Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Manage IPv6 flags (A, M, O) for WAN dhcp client
« previous
next »
Print
Pages: [
1
]
Author
Topic: Manage IPv6 flags (A, M, O) for WAN dhcp client (Read 3132 times)
GMazzocato
Newbie
Posts: 6
Karma: 0
Manage IPv6 flags (A, M, O) for WAN dhcp client
«
on:
December 10, 2020, 08:43:49 pm »
Hi,
Is there a way (either cli or web) to manage the IPv6 flags for the DHCP client on the WAN interface?
When my WAN gets the DHCP config it has A, M and O active, but OPNsense selects the A flag prefix as default and just makes it a nightmare to work with because of my ISP's buggy implementation. I need to disable the A flag.
If not available, how hard is it to implement it?
«
Last Edit: December 11, 2020, 06:16:09 pm by GMazzocato
»
Logged
GMazzocato
Newbie
Posts: 6
Karma: 0
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #1 on:
December 12, 2020, 12:42:47 am »
Update:
After some research, I noticed that the configuration is made through ifconfig(
.
After reading the manual, I wonder if the "auto_conf" flag is what I need to disable.
Should I create a tunable with it's sysctl string to disable the auto_conf ?
Since it is only done in the WAN interface, I don't think it will pose a problem to my internal SLAAC distribution.
Logged
GMazzocato
Newbie
Posts: 6
Karma: 0
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #2 on:
December 14, 2020, 03:28:00 am »
Update:
Tried disabling auto configuration using the following command:
ifconfig igb0 inet6 -autoconf
After restarting the interface, it gets overridden by the dhcp script.
Tried disabling accepting RA in the sysctl and tunables. OPNsense doesn't honor that setting.
Still trying to disable it.
Logged
GMazzocato
Newbie
Posts: 6
Karma: 0
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #3 on:
December 14, 2020, 04:03:16 am »
Solved:
Found these lines in the files
interfaces.inc
located under
/usr/local/etc/inc/
:
/* accept router advertisements for this interface */
set_single_sysctl('net.inet6.ip6.accept_rtadv', '1');
log_error("Accept router advertisements on interface {$realifv6}");
mwexecf('/sbin/ifconfig %s inet6 accept_rtadv -ifdisabled', $realifv6);
The DHCPv6 script calls on them every time it gets run, overwriting any personal configuration or tunable entries. If you change them to the following, you can then set the sysctl variable to 0 and it will effectively disable the auto configuration of the IPv6 in the wan interface.
/* accept router advertisements for this interface
set_single_sysctl('net.inet6.ip6.accept_rtadv', '1');
log_error("Accept router advertisements on interface {$realifv6}");
mwexecf('/sbin/ifconfig %s inet6 accept_rtadv -ifdisabled', $realifv6); */
As I am yet to see if this will have any other effects on the system, proceed with caution.
As of the problem itself, I suggest that a checkbox be made and put in the interface DHCPv6 configuration to enable or disable this configuration.
EDIT: It breaks default routes acquired by the RA. So, not solved.
EDIT 2: If you manually add the default route to the ipv6 gateway, it work.
«
Last Edit: December 14, 2020, 04:20:55 am by GMazzocato
»
Logged
GMazzocato
Newbie
Posts: 6
Karma: 0
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #4 on:
December 14, 2020, 05:22:12 pm »
Follow up:
After some testing and reading of documents, I think that my reasoning is wrong in the way I am approaching this.
The IEEE RFCs states that instead of blocking the RA, I should classify the addresses in the interface. BSD uses ip6addrctl(
for that, but I don't know about OPNsense.
I tried using the temporary addresses, and it selects the autonomous still. It should use the temp when activating the tunable, but it doesn't.
In the end, I'll have to study a bit more of how OPNsense classify the ipv6 class and work with that.
I don't seem to be able to delete this thread, or close it, since the topic is depleted.
Mod maybe ?
Logged
andreaslink
Jr. Member
Posts: 58
Karma: 4
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #5 on:
December 15, 2020, 11:13:19 pm »
Nonetheless interesting to read :-). I still have IPv6 problems as I cannot ping my next (local) gateway via link local from WAN directly from my OPNsense. So something is still wrong with the IPv6 implementation, Firewall states all ICMPv6 as green, so something else is n the way, so this is why I was following your thoughts with interest :-).
Logged
Running OPNsense on 4 core Intel Xeon E5506, 20GB RAM, 2x Broadcom NetXtreme II BCM5709, 4x Intel 82580
Ubench Single CPU: 307897 (0.39s)
gary201
Newbie
Posts: 21
Karma: 0
Re: Manage IPv6 flags (A, M, O) for WAN dhcp client
«
Reply #6 on:
December 21, 2020, 05:18:33 pm »
With your configuration issue, is IPv6 working (e.g. ping6 to anything on the Internet from OpnSense) for a couple minutes and then fails? That's the problem I have and I'm wondering whether my problem is similar to yours. What I have noticed in my issue is it fails when the NDP table entries get flagged as stale (and this is repeatable if for example I plug a Windows system into the ISPs ONT instead of OpnSense).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Manage IPv6 flags (A, M, O) for WAN dhcp client