Bug #4935
closed
WAN 6rd without border relay IP creates invalid ruleset
Added by Mark Lavrijsen over 9 years ago.
Updated about 9 years ago.
Affected Architecture:
All
Description
When enabling 6rd on WAN interface(have static ipv4 address configured - not sure if it matters), it does not work and also throws a syntax error.
( 6RD Configuration section left default/empty and on 0 bits)
Error shown in system log and notice bar:
hp-fpm[19632]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:161: syntax error - The line in question reads [161]: pass in on $WAN proto 41 from to any tracker 1000001601 label "Allow 6in4 traffic in for 6rd on WAN"
The specific rules in de /tmp/rules.debug:
# allow our proto 41 traffic from the 6RD border relay in
pass in on $WAN proto 41 from to any tracker 1000001601 label "Allow 6in4 traffic in for 6rd on WAN"
pass out on $WAN proto 41 from any to tracker 1000001602 label "Allow 6in4 traffic out for 6rd on WAN"
Seems like 6rd can not work with a static ipv4 address.
Was assuming that ipv6 and ipv4 were separate things, but in case of 6rd it needs ipv4 DHCP options(as was stated by my ISP --> just enable 6rd, and it should automatically work. This is not the case).
It works now using manual 6rd Configuration(and on LAN "IPv6 Configuration Type" Track Interface).
So sorry, my lack of knowledge on how 6rd exactly works was the problem.
So this "bug" can be closed. A "nice to have" would be to check if the IPv4 address is a static one, and then forcing manual configuration for 6rd, so that no syntax error is thrown.
- Subject changed from enable WAN 6rd tunnel: syntax error to WAN 6rd without border relay IP creates invalid ruleset
- Category changed from DHCP (IPv6) to Interfaces
- Status changed from New to Confirmed
- Assignee set to Chris Buechler
- Target version set to 2.2.5
- Affected Version changed from 2.2.4 to All
- Affected Architecture All added
- Affected Architecture deleted (
amd64)
There is a legit issue there, but not with static IP WAN. That's what happens if you don't fill in a border relay IP, which is required for 6rd to function. What I just committed prevents that circumstance from creating an invalid ruleset. Leaving at confirmed to fix input validation too.
- Status changed from Confirmed to Feedback
fixed input validation in 2.3
- Status changed from Feedback to Resolved
fixed. 2.2.5 prevents an invalid ruleset, 2.3 and newer input validation prevents omitting IP from 6rd interface config.
Also available in: Atom
PDF
Updated by 
Updated by