Show Posts
1
23.1 Legacy Series / Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface
« on: April 29, 2023, 01:11:00 pm »
Hello,
Is there a way to add an additional IPv6 link-local address for a WAN interface that is already configured to get a global-unicast address via DHCPv6 (or get FreeBSD to use a spoofed MAC address to derive its link-local address)?
I am trying to configure OpnSense for the first time.
I am attempting to configure it to spoof the router supplied by my Internet Service Provider which is dual-stack IPoE with the WAN interface addressed via DHCPv4/DHCPv6 and with DHCPv6 prefix delegation.
I have configured a spoofed MAC address of the Opnsense WAN interface so that is the same as the ISP supplied router it will be replacing and that seems to work fine.
However, FreeBSD does not use that spoofed MAC address when generating the EUI64 link-local address for the WAN interface. It still uses the default MAC address for the interface hardware. In the output below, the LLA fe80::daec:5eff:fe71:ffb3 has been generated from the MAC d8:ec:5e:71:ff:b3 rather than the spoofed 3a:35:84:bf:01:f4:
$ ifconfig xn1
xn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (opt1)
ether d8:ec:5e:71:ff:b3
hwaddr 3a:35:84:bf:01:f4
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
inet6 fe80::daec:5eff:fe71:ffb3%xn1 prefixlen 64 scopeid 0x6
It means when the Opnsense box is swapped in, the upstream Broadband Network Gateway repeatedly attempts and fails to neighbour discover a now non-existent link-local address.
Perhaps FreeBSD has generated the link-local address before the Opnsense configuration to use a spoofed MAC address has been applied?
Is there a way to either add an additional link-local address derived from the spoofed MAC?Or even better get the default link-local address to be generated from the spoofed MAC address? What would be the appropriate file to edit/create to do this from the FreeBSD shell if there is no way to do this from the GUI?
Is there a way to add an additional IPv6 link-local address for a WAN interface that is already configured to get a global-unicast address via DHCPv6 (or get FreeBSD to use a spoofed MAC address to derive its link-local address)?
I am trying to configure OpnSense for the first time.
I am attempting to configure it to spoof the router supplied by my Internet Service Provider which is dual-stack IPoE with the WAN interface addressed via DHCPv4/DHCPv6 and with DHCPv6 prefix delegation.
I have configured a spoofed MAC address of the Opnsense WAN interface so that is the same as the ISP supplied router it will be replacing and that seems to work fine.
However, FreeBSD does not use that spoofed MAC address when generating the EUI64 link-local address for the WAN interface. It still uses the default MAC address for the interface hardware. In the output below, the LLA fe80::daec:5eff:fe71:ffb3 has been generated from the MAC d8:ec:5e:71:ff:b3 rather than the spoofed 3a:35:84:bf:01:f4:
$ ifconfig xn1
xn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (opt1)
ether d8:ec:5e:71:ff:b3
hwaddr 3a:35:84:bf:01:f4
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
inet6 fe80::daec:5eff:fe71:ffb3%xn1 prefixlen 64 scopeid 0x6
It means when the Opnsense box is swapped in, the upstream Broadband Network Gateway repeatedly attempts and fails to neighbour discover a now non-existent link-local address.
Perhaps FreeBSD has generated the link-local address before the Opnsense configuration to use a spoofed MAC address has been applied?
Is there a way to either add an additional link-local address derived from the spoofed MAC?Or even better get the default link-local address to be generated from the spoofed MAC address? What would be the appropriate file to edit/create to do this from the FreeBSD shell if there is no way to do this from the GUI?