From nobody Sun Mar 2 12:23:16 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z5Lj04zZsz5pDcr for ; Sun, 02 Mar 2025 12:24:04 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp6.goneo.de (smtp6.goneo.de [IPv6:2001:1640:5::8:31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z5Lhz1bB7z3lQg for ; Sun, 02 Mar 2025 12:24:03 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=MTUjLraD; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@walstatt-de.de designates 2001:1640:5::8:31 as permitted sender) smtp.mailfrom=freebsd@walstatt-de.de Received: from hub1.goneo.de (hub1.goneo.de [IPv6:2001:1640:5::8:52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp6.goneo.de (Postfix) with ESMTPS id 07DC1240ED0 for ; Sun, 2 Mar 2025 13:23:54 +0100 (CET) Received: from hub1.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPS id 5D95A2405BA for ; Sun, 2 Mar 2025 13:23:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1740918232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=AZ/rCUYNaP+thD77otBxjMmdgM5beb/ZbWovGtFR0Tw=; b=MTUjLraD+b5HGMR3fwmNqvfLtb9VOtsfrxqzzcPmZoI7O/TFyh7uhdbF9Nai+rHuZ2DTMd 2AyNB5DyiOsnuLVomRNa+zzuZC1h28iziQRHgHELn+kLVtUjBiP/97mhZ/WtloZf2MYIp/ VnsY435yK6KN3p0jXg6dVB6OJZG3NZtYAr8cSO3ONKw09TjP1MxHqF6Av8v4nze6eqY9ag a8Xw+Mfuoh/AmkBFm2gl/bIEfDdaijZTofHxN8EdDBhhR05pX27GPs8UUNi5/AvpEMtxSh x/yHBf+yw69UI3j0or0paykaIIPnL7DPnD2ZqfknstiZlt4AQYDzJCCE269Bbg== Received: from thor.sb211.local (dynamic-2a02-3100-1d37-9e02-24aa-1ba3-8e77-5280.310.pool.telefonica.de [IPv6:2a02:3100:1d37:9e02:24aa:1ba3:8e77:5280]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPSA id 26D88240563 for ; Sun, 2 Mar 2025 13:23:52 +0100 (CET) Date: Sun, 2 Mar 2025 13:23:16 +0100 From: A FreeBSD User To: freebsd-net@freebsd.org Subject: mpd5: How to prevent tun0 getting multiple valid IPv6 addresses? Message-ID: <20250302132343.6b50b4aa@thor.sb211.local> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/wlFL+a6x+jKm./=7MbYiA7n"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Rspamd-UID: 0a0fe2 X-Rspamd-UID: ca9f78 X-Spamd-Result: default: False [-2.61 / 15.00]; SIGNED_PGP(-2.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-0.99)[-0.990]; NEURAL_HAM_SHORT(-0.68)[-0.683]; NEURAL_SPAM_MEDIUM(0.66)[0.659]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2001:1640:5::8:0/112]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:25394, ipnet:2001:1640::/32, country:DE]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MISSING_XM_UA(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; RCVD_COUNT_THREE(0.00)[3]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[walstatt-de.de:+] X-Rspamd-Queue-Id: 4Z5Lhz1bB7z3lQg X-Spamd-Bar: -- --Sig_/wlFL+a6x+jKm./=7MbYiA7n Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello, Router/Firewall host is running FreeBSD 14-STABLE: FreeBSD 14.2-STABLE #20 n270632-859aa726fb86: Fri Feb 28 19:38:05 CET 2025 I'm using mpd5(8) to connect to our ISP via vDSL. Utilizing an appropriate = "link-up.sh" script, which effectively does - restart rtsol on tun0 (rtsol tun0 &) - restart dhcp6c (service dhcp6 restrt) - doing some logging - performing some DDNS adjustments with the appropriate provider mpd5 is configured to obtain IPv4 and IPv6 via ipcp, ipv6cp. While IPv4 has never been a problem, it seems that IPv6 is stuck with SLAAC= (I never managed to obtain an IPv6 via DHCP (dhcp6c(8) from ports), always EUI64, privacy mo= de set). Restarting mpd5 provides only ONE valid IPv6 address on tun0. When ISP is resetting the address assignment usually after 24 hours for bot= h IPv4 and IPv6, I end up very often having at least two or even more, still valid IPv6 addres= ses (meaning: none of the former assigned IPv6 addresses is marked deprecated or invalid). Thi= s renders DDNS useless, since I have no plan how to figure out the valid address. This problem occured recently, I do not know what causes it, I guess it cam= e with a recent STABLE upgrade.=20 How can mpd5 be forced to deprecate an address before obtaining a new one? = How to finde out which of the assigned IPv6 addresses is the "old" one and mark it deprecate= d? I run a simple script searching for "tentative, deprecate and so on" addresses to leave th= e good one(s) when providing my DDNS provider with the mutually correct IPv6 address of mine. Utilising link-down.sh of mpd5(8) seems a good place to eradicate IPv6 addr= esses (by filtering out fe80:: or mutually assigned ULA, leaving the valid IPv6 for deletion), = but this seems non-conformal to me. A bug or a "feature"? Thanks in advance, Oliver --=20 A FreeBSD user --Sig_/wlFL+a6x+jKm./=7MbYiA7n Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCZ8RNzwAKCRCxzvs8Oqok r0TIAQDoAOSnSnM7L+J/j2gdNLe4lj2KzRjj3ZQ4fKVza9aBzAEAsBGc0bbjg3Kn 1X9dQfHDTefmw8diFkJT7NNULw3c2A8= =rKab -----END PGP SIGNATURE----- --Sig_/wlFL+a6x+jKm./=7MbYiA7n--