Project

General

Profile

Bug #2833

Add a knob to prefer IPv4 over IPv6 for rare situations that require it

Added by Jim Pingle over 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Routing
Target version:
Start date:
02/21/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1-IPv6
Affected Architecture:

Description

We should have a knob somewhere to let users prefer IPv4 over IPv6 in case they have broken IPv6 routing and need to get out (e.g. to fetch packages, firmware updates, etc.)

We can use ip6addrctl for this, and borrow code from its rc.d script in FreeBSD.

[2.1-BETA1][root@pfsense-amd64.localdomain]/root(20): telnet www.pfsense.org 80
Trying 2605:8000:d:1::167...
Connected to www.pfsense.org.
Escape character is '^]'.
^]
telnet> close
Connection closed.
[2.1-BETA1][root@pfsense-amd64.localdomain]/root(21): env ip6addrctl_enable="yes" ip6addrctl_policy="prefer_ipv4" /etc/rc.d/ip6addrctl start
[2.1-BETA1][root@pfsense-amd64.localdomain]/root(22): telnet www.pfsense.org 80
Trying 69.64.6.21...
Connected to www.pfsense.org.
Escape character is '^]'.
^]
telnet> close
Connection closed.

Related FreeBSD Code: https://github.com/freebsd/freebsd/blob/master/etc/rc.d/ip6addrctl#L27

Associated revisions

Revision 77a341a4 (diff)
Added by Renato Botelho over 6 years ago

Add a knob to prefer IPv4 over IPv6, it fixes #2833

History

#1 Updated by Craig Falconer almost 7 years ago

Agreed - I've had situations where DNS returns a v6 IP, v6 connectivity isn't working, so checking for updates fails as does anything like package reinstalling. Currently seeing this on 2.1rc1. Realistically we're going to be stuck with dual stack for 20 years, so it doesn't matter if the content arrives via v4 or v6, as long as it arrives.

#2 Updated by Grischa Zengel almost 7 years ago

On my pfsense ipv6 is disabled (but pfsense didn't disable and only hide v6).
Since my ISP enabled v6 on my subnet pfsense couldn't update any more. Perhaps some ipv6 router advertisements (ICMP6) should be blocked too.

#3 Updated by Renato Botelho over 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle over 6 years ago

  • Status changed from Feedback to Resolved

This works as expected on 2.2.

With it unchecked, IPv6 is preferred. Check it and try again, it uses IPv4. Uncheck it and try once more, and IPv6 is preferred again.

Also available in: Atom PDF