Project

General

Profile

Bug #9837

ipv6 is not completely disabled on the interfaces

Added by Viktor Gurov 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
10/20/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:

Description

When IPv6 Configuration Type is None on Interfaces configuration page, IPv6 link-local addresses still uses
You can see OSPFv3 hello packets, can use ipv6 from these interfaces,
or, if rules like "IPv4+IPv6" used, can connect to services

to completely disable IPv6 on interfaces, option ifdisabled must be used, i.e. "ifconfig vtnet0 inet6 ifdisabled"
from ifconfig (8):

ifdisabled
         Set a flag    to disable all of IPv6 network communications on the
         specified interface.  Note    that if    there are already configured
         IPv6 addresses on that interface, all of them are marked as
         "tentative" and DAD will be performed when    this flag is cleared.

pfSense 2.5.0.a.20191018.2017

History

#1 Updated by Jim Pingle 3 months ago

  • Priority changed from Normal to Very Low

That seems like it would not be desirable to set by default. There are people who want to run with linklocal addresses only in certain scenarios. It could maybe be an extra option.

#2 Updated by Manuel Piovan 3 months ago

be careful
https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=freebsd-release-ports#end
BUGS
Basic IPv6 node operation requires a link-local address on each interface
configured for IPv6. Normally, such an address is automatically config-
ured by the kernel on each interface added to the system or enabled; this
behavior may be disabled by setting per-interface flag -auto_linklocal.
The default value of this flag is 1 and can be disabled by using the
sysctl MIB variable net.inet6.ip6.auto_linklocal.

Do    not configure IPv6 addresses with no link-local    address    by using
ifconfig. It can result in unexpected behaviors of the kernel.

#3 Updated by Viktor Gurov 3 months ago

Manuel Piovan wrote:

Do not configure IPv6 addresses with no link-local address by using
ifconfig. It can result in unexpected behaviors of the kernel.

ifdisabled option do not remove link-local addresses, but only mark them as "tentative"
like:

        inet6 fe80::eea:fdff:fe32:b203%vtnet3 prefixlen 64 tentative scopeid 0x 
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Also available in: Atom PDF