Why aren't interfaces assigned IPv6 link-local addresses?

[weeßicknich]

It appears that 22.7 does not automatically assign link-local addresses to an interface once IPv6 is enabled.

Test case 1:

• IPv6 Configuration Type: Track Interface
• Set Track IPv6 Interface to valid Interface and Prefix ID.

Test case 2:

• IPv6 Configuration Type: Static IPv6
• Set IPv6 address to valid non-link-local IPv6 address.

Result in both cases: the interface picks up the configured address but no link-local address is assigned.

What's going on?

[weeßicknich]

On further investigation I noticed that OPNsense not only fails to assign a link-local address but sends its ICMPv6 messages from an all-zeroes address. See attached nighbor discovery message for example. The destination address is generated correctly in this case.

[weeßicknich]

Test case 3:

• Manually assign an fe80::/64 IP Alias under Interfaces / Virtual IPs
• IPv6 Configuration Type: Static IPv6
• Set IPv6 address to valid non-link-local IPv6 address.

Result: neighbor solicitations for both, the link-local and the statically configured interface address are sent from an all-zeroes address.

[IsaacFL]

This is unique to your setup.

Going to Interfaces: Overview will show that an ipv6 link local is applied to each interface.

[weeßicknich]

This is unique to your setup.

That's encouraging!  ;D

Going to Interfaces: Overview will show that an ipv6 link local is applied to each interface.

It does not and neither does ifconfig.

Here is an example of an interface that has Track Interface configured, while the the uplink is down (hasn't acquired a prefix yet):

Code Select Expand

% ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: USERS
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 60:be:b4:02:38:61
        inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

See the attached screenshot for the Web GUI view of that interface.

[IsaacFL]

It says the interface is disabled.  Also no carrier, doesn't that mean isn't plugged in?

[weeßicknich]

It says the interface is disabled.  Also no carrier, doesn't that mean isn't plugged in?

Yes, sorry I unplugged it a few times while testing and didn't notice when taking the screenshots.

Here's the same thing when connected:

Code Select Expand

ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: USERS
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 60:be:b4:02:38:61
        inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

[WN1X]

That interface still shows IFDISABLED

[weeßicknich]

That interface still shows IFDISABLED

Indeed, but why? Does it stay in disabled state until it receives a prefix?

73

[lilsense]

possibly in your rc.conf file you have ipv6 disabled, or it's disabled globally.

[WN1X]

possibly in your rc.conf file you have ipv6 disabled, or it's disabled globally.

Please confirm you have IPv6 enabled. Go to Firewall-->Settings-->Advanced and confirm the Allow IPv6 checkbox is enabled.

73

[franco]

Which version is that? There was a bug that doesn't fit your description but prevented link-local creation... https://github.com/opnsense/core/issues/5946

Otherwise I haven't seen a case that missed a link-local, which would mean nothing would ever work in IPv6.


Cheers,
Franco