Date: Mon, 17 Mar 2025 11:04:17 +0100 From: A FreeBSD User <freebsd@walstatt-de.de> To: freebsd-net@freebsd.org Subject: mpd5: tun0 always get IPv6 address via SLAAC although not configured Message-ID: <20250317110444.2d1e4c28@thor.sb211.local>
next in thread | raw e-mail | index | archive | help
--Sig_/Um/mr5y7Pnp=oIDtNpq+mB=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Hello,
I'm playing around with a useful setup of a small router/firewall appliance=
based on FreeBSD
14-STABLE and ipfw.
My/our ISP provides (alleged) ::/56 prefixes. The hardware used has several=
Intel i210 based
NICs, on of them is facing towards the ISP as usual with a cloned pseudo de=
vice called "tun0"
(in fact a renamed ng0 device).
The ISP is changing both IPv4 and IPv6 addresses after a 24h period!
Obtaining a ::/56 prefix and delegating the proper network prefixes to thei=
r NICs works with
port net/dhcp6 and FreeBSD's board tool rtadvd(8). The setup is textbook li=
ke and straight
forward.
All inward facing NICs do have the same prefix, a individual 8-bit network =
portion and a
(sadly not further controllable) 64bit SLAAC host address.
Problem: I never managed to obtain the ::/56 prefix on tun0! When using "rt=
sol -i tun0" within
the link-up.sh script of mpd5, the ISP facing tun0 interface _always_ is co=
nfigured via SLAAC
(DHCPv6 on tun0 seems not to work in my case) and its prefix is ALWAYS diff=
erent fron that
obtained later via net/dhcp6 and delegated via rtadvd. This causes some tro=
uble identifying my
router for ssh access from the outside world utilizing DDNS.
Well, some internet HowTo's suggest not to provide tun0/ISP facing NIC with=
any address
(except IPv4 address, which is done by default via mpd5). So I declared one=
of the inner NICs
as the interface for remote access. But there seems an oddity:=20
no matter what I configure for mpd5, tun0 ALWAYS obtains a SLAAC IPv6 and a=
fter several days
there are several valid (temporary) IPv6 addresses, none of them is marked =
"detached" or
"deprecated".=20
How to make mpd5 to suppress obtaining any IPv6 address?
And: why isn't the IPv6 address deprecated?
In my first attempts configuring the tun0 interface, I used rtsol(8) for ob=
taining an IPv6
address which worked very quickly (and provided this address to my DDNS pro=
vider). In roughly 6
out of 10 cases the old IPv6 address is marked deprecated/detached. But in =
4 out of 10 cases,
the outward facing tun0 has at least two valid adresses of which one is not=
valid anymore from
the perspective of my ISP!
mpd5's link-up script is simply configuring tun0 with:
/sbin/ifconfig ${wan_if} inet6 auto_linklocal -ifdisabled accept_rtadv -no=
_radr up
(and if desired having SLAAC IPv6 addr on tun0:=20
/sbin/rtsol ${wan_if} &
but this is ommited right now).
lin-down.sh does nothing.
Why is deprecating former addresses not working in all cases? Is it a featu=
re that tun0
magically obtains an IPv6 address via SLAAC on mpd5? How to suppress SLAAC =
on mpd5?
Sorry for possible confusions, I'm new to IPv6 and would appreciate any hin=
ts and tipps.
Kind regards and thanks in advance,
Oliver
=09
--=20
A FreeBSD user
--Sig_/Um/mr5y7Pnp=oIDtNpq+mB=
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCZ9fzvAAKCRCxzvs8Oqok
r+BuAQC6/pGous97C1nD09LDKIa3M7XsRRoWInp7J6QtCOBf1wD+JGIWmS5aNIa5
U7v6t+40we9cZN1FAHiNiOgqdCLiLwc=
=0TgZ
-----END PGP SIGNATURE-----
--Sig_/Um/mr5y7Pnp=oIDtNpq+mB=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20250317110444.2d1e4c28>