Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Jan 2021 19:41:24 -0800
From:      Michael Sierchio <kudzu@tenebras.com>
To:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,  FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: FreeBSD does not reply to IPv6 Neighbor Solicitations
Message-ID:  <CAHu1Y73Q8zQX0hZEY6oKYmyE-%2B8roOie09V_W8mcDmSp==gyfw@mail.gmail.com>
In-Reply-To: <20210104023515.GB36180@admin.sibptus.ru>
References:  <20210102145727.GA62235@admin.sibptus.ru> <20210104023515.GB36180@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov <vas@sibptus.ru> wrote:

> > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > Neighbor Solicitations from the router?
>
> Any ideas please?
>
>
Are you permitting the required udp and icmp?  These could be tighter, but

###########################################################################=
#####

# dhcp / bootp

$FW add 00128 allow udp from any 67,68,546,547 to any 67,68,546,547


###########################################################################=
#####

# Neighbor Discovery Protocol

$FW add 00129 allow ipv6-icmp from any to any icmp6types 133,134,135,136,13=
7



The method I have found to be reliable is to use dhcp6c, which requires the
pkg 'dhcp6'

So for a FreeBSD host in ec2, for example:

ifconfig_eth0=3D"SYNCDHCP"

ipv6_activate_all_interfaces=3D"YES"

ifconfig_eth0_ipv6=3D"inet6 accept_rtadv up"

dhcp6c_enable=3D"YES"

dhcp6c_interfaces=3D"eth0"


and /usr/local/etc/dhcp6c.conf is simple


interface eth0 {

       send ia-na 1;

       send rapid-commit;

};


id-assoc na 1 {

};

For a more complicated example, I have a firewall that gets its addresses
from my cable company:

ipv6_gateway_enable=3D"YES"

ipv6_activate_all_interfaces=3D"YES"


rtadvd_enable=3D"YES"

rtadvd_interfaces=3D"eth1 eth2"


dhcp6c_enable=3D"YES"

dhcp6c_interfaces=3D"eth0"

ipv6_default_interface=3D"eth1"



and


interface eth0 {

        send    ia-na 1;

        send    ia-pd 1;

        send    rapid-commit;

};


id-assoc pd 1 {

        prefix ::/64 1800;


        prefix-interface eth1 {

                sla-id 0;

                sla-len 0;

        };


        prefix-interface eth2 {

                sla-id 1;

                sla-len 0;

        };


};



id-assoc na 1 {  };




--=20

"Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is =
no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mah=C4=81bh=C4=81rata

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73Q8zQX0hZEY6oKYmyE-%2B8roOie09V_W8mcDmSp==gyfw>