Project

General

Profile

Actions
Copy link

Bug #11095

closed

pfSense will not reply to NS on WAN where src is set to a global IPv6 address

Added by Conrad Andersen over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
11/23/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

The category for this should probably be NDP, but that category is not available.

pfSense will not reply with an NA to an NS request that arrives on the WAN interface (not tested on other types of interfaces), if the IPv6 source address is a global IPv6 address.

pfSense will reply with and NA to an NS request that arrives on the WAN interface, if the IPv6 source address is a local-link address (fe80::)

I have attached 4 files which shows a minimal example.

working.pcap: A single hand-crafted package, that pfSense WILL reply to.
working-pfsense-WAN.pcap: A package capture from pfSense WAN interface, when the package is sent from another machine, as you can see this capture contain an NA response from pfSense.

not-working.pcap: A single hand-crafted package, that pfSense WILL NOT reply to.
not-working-pfsense-WAN.pcap: A package capture from pfSense WAN interface, when the package is sent from another machine, as you can see this capture does not contain an NA response from pfSense.

Files

Download all files
not-working-pfsense-WAN.pcap (126 Bytes) not-working-pfsense-WAN.pcap Conrad Andersen, 11/23/2020 03:45 PM
not-working.pcap (112 Bytes) not-working.pcap Conrad Andersen, 11/23/2020 03:45 PM
working-pfsense-WAN.pcap (228 Bytes) working-pfsense-WAN.pcap Conrad Andersen, 11/23/2020 03:45 PM
working.pcap (112 Bytes) working.pcap Conrad Andersen, 11/23/2020 03:45 PM
debian.pcap (228 Bytes) debian.pcap Conrad Andersen, 11/24/2020 09:26 AM
Actions
Copy link

Also available in: Atom PDF