IPv6 gateway issues.

K

KernelPanic

As noted in a previous thread (http://forums.freebsd.org/showthread.php?t=39116) I have IPv6 working on a FreeBSD8.3 server using net/dhcp6.

Comcast will grant both a NA (Non-Temporary Address) and PD (Prefix Delegation) via DHCPv6. The NA is a /128 that I use on the front end of my gateway/firewall server and the PD is currently a /64 that I configured on my internal LAN interface of that server.

Unfortunately, I have discovered a problem trying to use that PD. If I try to enable the FreeBSD IPv6 gateway features I lose my inet6 default gateway on my gateway/firewall server. I can enable the forwarding manually after the fact using sysctl net.inet6.ip6.forwarding=1 but the next time I reboot or whenever FreeBSD tried to talk to the RA the value disappears.

All I've been able to find on the subject are some m0n0wall forms lamenting that there was a bug in FreeBSD6 that caused RAs to be ignored by the kernel and that it wouldn't be fixed until FreeBSD8.

Has anyone else run into this? Did you find a workaround for it?
 
My current workaround is to leave the IPv6 gateway feature enabled and to manually re-add the default gateway whenever it disappears. So far I've only had to do it once.
 
I've been able to find a different workaround of sorts. The /etc/rc.d/network_ipv6 script does the following if ipv6_router_enable="YES" is defined in /etc/rc.conf:
Code: 
${SYSCTL_W} net.inet6.ip6.forwarding=1
${SYSCTL_W} net.inet6.ip6.accept_rtadv=0

By running sysctl net.inet6.ip6.accept_rtadv=1 I have started receiving a default route again as confirmed via ndp -r.

I guess I may have to include a script to force net.inet6.ip6.accept_rtadv to be asserted again whenever dhcp6c is executed?

Another quirk I've noticed since changing net.inet6.ip6.accept_rtadv is that I get the following syslog event for my "LAN/backside" interface every 10 minutes or so:
Code: 
Apr 22 13:48:09 server kernel: in6_ifadd: 2601:7:XXXX:a4:2e0:29ff:fe4d:be04 is already configured

I suspect this may be due to running dhcp6c for the "WAN/front" of my gateway server, but running rtadvd to manage the IPv6 allocations for "LAN/backside"?
 
Are you sure you have completely distinct IPv6 addresses on each interface? Overlapping addresses will not work.
 
KernelPanic said:
I've been able to find a different workaround of sorts. The /etc/rc.d/network_ipv6 script does the following if ipv6_router_enable="YES" is defined in /etc/rc.conf:
Code: 
${SYSCTL_W} net.inet6.ip6.forwarding=1
${SYSCTL_W} net.inet6.ip6.accept_rtadv=0
Click to expand...
Don't put commands in /etc/rc.conf. The rc.conf file gets sources multiple times during boot and those commands will get executed multiple times. It's not designed to execute commands, it's designed to hold variables and nothing more. Use /etc/rc.local if you must execute some commands during boot.

Code: 
gateway_enable="YES"
ipv6_gateway_enable="YES"
Does exactly the same thing as setting the sysctl(8).

Can't find your interface but add something like this to rc.conf:
Code: 
ifconfig_re0_ipv6="inet6 accept_rtadv"
 
Sorry about the confusion, the sysctl variables were from /etc/rc.d/network_ipv6, not my /etc/rc.conf

Here is what the IPv6 section of my /etc/rc.conf looks like:
Code: 
ipv6_enable="YES"
# de0 = ISP, de1 = Internal LAN
ipv6_network_interfaces="de0 de1"

#External interface with ISP
dhcp6c_enable="YES"
dhcp6c_interfaces="de0"

# Listen for router advertisements on external interface:
ifconfig_de0_ipv6="inet6 accept_rtadv"

# Enable IPv6 gateway for LAN access
ipv6_gateway_enable="YES"

# Run my own RA on internal interface:
rtadvd_enable="YES"
rtadvd_interfaces="de1"

When I reboot my server with these settings I do not get a default route. Both ndp -r and netstat -rnf inet6 | grep default show nothing.

I suspect this is because ipv6_gateway_enable="YES" does the following during boot:
Code: 
Additional routing options:
 IP gateway=YES
.
net.inet6.ip6.forwarding: 
0
 -> 
1

net.inet6.ip6.accept_rtadv: 
0
 -> 
0

If I manually change net.inet6.ip6.accept_rtadv back to 1. ndp -r immediately shows the correct default gateway from the RA but netstat -rnf inet6 | grep default remains empty. I tried using ndp -H to synchronize the two but nothing happened.

The only fix I've found is to take the output from ndp -r and manually add the default gateway using route.
 
I hate bumping old posts but I ran into this exact issue and this is pretty high on Google's search results. zkaa71n's response is the correct one. ipv6_cpe_wanif fixed my issue with dhcp6c(8) and losing my default gateway.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top