OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • 6RD, RDNSS, radvd, and the case(s) of missing ipv6 NS packets
« previous next »
  • Print
Pages: [1]

Author Topic: 6RD, RDNSS, radvd, and the case(s) of missing ipv6 NS packets  (Read 2553 times)

admalledd

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
6RD, RDNSS, radvd, and the case(s) of missing ipv6 NS packets
« on: August 24, 2021, 06:08:56 am »
Been chewing on this one for two days now. My google-fu must have missed something, especially because most of these are newer to me (ipv6 "has always just worked" so no need for me to figure it out).

For some reason, I cannot get ipv6 NS packets to respond from my opnsense router, specifically the RDNSS's set address. I can *ping6* the darn IP just fine, but not `ndisc6 -1 xxxx:xxxx:xxxx:d700::1 enp6s0` i get "Timed Out". Other devices that must traverse through the OPNSense (from [LAN] to [LAN_Servers]) for the NS packets work fine.

The reason this is a problem, is that certain Android devices if they receive one or more RDNSS over wifi, *require* for at least one RDNSS to reply to NS packets. (Tested android device: Pixel 3a with RQ3A.21.0805.001.A1) If it does not get responses, it assumes the wifi is bad/wrong and disconnects. See IpReachabilityMonitor and related google searches of "Android ipv6 RDNSS". The log message via adb-logcat to look out for is (scrubbed ipv6 addr):

[IpReachabilityMonitor] WARN ALERT neighbor went from: null to: NeighborEvent{@983249427,RTM_NEWNEIGH,if=30,xxxx:xxxx:xxxx:d700::1,NUD_FAILED,[null]}

My temporary fix is to enable on the LAN "Track IPv6 Interface --> Manual Configuration" which then allows the "Services --> Router Advertisements --> [LAN]". And set the settings as "Unmanaged" with "Do not send DNS settings to clients".

Sadly from what I can read of the config-gen code dhcpd.inc there is no way to disable RDNSS for 6RD, while Issue #4537 exists, it did not seem to cover 6RD style. So this means that I now have to be very very careful about my 6RD I think? Or if it ever changes? Or is my "Temp fix" of above the expected way to disable RDNSS for 6RD? This seems sub optimal D: and/or unclear in docs.

All that above to say, while this "works" as a temp-fix, I would much rather figure out what I am missing on the ipv6 Neighbor Solicitation Packets not existing from the OPNSense device. I haven't touched the default firewall settings to the best of my knowledge for them, and I am not seeing any firewall logs that stand out to me (DENY) when I trigger a NS request.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • 6RD, RDNSS, radvd, and the case(s) of missing ipv6 NS packets
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2