Bug #9837
openipv6 is not completely disabled on the interfaces
0%
Description
When IPv6 Configuration Type is None on Interfaces configuration page, IPv6 link-local addresses still uses
You can see OSPFv3 hello packets, can use ipv6 from these interfaces,
or, if rules like "IPv4+IPv6" used, can connect to services
to completely disable IPv6 on interfaces, option ifdisabled must be used, i.e. "ifconfig vtnet0 inet6 ifdisabled"
from ifconfig (8):
ifdisabled Set a flag to disable all of IPv6 network communications on the specified interface. Note that if there are already configured IPv6 addresses on that interface, all of them are marked as "tentative" and DAD will be performed when this flag is cleared.
pfSense 2.5.0.a.20191018.2017
Updated by Jim Pingle about 5 years ago
- Priority changed from Normal to Very Low
That seems like it would not be desirable to set by default. There are people who want to run with linklocal addresses only in certain scenarios. It could maybe be an extra option.
Updated by Manuel Piovan about 5 years ago
be careful
https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=freebsd-release-ports#end
BUGS
Basic IPv6 node operation requires a link-local address on each interface
configured for IPv6. Normally, such an address is automatically config-
ured by the kernel on each interface added to the system or enabled; this
behavior may be disabled by setting per-interface flag -auto_linklocal.
The default value of this flag is 1 and can be disabled by using the
sysctl MIB variable net.inet6.ip6.auto_linklocal.
Do not configure IPv6 addresses with no link-local address by using
ifconfig. It can result in unexpected behaviors of the kernel.
Updated by Viktor Gurov about 5 years ago
Manuel Piovan wrote:
Do not configure IPv6 addresses with no link-local address by using
ifconfig. It can result in unexpected behaviors of the kernel.
ifdisabled option do not remove link-local addresses, but only mark them as "tentative"
like:
inet6 fe80::eea:fdff:fe32:b203%vtnet3 prefixlen 64 tentative scopeid 0x nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>