code Select
interface igc0
{
    AdvSendAdvert on;
    # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    AdvReachableTime 0;
    AdvRetransTimer 0;
    AdvCurHopLimit 64;
    AdvDefaultLifetime 0;
    AdvHomeAgentFlag off;
    AdvDefaultPreference medium;
    AdvSourceLLAddress on;

    route 2001:db8:0:b33f::1/64
    {
        AdvRoutePreference medium;
        AdvRouteLifetime 3600;
    }; # End of route definition

}; # End of interface definition

Why is OPNsense not adding a route based on this RA?
Title: Re: Not Creating Routes Received from IPv6 RA
Post by: Patrick M. Hausen on November 04, 2025, 07:27:27 AM
Routers like a firewall are not supposed to accept RAs, only hand them out. RAs are sent by routers for the benefit of hosts.
Title: Re: Not Creating Routes Received from IPv6 RA
Post by: Monviech (Cedrik) on November 04, 2025, 07:33:06 AM
An IPv6 capable router should also accept RAs on the upstream interface since otherwise it cannot learn where the LLA of the default IPv6 gateway is (sending LLA and SLLA option inside the RA). DHCPv6 does not contain that information.

Though an interface must have the "accept_rtadv" flag to accept and process RAs.
Title: Re: Not Creating Routes Received from IPv6 RA
Post by: sifrmoja on November 04, 2025, 09:02:34 AM
How do I go about adding this "accept_rtadv" flag?
Title: Re: Not Creating Routes Received from IPv6 RA
Post by: Monviech (Cedrik) on November 04, 2025, 09:43:02 AM
If you set an interface to "IPv6: SLAAC" it will add that flag, but you would also generate an address if the RA bits are wrong, and if a default route is advertised it would also be installed. Your other RA daemon should only advertise an on-link prefix I guess.
Title: Re: Not Creating Routes Received from IPv6 RA
Post by: Maurice on November 04, 2025, 12:25:00 PM
Most systems ignore explicit routes advertised in RAs, even if they do accept RAs and use them for SLAAC, setting the default route etc. I don't think FreeBSD / OPNsense is an exception (let me know if I'm wrong).

That's where reality differs from the RFCs. While it seems like a good idea to autoconfigure specific routes from information in RAs, most vendors have decided not to implement this.

Cheers
Maurice
Text only | Text with Images