Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
ipv6 address generation when using SLACC
« previous
next »
Print
Pages: [
1
]
Author
Topic: ipv6 address generation when using SLACC (Read 1652 times)
bringha
Sr. Member
Posts: 253
Karma: 19
ipv6 address generation when using SLACC
«
on:
February 03, 2022, 04:17:24 pm »
High there,
I upgraded just yesterday to 22.1 and everything went well and smooth, which once again make me very grateful for the excellent work the OPNSense team since years to make this possible. Thank you very much for that
More or less randomly I observed an issue now on the ipv6 address generation which I am not sure whether this is new or was already in the versions before:
My ISP is Telekom and I access my VDSL Dual Stack Super Vectoring access via Modem and PPPoE with configured VLAN 7 on the Sense. IPv6 Prefixes are generated out of WAN capturing with prefix IDs. With SLACC, the address (lower 64 Bits) part then is generated out of the MAC address as being specified in the RFC accordingly. So far so good.
I now observe, that in this configuration my WAN ipv6 address and my LAN IP v6 address differentiate indeed in the prefix, but the address parts are exactly the same on both interfaces. In Interfaces->Overview, the WAN MAC address ist shown as 00:00:..00; LAN MAC address corresponds to the physical one of my Hardware.
However, it seems now to be that the WAN ipv6 address generation on igb1 is using the MAC address of the LAN interface on igb0.
I am wondering whether this is intended as I consider this potentially as a security risk.
Does anyone has a similar observation?
Looking forward to your reply.
Br br
Logged
staticznld
Jr. Member
Posts: 62
Karma: 5
Re: ipv6 address generation when using SLACC
«
Reply #1 on:
February 03, 2022, 04:38:53 pm »
On 21.7 the IPV6 ip address generation did the same.
https://forum.opnsense.org/index.php?topic=26335.0
Logged
bringha
Sr. Member
Posts: 253
Karma: 19
Re: ipv6 address generation when using SLACC
«
Reply #2 on:
February 03, 2022, 06:12:53 pm »
Thank you putting me on that topic - had overlooked it
however and other then there, in my case it affects not the LL address generation but the PUBLIC ipv6 address and I am wondering whether this needs to judged somewhat different.
From my view, the algorithm which calculates in SLACC the address ist clearly defined in RFC4293 using an modified EUI-64 method. In case that the seldom but nevertheless possible case of duplicate addresses is appearing, DAD according to RFC 7527 shall be applied.
From my understanding how the EUI-64 works, there should be no doublets appearing simply because of the fact that MAC addresses are upward counted when having several NICs on the HW. I rather assume that this is a SW item.
Could it be that due to the fact that my WAN MAC address is 00:00: .... it simply uses the wrong one from a neighbor interface when calculating the ipv6 address?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
ipv6 address generation when using SLACC