From owner-freebsd-questions@freebsd.org Fri Jul 10 21:07:25 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D58B373A86 for ; Fri, 10 Jul 2020 21:07:25 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B3Qbc52FLz3gKt for ; Fri, 10 Jul 2020 21:07:24 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x732.google.com with SMTP id b185so6684556qkg.1 for ; Fri, 10 Jul 2020 14:07:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=FZzK09zPFbJ2Y9lftZNl7o/OhV3NZGnNYka4TnsXXcU=; b=aNOyqcDGDIoRcyLZGNcK8m7A8hvDtTM9/k7jKBrC8GWWt0QTPDlbxMp3Yq4tEVUsAk L3Whvf9A856bVVVnxS1SPk8Uf1p80WwOE93vCXX8+xbEX+NDaLfpjWbblZHAz5PcEAO3 tl+YcHt4PGP758JupqkwoH/SDOn5t2YloBpQ2WvALm241brvSd09jvjBM/fbhkQDazFO hMlAmjmhkqotArOlHXbOVprchRJLPFVmRuoEh8dBRUslpzQnq1/LOtUByPGE+kr5nzVJ r6XqTHaaMQK1OvF/RXPMhczW5e/ohhVxRDvQmMvNsX2RyJnu/Wgn3uj0tZ+Xjp+e9IEI 38rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=FZzK09zPFbJ2Y9lftZNl7o/OhV3NZGnNYka4TnsXXcU=; b=FRvEhSI2BU46vIFkqHlkKbX7/N7lR5MLhtHRfDFv0pERqim9NqGNRKvt+hj6cxPZQH lvxVaWEkCsLylmS7afnCZCLHf+Jj9sjrKlSw5cXHfFNPhlEvW6n8bkim6a+vgvwF63Bx tHuos6LpNNisvOSj/l6TkHm5ywK+MBD3ZKhMPtnqFE9RGiYMMLdjQVYfkP/DfVRSoM2Y FRbp7b03ApYenPmjxxt4yDpzxQa3ZEAwhcUFiotEimroCf6AMeo/K9ECJCiqiUH9fw+/ uSDONqyNJw0wv2wE3wjjf1wQ167pcJ44Tx4r/qLuf1BePNfbCN/0WnsCuZZEUVkpgpsc tjaQ== X-Gm-Message-State: AOAM532ZvieuwDkWGSD1BLEqveYAqhexmzEmTWmh1JuHFphjKG/PuEi3 FC9luaUkTv23XvP9MW9QnHs= X-Google-Smtp-Source: ABdhPJx1HEEV2OvmW7QBwrnAwBo56fBHaNjROuPx6mY3DC17cTIzpTblPmgi/RiPoifWdTSgvMDj8A== X-Received: by 2002:a37:9a96:: with SMTP id c144mr69833013qke.207.1594415243710; Fri, 10 Jul 2020 14:07:23 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id n28sm9465959qtf.8.2020.07.10.14.07.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 10 Jul 2020 14:07:23 -0700 (PDT) Message-ID: <5F08D889.8080708@gmail.com> Date: Fri, 10 Jul 2020 17:07:21 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Jon Radel CC: freebsd-questions@freebsd.org, david Mehler Subject: Re: trouble setting up ipv6 References: <5F088CAE.2090400@gmail.com> <5F08A3BA.8060401@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4B3Qbc52FLz3gKt X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=aNOyqcDG; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::732 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-3.65 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.67)[-0.674]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.978]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::732:from]; FREEMAIL_CC(0.00)[freebsd.org,gmail.com]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2020 21:07:25 -0000 Jon Radel wrote: > On 7/10/20 13:22, Ernie Luzar wrote: snip >> > Notable largely for the complete lack of a default route. > > Consider setting your gateway explicitly instead of depending on router > advertisements: > > ipv6_defaultrouter="2600:3c02::dead:dead:dead:beef" Put this ipv6_defaultrouter= in rc.conf? > > or whatever that address is. Otherwise you'll need to figure out what's > broken with router advertisements on your network. My quick read of > your ipf.rules file leads me to believe that you're allowing icmp6 > router advertisements in Let me put into my own words what I think your are saying. 1. That the standard inbound icmpv6 routeradvert is suppose to auto populate the host internal ipv6 default router ipv6 address. 2. That the inbound icmpv6 routeradvert my host is receiving from my ISP is incomplete or being incorrectly populated by my ISP. 3. There are also icmp6 neighborsolicit in bound packets that are not being passed by the same rule that passes the inbound icmpv6 routeradvert packets but get blocked by the default block all rule. I am thinking this is a un-reported bug in ipfilter. > >> # pass in ipv6 pings. no ipv6 with keep state option allowed >> pass in log quick proto icmp6 all > Are you logging advertisements based on that? If you don't see them, > you probably need to figure out what's up with your gateway device. Yes I see router advertisements logged in the ipf.log file. fe80::1 -> ff02::1 PR icmpv6 len 40 104 icmpv6 routeradvert/0 IN multicast Get this log line 2222 times per minute I also see the blocked inbound icmpv6 neighborsolicit packets that get logged by the default block all rule for inbound traffic. > > As a quick check, you can also override the routing table with the -g > option to ping6. The ipv6 address auto assigned to the vtnet0 is what is considered as the default route. Am I understanding this correctly?