Date: Sun, 2 Mar 2025 13:23:16 +0100 From: A FreeBSD User <freebsd@walstatt-de.de> To: freebsd-net@freebsd.org Subject: mpd5: How to prevent tun0 getting multiple valid IPv6 addresses? Message-ID: <20250302132343.6b50b4aa@thor.sb211.local>
next in thread | raw e-mail | index | archive | help
--Sig_/wlFL+a6x+jKm./=7MbYiA7n Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello, Router/Firewall host is running FreeBSD 14-STABLE: FreeBSD 14.2-STABLE #20 n270632-859aa726fb86: Fri Feb 28 19:38:05 CET 2025 I'm using mpd5(8) to connect to our ISP via vDSL. Utilizing an appropriate = "link-up.sh" script, which effectively does - restart rtsol on tun0 (rtsol tun0 &) - restart dhcp6c (service dhcp6 restrt) - doing some logging - performing some DDNS adjustments with the appropriate provider mpd5 is configured to obtain IPv4 and IPv6 via ipcp, ipv6cp. While IPv4 has never been a problem, it seems that IPv6 is stuck with SLAAC= (I never managed to obtain an IPv6 via DHCP (dhcp6c(8) from ports), always EUI64, privacy mo= de set). Restarting mpd5 provides only ONE valid IPv6 address on tun0. When ISP is resetting the address assignment usually after 24 hours for bot= h IPv4 and IPv6, I end up very often having at least two or even more, still valid IPv6 addres= ses (meaning: none of the former assigned IPv6 addresses is marked deprecated or invalid). Thi= s renders DDNS useless, since I have no plan how to figure out the valid address. This problem occured recently, I do not know what causes it, I guess it cam= e with a recent STABLE upgrade.=20 How can mpd5 be forced to deprecate an address before obtaining a new one? = How to finde out which of the assigned IPv6 addresses is the "old" one and mark it deprecate= d? I run a simple script searching for "tentative, deprecate and so on" addresses to leave th= e good one(s) when providing my DDNS provider with the mutually correct IPv6 address of mine. Utilising link-down.sh of mpd5(8) seems a good place to eradicate IPv6 addr= esses (by filtering out fe80:: or mutually assigned ULA, leaving the valid IPv6 for deletion), = but this seems non-conformal to me. A bug or a "feature"? Thanks in advance, Oliver --=20 A FreeBSD user --Sig_/wlFL+a6x+jKm./=7MbYiA7n Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCZ8RNzwAKCRCxzvs8Oqok r0TIAQDoAOSnSnM7L+J/j2gdNLe4lj2KzRjj3ZQ4fKVza9aBzAEAsBGc0bbjg3Kn 1X9dQfHDTefmw8diFkJT7NNULw3c2A8= =rKab -----END PGP SIGNATURE----- --Sig_/wlFL+a6x+jKm./=7MbYiA7n--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20250302132343.6b50b4aa>