From owner-freebsd-bugs@FreeBSD.ORG Thu Apr 16 22:46:31 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F3304BAE for ; Thu, 16 Apr 2015 22:46:31 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF7E1222 for ; Thu, 16 Apr 2015 22:46:31 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3GMkVHJ005665 for ; Thu, 16 Apr 2015 22:46:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199489] NAT with IPv6 and PF round robins between external address and link-local address Date: Thu, 16 Apr 2015 22:46:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd@monkeyspunk.net X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2015 22:46:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199489 Bug ID: 199489 Summary: NAT with IPv6 and PF round robins between external address and link-local address Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd@monkeyspunk.net Using NAT with IPv6 round robins each tcp session between link-local and the actual external IP. My setup is using openconnect attached to tun1 to allow my local private network access over the VPN to our data centers. From the remote side I am getting both and IPv4 and an IPv6 address (single address in both instances). So in order for my local network to communicate with the remote side I have to NAT everything to the address that tun1 gets assigned. What I am observing is that every other connection using IPv6 and NAT works. The ones that work end up using the public IPv6 IP address. The ones that don't end up with a NAT of the link-local address. The pf.conf rule that is triggering this behavior is: nat on tun1 inet6 from fc00::c0a8:fa00/120 to any -> (tun1) The expected behavior would be to ignore the link-local address. Or better yet have (tun1:0) reference the routable IP and not link-local. I have found a reference in the email lists to this problem with a possible patch: http://lists.freebsd.org/pipermail/freebsd-pf/2014-September/007441.html -- You are receiving this mail because: You are the assignee for the bug.