Project

General

Profile

Actions

Feature #2361

closed

router adv. daemon only allows for one subnet / limited options

Added by Johannes Ullrich over 12 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
DHCP (IPv6)
Target version:
-
Start date:
04/08/2012
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

The router adv. daemon configuration probably deserves its own page, instead of tugging it under dhcpv6.

For example, in order to advertise multiple subnets, or DNS servers in addition to the default subnet.
(I am used DHCP Server as a category for now. please fix if there is a better spot)

Actions #1

Updated by Chris Buechler over 12 years ago

  • Target version deleted (8)
Actions #2

Updated by Seth Mos over 12 years ago

  • Assignee set to Darren Embry

We probably want to split them off and keep them tied together.

What Jim and I agreed upon was tabs per interface, like we have now, and add subtabs for DHCPv6 and RA settings.

Some people want different DNS and search domain boxes for RA compared to the DHCPv6 server settings. Don't ask me why.

- So the top of the DHCPv6 settings page is for RA, which can go into their own tab.
- Add fields there for DNS servers and Searchdomain, just like on the DHCPv6 page. Save those into $_POST['rasomething'].
- We want a checkbox that says "Use same settings as DHCPv6 server" that duplicates the values.
- We'll extend the services_radvd_configure() for these settings.
- Menu Item should be Renamed DHCPv6 / RA

Hope this is clear enough

Actions #3

Updated by Darren Embry over 12 years ago

  • Status changed from New to Feedback
  • Assignee changed from Darren Embry to Seth Mos
  • % Done changed from 0 to 100

implemented, please do further testing.

f347547 split dhcpv6 server and ra #2361
1c8dbfb remove the RA stuff from services_dhcpv6 for #2361
93458cb rename menu item for #2361

Actions #4

Updated by Darren Embry over 12 years ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Seth Mos to Darren Embry
  • % Done changed from 100 to 60

oh wait, i forgot to add fields for dns, searchdomain, use same settings to the RA tab.

Actions #5

Updated by Darren Embry over 12 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 60 to 100
Actions #6

Updated by Darren Embry over 12 years ago

here are the new fields:

<radomainsearchlist>google.com</radomainsearchlist>
<radnsserver>dead::</radnsserver>
<radnsserver>beef::</radnsserver>
<rasamednsasdhcp6/>                 <!-- presence means use same as dhcp6 -->
Actions #7

Updated by Johannes Ullrich over 12 years ago

looking good so far. Only thing missing is the ability to set subnets for the RA. Right now, it does only advertise the subnet the router's interface is assigned to. But with IPv6, you may have a global and a UL address. (e.g. 2001:db8::/64 and fd00:db8::/64). Also, it shouldn't be required for the router to have a globally routable address.

thanks.

Actions #8

Updated by Darren Embry over 12 years ago

just added subnets and support for aliases.

Actions #9

Updated by Darren Embry over 12 years ago

and forgot to commit that work until just now

Actions #11

Updated by Johannes Ullrich over 12 years ago

user interface to add subnets looks great. But settings are not reflected in /var/etc/radvd.conf . Should the be? will experiment a bit more.

Small user interface nitpick (feel free to ignore): One issue I find throughout pfsense's IPv6 settings is that all subnet masks are listed in numeric order. It would make sense to first list the most common once, then all of them in numeric order. So the list would go something like:

32 - 42 - 56 - 64 - 128 ... then 1-2-3-4-5-6-7-...

It may be worthwhile to have a common list that is included in all pages offering a drop down for IPv6 subnets, instead of each page coding its own.

Actions #12

Updated by Darren Embry over 12 years ago

Sorry, forgot about the bit that actually modifies /var/etc/radvd.conf. The bit that modifies /cf/conf/config.xml is done though. :-)

Actions #13

Updated by Darren Embry over 12 years ago

Regarding the "common list" you mentioned, there seem to be quite a few minor variations of it but yeah I find that those bits are hardcoded in so many places annoying as well.

Actions #14

Updated by Seth Mos over 12 years ago

  • Target version set to 2.2

Johannes, am I correct in understanding that you want to announce multiple prefixes with multiple settings? e.g. different DNS and searchdomain for each prefix?

That would be a very different case and increase the scope significantly.

I'm going to push this off for 2.2, I've looked at the services_radvd_configure() that needs some significant refactoring to accomodate and we just want to get 2.1 out soon.

This also opens up a can of worms for foot shooting, there are also considerable real issues with clients picking the wrong source addres. FC00:: and FD00:: are considered global addresses these days which can cause significant broken issues. The current radvd can already advertise fc00 or fd00 if the interface is configured for that.

If you have 2 different global prefixes on a single host it can not follow the routing table either because egress filtering by the ISP will drop the traffic.

We'll revert part of the multiple subnet support and put this back into the tree for 2.2 when we have more time to consider all corner cases.

Actions #15

Updated by Darren Embry over 12 years ago

  • Assignee changed from Darren Embry to Seth Mos
Actions #16

Updated by Johannes Ullrich about 12 years ago

sorry for not responding earlier (haven't had a lot of time to experiment with pfsense). Just to push back a bit here: This is exactly what I am looking for: A ULA and GLA for each host, to use the GLA for outbound communications, and the ULA for internal communications. That is exactly what RFC 5220 and 4291 cover, and hosts will deal ok with it. Most of the issues I had with source address selection these days is related to the GLA not comming up before certain daemons start. But beyond that, the RFC 3484 "longest matching" rule should deal with this just fine, and does in my experiments so far.

Another option would be using RA for the GLA and DHCP for the ULA, but that appears to have some other issues right now (not sure what. still debugging and may not be a pfsense issue).

Actions #17

Updated by Chris Buechler about 10 years ago

  • Category changed from DHCP (IPv4) to DHCP (IPv6)
  • Assignee deleted (Seth Mos)
  • Target version changed from 2.2 to 2.3
Actions #18

Updated by Jim Thompson almost 10 years ago

  • Assignee set to Renato Botelho
Actions #19

Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved
  • Target version deleted (2.3)

This was implemented quite some time ago in 2.2.

Actions

Also available in: Atom PDF