From nobody Thu Nov 24 15:27:18 2022 X-Original-To: freebsd-ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NJ21q0fwKz4hRW7; Thu, 24 Nov 2022 15:27:59 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp6.goneo.de (smtp6.goneo.de [85.220.129.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4NJ21p08mqz3DFx; Thu, 24 Nov 2022 15:27:57 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=iXDOiYBw; spf=none (mx1.freebsd.org: domain of freebsd@walstatt-de.de has no SPF policy when checking 85.220.129.31) smtp.mailfrom=freebsd@walstatt-de.de; dmarc=none Received: from hub2.goneo.de (hub2.goneo.de [IPv6:2001:1640:5::8:53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by smtp6.goneo.de (Postfix) with ESMTPS id 2948A10A1E8B; Thu, 24 Nov 2022 16:27:50 +0100 (CET) Received: from hub2.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPS id 1F14510A32E6; Thu, 24 Nov 2022 16:27:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1669303666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sPXM4gKm/FYHGKyHAOW6l000qy1eq783fpFsHpobhW0=; b=iXDOiYBwPpBgg/fw8Uw0L79f1uF6LeGdZ4UUb02IzbiOCYm4BLE3bU27JRPey/5L0JZ8l4 mOgMvYntE4L1dacdIkYjA5dIr27Z5X2MO3E62YHsyJtkRKcrhHoUMhUDIpNrhQ/ZmYXS/l EFymi5XwmLulSlefpH0S7rYNXg25Dfe0KJ6dNWmGewjdvQRxVmupjzSxhB4twgPHspYs2s KtkJUKYw8KNTRaihELtb43T5Jwadh2s8Z8ctsHKyLl/NbO1in8ET7eWdAbTVQqlmPUzSaN YUVHakqVCwpmJ1p3DyVGYKp0JuAJ8vvChllGrxZziGWoS88uOmPobMP7zgqUtw== Received: from thor.intern.walstatt.dynvpn.de (dynamic-078-055-015-201.78.55.pool.telefonica.de [78.55.15.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPSA id D929C10A32E4; Thu, 24 Nov 2022 16:27:45 +0100 (CET) Date: Thu, 24 Nov 2022 16:27:18 +0100 From: FreeBSD User To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: NPTv6: prefix doesn't change in IPFW when prefix changes on dynamic interface Message-ID: <20221124162745.7589cf29@thor.intern.walstatt.dynvpn.de> Organization: walstatt-de.de List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-UID: ac8012 X-Rspamd-UID: fa7015 X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-ipfw@freebsd.org,freebsd-net@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; DKIM_TRACE(0.00)[walstatt-de.de:+]; HAS_ORG_HEADER(0.00)[]; ASN(0.00)[asn:25394, ipnet:85.220.128.0/17, country:DE]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; TO_DN_NONE(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4NJ21p08mqz3DFx X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Hello, running a small routing/firewall applicance based on 13-STABLE and IPFW, I face a problem with NPTv6. The external IPv6 is changing dynamically. While ipfw in-kernel NAT catch up with dynamical changes of the IPv4, NPTv6 doesn't seem so. I'm neither an expert in networking nor IPFW. After a couple of days tun0 (the exterior PPP interface, uplink connection managed via mpd5) has a lot of IPV6 addresses, all but one are marked "deprecated". When restarting every 24 hours mpd5, only one official IPv6 address/prefix is assigned to tun0 (I'm neglecting the ULA and link-local, they are allways present). Since a couple of weeks for now, restarting mpd5 results in a crash of FreeBSD 13-STABLE, so my ISP is changing the IPv6 and this results in the "deprecated" prefixes. I was wondering if the IPFW NPTv6 facility isn't getting automatically the new, non-deprecated prefix or do I have to trigger this by restart ipfw as well? In case nor mpd5 is restarted or the exterior interface is assigned with several IPv6 addresses of which all but one are marked deprecated, pinging the outside world via IPv6 will take the wrong IPv6 - IPFW doesn't seem to catch up with the changes. How to fix this? Thank yo very much in advance, O. Hartmann -- O. Hartmann