Project

General

Profile

Actions
Copy link

Bug #15361

open

Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses

Added by Mathis Cavalli about 1 month ago. Updated 24 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Virtual IP Addresses
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
23.09.1
Affected Architecture:
All

Description

There is no network address in IPv6, nor broadcasts like IPv4
When adding / editing an IP alias and putting there an address like fd00::/64 it shows the following error : "The network address cannot be used for this VIP"
It happened on my pfSense+ box but it seems the CE 2.7.2 is also affected.

Files

Download all files
Screenshot_1.png (61.2 KB) Screenshot_1.png Mathis Cavalli, 03/25/2024 09:12 AM
clipboard-202404031423-s3n4d.png (40.2 KB) clipboard-202404031423-s3n4d.png Danilo Zrenjanin, 04/03/2024 12:23 PM
Actions
Copy link
 #1

Updated by Chris W 30 days ago

What's the end goal you're looking for here?

An IP alias should take a single address you want to add to a specific interface. If instead you need to alias an entire network space for use with NAT or firewall rules, that's done in Firewall > Alias (change Type from host to network).

Actions
Copy link
 #2

Updated by Mathis Cavalli 30 days ago

I need to add a secondary IPv6 address (fd00:0:0:1::/64) on my tun_wg0 interface and it works using the VIPs
If i put fd00:0:0:1::/128 there all the /64 subnet isn't routed to this interface, which is what i need
Is there another way to add additional IP addresses on an interface ?

Actions
Copy link
 #3

Updated by Kris Phillips 27 days ago

In IPv6 there is a prefix ID followed by an interface, which replaces the network ID in IPv6. Assigning the prefix ID to an interface is not valid. You should choose a single address in this prefix for IP Aliases, so you should assign the ::1 or another address from the /64.

Actions
Copy link
 #4

Updated by Jim Pingle 26 days ago

Kris Phillips wrote in #note-3:

In IPv6 there is a prefix ID followed by an interface, which replaces the network ID in IPv6. Assigning the prefix ID to an interface is not valid. You should choose a single address in this prefix for IP Aliases, so you should assign the ::1 or another address from the /64.

This is not true for IPv6. There is nothing special about the prefix ID address like there is in IPv4. In IPv6 every address in the prefix is usable, including the all zeroes and all ones addresses.

Actions
Copy link
 #5

Updated by Danilo Zrenjanin 24 days ago

Tested against:

23.09.1-RELEASE (amd64)
built on Wed Dec 6 20:22:00 UTC 2023
FreeBSD 14.0-CURRENT

I can confirm that it is not possible to define a network address fd00::/64 in the IPv6 space for the VIP alias. An error message stating "The network address cannot be used for this VIP" is displayed.

However, it allowed me to save the VIP when I defined the same network address using 0 at the end.

Actions
Copy link

Also available in: Atom PDF