Project

General

Profile

Actions

Bug #4935

closed

WAN 6rd without border relay IP creates invalid ruleset

Added by Mark Lavrijsen about 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Category:
Interfaces
Target version:
Start date:
08/14/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

When enabling 6rd on WAN interface(have static ipv4 address configured - not sure if it matters), it does not work and also throws a syntax error.
( 6RD Configuration section left default/empty and on 0 bits)

Error shown in system log and notice bar:

hp-fpm[19632]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:161: syntax error - The line in question reads [161]: pass in on $WAN proto 41 from to any tracker 1000001601 label "Allow 6in4 traffic in for 6rd on WAN" 

The specific rules in de /tmp/rules.debug:
# allow our proto 41 traffic from the 6RD border relay in
pass in  on $WAN proto 41 from  to any tracker 1000001601 label "Allow 6in4 traffic in for 6rd on WAN" 
pass out  on $WAN proto 41 from any to  tracker 1000001602 label "Allow 6in4 traffic out for 6rd on WAN" 

Actions #1

Updated by Mark Lavrijsen about 6 years ago

Seems like 6rd can not work with a static ipv4 address.

Was assuming that ipv6 and ipv4 were separate things, but in case of 6rd it needs ipv4 DHCP options(as was stated by my ISP --> just enable 6rd, and it should automatically work. This is not the case).

It works now using manual 6rd Configuration(and on LAN "IPv6 Configuration Type" Track Interface).

So sorry, my lack of knowledge on how 6rd exactly works was the problem.

So this "bug" can be closed. A "nice to have" would be to check if the IPv4 address is a static one, and then forcing manual configuration for 6rd, so that no syntax error is thrown.

Actions #2

Updated by Chris Buechler about 6 years ago

  • Subject changed from enable WAN 6rd tunnel: syntax error to WAN 6rd without border relay IP creates invalid ruleset
  • Category changed from DHCP (IPv6) to Interfaces
  • Status changed from New to Confirmed
  • Assignee set to Chris Buechler
  • Target version set to 2.2.5
  • Affected Version changed from 2.2.4 to All
  • Affected Architecture All added
  • Affected Architecture deleted (amd64)

There is a legit issue there, but not with static IP WAN. That's what happens if you don't fill in a border relay IP, which is required for 6rd to function. What I just committed prevents that circumstance from creating an invalid ruleset. Leaving at confirmed to fix input validation too.

Actions #3

Updated by Chris Buechler about 6 years ago

  • Status changed from Confirmed to Feedback

fixed input validation in 2.3

Actions #4

Updated by Chris Buechler almost 6 years ago

  • Status changed from Feedback to Resolved

fixed. 2.2.5 prevents an invalid ruleset, 2.3 and newer input validation prevents omitting IP from 6rd interface config.

Actions

Also available in: Atom PDF