Bug #6011
openIPv6 link local fails HTTP REFERER check
0%
Description
On default configured pfSense, the LAN interface has the following IPv6 set by default: fe80::1:1
Trying to login over https://[fe80::1:1]/
results in the error 'An HTTP_REFERER was detected other than what is defined in System'.
This is due the following taking place.
1) auth.inc line 208 - get_configured_ipv6_addresses() is called;
2) util.inc line 1436 - get_configured_ipv6_addresses() body - it walks each interface in search of the configured IPv6;
3) util.inc line 1442 - get_interface_ipv6($int) is called. in this case the value $int should be correct and equal to 'lan';
4) interfaces.inc line 5375 - get_interface_ipv6(...) body - it will return 'null' because the only IP that is set is the link local and 'lan' doesn't not include '_lloc' magic prefix;
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an empty array
6) auth.inc line 209 - obviously the foreach won't be executed at all
While on diag_command.php page if I run:echo get_interface_linklocal('lan');
It returns fe80::1:1%em1
.
Fixing this bug will be somewhat tricky.
My personal trick is changing things to:function get_configured_ipv6_addresses($linklocal_fallback = false)
function get_interface_ipv6($interface = "wan", $flush = false, $linklocal_fallback = false)
And change some code to cope with the modifications.
I'll submit a PR shortly and decision to merge (or improve) will be left at discretion.
Regards,
Jorge M. Oliveira