Messages

Hi,

Apparently my OPNsense config is doing something to it's NDP / ICMP / RA packets that my managed switch isn't allowing them to propagate through the network. Anyone know if it is OPNsense of my switch?

I am using a TP-Link T2500G-10TS. The picture attached is from the MLD Snooping GUI.
RA is set to Assisted, with DHCPv6 enabled in the OPNsense VM.

EDIT: OPNsense is in port 8 and I already tried other ports / cables.

Follow up:

After some testing and reading of documents, I think that my reasoning is wrong in the way I am approaching this.
The IEEE RFCs states that instead of blocking the RA, I should classify the addresses in the interface. BSD uses ip6addrctl(8) for that, but I don't know about OPNsense.

I tried using the temporary addresses, and it selects the autonomous still. It should use the temp when activating the tunable, but it doesn't.

In the end, I'll have to study a bit more of how OPNsense classify the ipv6 class and work with that.
I don't seem to be able to delete this thread, or close it, since the topic is depleted.

Mod maybe ? :)

Solved:

Found these lines in the files interfaces.inc located under /usr/local/etc/inc/:

/* accept router advertisements for this interface */
    set_single_sysctl('net.inet6.ip6.accept_rtadv', '1');
    log_error("Accept router advertisements on interface {$realifv6}");
    mwexecf('/sbin/ifconfig %s inet6 accept_rtadv -ifdisabled', $realifv6);


The DHCPv6 script calls on them every time it gets run, overwriting any personal configuration or tunable entries. If you change them to the following, you can then set the sysctl variable to 0 and it will effectively disable the auto configuration of the IPv6 in the wan interface.

/* accept router advertisements for this interface
    set_single_sysctl('net.inet6.ip6.accept_rtadv', '1');
    log_error("Accept router advertisements on interface {$realifv6}");
    mwexecf('/sbin/ifconfig %s inet6 accept_rtadv -ifdisabled', $realifv6); */


As I am yet to see if this will have any other effects on the system, proceed with caution.


As of the problem itself, I suggest that a checkbox be made and put in the interface DHCPv6 configuration to enable or disable this configuration.

EDIT: It breaks default routes acquired by the RA. So, not solved.

EDIT 2: If you manually add the default route to the ipv6 gateway, it work.

Update:

Tried disabling auto configuration using the following command:

ifconfig igb0 inet6 -autoconf

After restarting the interface, it gets overridden by the dhcp script.
Tried disabling accepting RA in the sysctl and tunables. OPNsense doesn't honor that setting.

Still trying to disable it.

Update:

After some research, I noticed that the configuration is made through ifconfig(8).
After reading the manual, I wonder if the "auto_conf" flag is what I need to disable.

Should I create a tunable with it's sysctl string to disable the auto_conf ?
Since it is only done in the WAN interface, I don't think it will pose a problem to my internal SLAAC distribution.

Hi,

Is there a way (either cli or web) to manage the IPv6 flags for the DHCP client on the WAN interface?

When my WAN gets the DHCP config it has A, M and O active, but OPNsense selects the A flag prefix as default and just makes it a nightmare to work with because of my ISP's buggy implementation. I need to disable the A flag.

If not available, how hard is it to implement it?