Bug #4483
closed
SLAAC and stateful DHCP6 IPs are configured on interface when using DHCP6 config type
100%
Description
If I set my WAN IPv6 configuration type to DHCP6 and leave 'Request only a IPv6 prefix' unchecked I end up with two public v6 IPs on WAN interface:
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=60009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:aa:bb:cc:dd:ee
inet6 fe80::2aa:bbff:fecc:ddee%vmx0 prefixlen 64 scopeid 0x1
inet 111.222.132.250 netmask 0xfffffc00 broadcast 111.222.135.255
inet6 xxxx:yyy:zzzz:4fa0:2aa:bbff:fecc:ddee prefixlen 64 autoconf
inet6 xxxx:yyy:zzzz:4fa0::48 prefixlen 128
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
xxxx:yyy:zzzz:4fa0::48 is assigned by DHCP server
xxxx:yyy:zzzz:4fa0:2aa:bbff:fecc:ddee is auto-configured. pfSense WAN is connected to modem that sends out RA messages.
This happens because function interface_dhcpv6_configure is called for slaac and dhcp6 configurations and enables RA acceptance regardless of the config type.
If I check 'Request only a IPv6 prefix' flag so that pfSense doesn't request stateful address from DHCP server I end up with SLAAC IP only. However Interfaces widget on the dashboard shows link-local address instead of SLAAC address and firewall rules that use 'WAN net' or 'WAN address' use link-local address as well. Looking at the code I see that get_interface_ipv6 function assumes that there is no public IP if 'dhcp6prefixonly' flag is set.
Updated by 
Updated by 
Updated by Anonymous