ipv6 routing problems for clients behind freebsd router

[hrvxla]

I have a router configured as a v4 NAT gateway. All is working well. When I try and configure ipv6, I get a network for the clients from my provider but clients do not have an ipv6 default route installed.

I'm using dhcp6c, rtadvd, and rtsold and pf has a generic "pass in all on LAN" policy. Clients do get an ipv6 address in 2601:1000:1014:5:aaaa::/64 but, as stated above, no default route for ipv6.

Any help is appreciated greatly!

freebsd# uname -a
FreeBSD freebsd 12.2-STABLE FreeBSD 12.2-STABLE r369282 GENERIC  arm64

freebsd# egrep '(ipv6|dhcp6|rtsol|rtadv)' /etc/rc.conf
ipv6_gateway_enable="YES"
ipv6_cpe_wanif="ue1"
ifconfig_ue1_ipv6="inet6 accept_rtadv"
ifconfig_ue2_ipv6="inet6 auto_linklocal"
ipv6_activate_all_interfaces="YES"
ipv6_default_interface="ue2"
dhcp6c_enable="YES"
dhcp6c_interfaces="ue1"
dhcp6c_flags="-d -d -D -D"
rtadvd_enable="YES"
rtadvd_interfaces="ue2"
rtsold_enable="YES"

freebsd# cat /etc/rtadvd.conf
ue2:\
:prefixlen#64:rltime#0:

freebsd# cat /usr/local/etc/dhcp6c.conf
interface ue1 {
        send    ia-pd 0;
        send    ia-na 1;
        send    rapid-commit;
};
id-assoc pd 0 {
        prefix ::/64 infinity;
        prefix-interface ue2 {
                sla-id 0;
                sla-len 0;
        };
};
id-assoc na 1 {
};

WAN Interface
ue1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE>
    ether d8:eb:97:b8:7d:94
    inet6 fe80::aaaa:97ff:feb8:7d94%ue1 prefixlen 64 scopeid 0x4
    inet6 2601:1000:1014:0:aaaa:97ff:feb8:7d94 prefixlen 64 autoconf
    inet 10.14.132.3 netmask 0xfffffc00 broadcast 10.14.135.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

LAN Interface
ue2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE>
    ether d8:eb:97:b8:f3:8b
    inet 192.168.73.1 netmask 0xffffff00 broadcast 192.168.73.255
    inet6 fe80::aaaa:97ff:feb8:f38b%ue2 prefixlen 64 scopeid 0x5
    inet6 2601:1000:1014:5:aaaa:97ff:feb8:f38b prefixlen 64
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=63<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL,NO_RADR>

NDP table
freebsd# ndp -an
Neighbor                             Linklayer Address  Netif Expire    S Flags
fe80::7d:5978:2ea5:1c6%ue2           88:66:5a:0e:19:10    ue2 23h21m17s S
2601:1000:1014:5:aaaa:97ff:feb8:f38b aa:aa:97:b8:f3:8b    ue2 permanent R
fe80::aaaa:97ff:feb8:f38b%ue2        aa:aa:97:b8:f3:8b    ue2 permanent R
fe80::c6ad:34ff:fe00:7ca8%ue1        c4:ad:34:00:7c:a8    ue1 3s        R R
2601:1000:1014:0:aaaa:97ff:feb8:7d94 aa:aa:97:b8:7d:94    ue1 permanent R
fe80::aaaa:97ff:feb8:7d94%ue1        aa:aa:97:b8:7d:94    ue1 permanent R
fe80::ba27:ebff:fe71:ecd5%ue0        b8:27:eb:71:ec:d5    ue0 permanent R

 

[hrvxla]

A bit more info:
When I take a capture on ue2 and a client comes online, the freebsd machine is sending router advertisements to ff02::1 but those clients do not seem to install it in their routing table. Perhaps I'm incorrect in my understanding in how this works.

freebsd# tcpdump -nvvi ue2 icmp6
tcpdump: listening on ue2, link-type EN10MB (Ethernet), capture size 262144 bytes
[..]
13:55:37.311489 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff43:8336: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::1448:adbb:8343:8336
      unknown option (14), length 8 (1):
        0x0000:  39a5 a257 5197

13:55:37.313397 IP6 (flowlabel 0x60600, hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::1448:adbb:8343:8336 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8

13:55:38.771438 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::daeb:97ff:feb8:f38b > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
    hop limit 64, Flags [none], pref medium, router lifetime 0s, reachable time 0ms, retrans timer 0ms
      source link-address option (1), length 8 (1): d8:eb:97:b8:f3:8b
        0x0000:  d8eb 97b8 f38b
      prefix info option (3), length 32 (4): 2601:1000:1014:5::/64, Flags [onlink, auto], valid time 0s, pref. time 0s
        0x0000:  40c0 0000 0000 0000 0000 0000 0000 2601
        0x0010:  1000 1014 0005 0000 0000 0000 0000

13:55:39.119865 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1448:adbb:8343:8336 > ff02::1:ff65:fdc1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::1c2c:6340:4b65:fdc1
      source link-address option (1), length 8 (1): a0:4e:cf:e6:5c:50
        0x0000:  a04e cfe6 5c50

13:55:41.253109 IP6 (flowlabel 0x60600, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::1448:adbb:8343:8336 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
      source link-address option (1), length 8 (1): a0:4e:cf:e6:5c:50
        0x0000:  a04e cfe6 5c50

freebsd# rtadvd -fdDD
[...]
rtadvd 14667 - - <rtmsg_input> received a routing message (type = 14, len = 168)
rtadvd 14667 - - <rtmsg_input> route changed on non advertising interface(ue2)
rtadvd 14667 - - <main> there's no timer. waiting for inputs
rtadvd 14667 - - <rtadvd_input> enter
rtadvd 14667 - - <ra_input> RA received from fe80::c6ad:34ff:fe00:7ca8 on ue1
rtadvd 14667 - - <ra_input> received RA from fe80::c6ad:34ff:fe00:7ca8 on non-advertising interface(ue1)
rtadvd 14667 - - <main> there's no timer. waiting for inputs

 

[hrvxla]

I seem to have solved my issue by removing no_radr and accept_rtadv from my LAN interface.

I now see the default gateway installed on the client machine. However, I still can't get the freebsd machine to respond to icmp6 echo requests from the client.

listening on ue2, link-type EN10MB (Ethernet), capture size 262144 bytes
14:48:47.251459 IP6 2601:1000:1014:5:9c78:47f5:dd32:c893 > ff02::1:ffb8:f38b: ICMP6, neighbor solicitation, who has 2601:cb80:1014:5:daeb:97ff:feb8:f38b, length 32
14:48:48.819650 IP6 2601:1000:1014:5:9c78:47f5:dd32:c893 > ff02::1:ffb8:f38b: ICMP6, neighbor solicitation, who has 2601:cb80:1014:5:daeb:97ff:feb8:f38b, length 32