Bug #2833
closedAdd a knob to prefer IPv4 over IPv6 for rare situations that require it
100%
Description
We should have a knob somewhere to let users prefer IPv4 over IPv6 in case they have broken IPv6 routing and need to get out (e.g. to fetch packages, firmware updates, etc.)
We can use ip6addrctl for this, and borrow code from its rc.d script in FreeBSD.
[2.1-BETA1][root@pfsense-amd64.localdomain]/root(20): telnet www.pfsense.org 80 Trying 2605:8000:d:1::167... Connected to www.pfsense.org. Escape character is '^]'. ^] telnet> close Connection closed. [2.1-BETA1][root@pfsense-amd64.localdomain]/root(21): env ip6addrctl_enable="yes" ip6addrctl_policy="prefer_ipv4" /etc/rc.d/ip6addrctl start [2.1-BETA1][root@pfsense-amd64.localdomain]/root(22): telnet www.pfsense.org 80 Trying 69.64.6.21... Connected to www.pfsense.org. Escape character is '^]'. ^] telnet> close Connection closed.
Related FreeBSD Code: https://github.com/freebsd/freebsd/blob/master/etc/rc.d/ip6addrctl#L27
Updated by Criggie . over 11 years ago
Agreed - I've had situations where DNS returns a v6 IP, v6 connectivity isn't working, so checking for updates fails as does anything like package reinstalling. Currently seeing this on 2.1rc1. Realistically we're going to be stuck with dual stack for 20 years, so it doesn't matter if the content arrives via v4 or v6, as long as it arrives.
Updated by Grischa Zengel over 11 years ago
On my pfsense ipv6 is disabled (but pfsense didn't disable and only hide v6).
Since my ISP enabled v6 on my subnet pfsense couldn't update any more. Perhaps some ipv6 router advertisements (ICMP6) should be blocked too.
Updated by Renato Botelho about 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 77a341a458d604287f46180db1facbdb540cd139.
Updated by Jim Pingle about 11 years ago
- Status changed from Feedback to Resolved
This works as expected on 2.2.
With it unchecked, IPv6 is preferred. Check it and try again, it uses IPv4. Uncheck it and try once more, and IPv6 is preferred again.