Bug #4429
closed
Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
0%
Description
In the last release 2.1.5, stateless address autoconfiguration (SLAAC) was working correctly. After updating to 2.2 my SLAAC clients make requests as usual but drop (or plumb or down) their IPv6 addresses as the wrong (or too few?) SLAAC packets are broadcast from pfSense. In the following packet analysis, 'cafe' is the Ubuntu 14.04 AMD64 desktop host making SLAAC client request to the router 'babe' running pfSense 2.2-RELEASE (amd64) on year 2014 PC Engines hardware:
cafe.ubuntu# tcpdump -i eth0 icmp6
13:33:02.048683 IP6 :: > ff02::1:ff5b:cafe: ICMP6, neighbor solicitation, who has fe80::ea11:32ff:fe5b:cafe, length 24
13:33:03.048724 IP6 fe80::ea11:32ff:fe5b:cafe > ip6-allrouters: ICMP6, router solicitation, length 16
13:33:03.497266 IP6 fe80::20d:b9ff:fe35:babe > ip6-allnodes: ICMP6, router advertisement, length 136
babe.pfsense# tcpdump -i re1 icmp6
13:33:02.053881 IP6 :: > ff02::1:ff5b:cafe: ICMP6, neighbor solicitation, who has fe80::ea11:32ff:fe5b:cafe, length 24
13:33:03.053981 IP6 fe80::ea11:32ff:fe5b:cafe > ff02::2: ICMP6, router solicitation, length 16
13:33:03.502143 IP6 fe80::20d:b9ff:fe35:babe > ff02::1: ICMP6, router advertisement, length 136
...it seems that packets are not being blocked by a firewall rule since I have a firewall rule on LAN to pass IPv6 liberally as well as:
<system>
<ipv6allow/>
</system>
I'm routing IPv6 over HE Tunnelbroker, have VLANs and am running Captive Portal (which crashes PFSense when I turn it off.)
When I select 'Status: System logs: Routing', I see in 'Routing daemon log entries':
radvd12345678: sendmsg: Permission denied
radvd12345678: sendmsg: Permission denied
radvd12345678: sendmsg: Permission denied
radvd12345678: sendmsg: Permission denied
...and I check that radvd(8) is running:
$ ps -a | grep 12345678
root 12345678 0.0 0.1 <somenum1> <somenum2> - S Thu08PM 0:48.60 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
...and see that the radvd(8) configuration is correct:
pfSense# cat /var/etc/radvd.conf- Automatically Generated, do not edit
- Generated for DHCPv6 Server lan
interface re1 {
AdvSendAdvert on;
MinRtrAdvInterval 5;
MaxRtrAdvInterval 20;
AdvLinkMTU 1500;
AdvDefaultPreference low;
prefix beef:dead:beef::/50 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
route ::/0 {
RemoveRoute on;
};
RDNSS cafe:babe:cafe:babe::9 { };
DNSSL host.tld { };
};
...and radvd.conf(5) has entries for opt[n] which are VLANs with identical configs just the prefix are different.
I've also tried setting the funky '<allowopts/>' Advanced features/Advanced Options/IP options on the LAN/Ipv6 firewall rule as well as adding a second LAN/Ipv6 rule specially for fe80:: 'Local link IPv6 -> any'.
QUESTION
What can I do to make SLAAC work correctly as it did in pfSense 2.1.5?
Updated by 
Updated by