Bug #9710
closed
IPv6 RA: prefix option does not contain router address in spite of "R" flag being set
Added by Tim Wolter about 5 years ago.
Updated about 4 years ago.
Category:
IPv6 Router Advertisements (radvd/rtsold)
Affected Version:
2.4.4-p3
Description
When setting router mode to "unmanaged" and not specifying any prefix, pfSense does not send the advertising interface's address in the RA's prefix option even though the "R" flag is being set. Instead it only announces the prefix, with all host bits set to zero. This is in violation of RFC 6275, which states on page 65 regarding the "R" flag: "When set, indicates that the Prefix field contains a complete IP address assigned to the sending router."
The cause of the issue seems to be /var/etc/radvd.conf, which contains the improper configuration of said RA messages.
Files
I also found that 'AdvRouterAddr on' is used everywhere in radvd.conf, but this is incorrect (radvd.conf(5)):
When set, indicates that the address of interface is sent instead of network prefix, as is required by Mobile IPv6. When set, minimum limits specified by Mobile IPv6 are used for MinRtrAdvInterval and MaxRtrAdvInterval.
or is it some kind of workaround?
fix:
https://github.com/pfsense/pfsense/pull/4199
- Status changed from New to Pull Request Review
- Assignee set to Renato Botelho
- Target version set to 2.5.0
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
PR has been merged. Thanks!
Feedback: This has been implemented incorrectly.
Tested on:
2.5.0-DEVELOPMENT (amd64)
built on Thu Sep 10 13:02:00 EDT 2020
FreeBSD 12.2-PRERELEASE
This change in https://github.com/pfsense/pfsense/pull/4199 sets the 'AdvRouterAddr' on for unmanaged networks.
The 'AdvRouterAddr' flag should only be set if the router implements ipv6 mobility. As far as I can tell pfSense does not implement ipv6 mobility or if it does it provides no facility to configure it. If it did provide this facility it is not related to whether it is "Unmanaged" or any of the other radvd settings.
Correct implementation would have been to remove the 'AdvRouterAddr' and set the prefix to all zeros in the right portion.
i.e.
This is what is generated for the prefix:
prefix fd04:6ddc:fe8e:e010::1:1/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
This is what should have been generated:
prefix fd04:6ddc:fe8e:e010::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
I think this would be dependent on Feature 6827, Add Proxy Mobile IPv6 (PMIPv6)
- Status changed from Feedback to New
- Status changed from New to Pull Request Review
- Status changed from Pull Request Review to Feedback
PR has been merged. Thanks!
Feedback:
Tested on:
2.5.0-DEVELOPMENT (amd64)
built on Mon Sep 21 07:00:38 EDT 2020
FreeBSD 12.2-PRERELEASE
Results of radvd.conf are as expected now.
# Automatically Generated, do not edit
# Generated for DHCPv6 Server lan
interface hn1 {
AdvSendAdvert on;
MinRtrAdvInterval 5;
MaxRtrAdvInterval 20;
AdvLinkMTU 1500;
AdvDefaultPreference medium;
prefix fd04:6ddc:fe8e:e010::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
route ::/0 {
AdvRoutePreference medium;
RemoveRoute on;
};
RDNSS fd04:6ddc:fe8e:e010::1:1 { };
DNSSL localdomain { };
};
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by