IPv6 rtprefix not adding routes for FreeBSD

[freedave]

My firewall is running FreeBSD 14.1 and has the following configured for /etc/rtadvd.conf:

gw0:\

lan0:\
    :rtprefix="fdc5:972:cd8b::":rtplen#48:\
    :rdnss="fdc5:972:cd8b:2::1":\
    :dnssl="lan.XXX.net,wifi.XXX.net,XXX.net":
wifi0:\
    :rtprefix="fdc5:972:cd8b::":rtplen#48:\
    :rdnss="fdc5:972:cd8b:3::1":\
    :dnssl="wifi.XXX.net,lan.XXX.net,XXX.net":

And rtadvd(8) is enabled in /etc/rc.conf with:

rtadvd_enable="YES"
rtadvd_interfaces="gw0 lan0 wifi0"

Now on my macos laptop I get my GUA from gw0, my ULA from wifi0 and most importantly it gets the route for my entire ULA: fdc5:972:cd8b::/48 as seen with netstat -rn | grep fdc:

fdc5:972:cd8b::/48                      fe80::5a9c:fcff:fe10:ff97%en0           UGc                   en0
fdc5:972:cd8b:3::/64                    link#11                                 UC                    en0
fdc5:972:cd8b:3::1                      58:9c:fc:10:ff:97                       UHLWIi                en0
fdc5:972:cd8b:3:8b3:b824:822:4e49       80:54:e3:84:c7:99                       UHLWI                 en0
fdc5:972:cd8b:3:14d0:c95e:402:2158      8a:11:81:52:64:be                       UHL                   lo0

That is perfect. But on the workstation which is also running FreeBSD 14.1 I get GUA and ULA but it does not set the route, running netstat -rn | grep fdc here only results in:

fdc5:972:cd8b:2::/64              link#4                        U          lan0
fdc5:972:cd8b:2:1cf3:8eff:fefe:aeaf link#2                      UHS         lo0

No amount of invoking rtsold lan0 will pick it up either.

To be completely sure, I also have an adapter for my macos notebook and verified that plugged into the local area network it still gets this routet. I even rebooted the notebook with WiFi off to make sure I did not have stale config from the WiFi.

The interface on the FreeBSD workstation is configured with just 3 lines in /etc/rc.conf with:

ifconfig_re0_name="lan0"
ifconfig_lan0="SYNCDHCP"
ifconfig_lan0_ipv6="inet6 accept_rtadv"

I can work around this by adding:

# should not be necessary (macos picks up route)
ipv6_static_routes="ula"
ipv6_route_ula="fdc5:972:cd8b::/48 fdc5:972:cd8b:2::1"

Once that is in place notebook and workstation can ping(8) each other using ULA and have connectivity.
Is there a sysctl(8) or other config that prevents FreeBSD from accepting additional routes or is this missing functionality? rtadvd(8) is definitely sending the information. I would like routes to be managed on the firewall not each individual host.

 

[freedave]

While I am may have missed something, looking at nd6_ra_input in sys/netinet6/nd6_rtr.c and not finding any struct nd_opt_route_info I am pretty sure it is just not implemented.

That function also has a TODO for managed flag not being implemented and my plan was for my local area network to use DHCP6 for its ULA addresses.

 

[Sebastian]

I think you want to make some reservations if you want to use ULA and dhcpv6 ? If not , you could advertise the ULA via RA

 

[freedave]

I'm actually not quite to the part where I need to set up DHCP6 server. The ULA is advertised along with the GUA using rtadvd(8) from the firewall and initially I'm content to let them configure addresses with SLAAC. Actually the WiFi will stay SLAAC so Android devices get IPv6. That is the whole reason I want to have routes distributed: so I can split WiFi and local area network and configure differently.

But I am happy to report this does work on FreeBSD, just not with rtsold(8), the in-kernel accept_rtadv, or indeed using /etc/rc.conf to configure the interface.

What does work is using net/dhcpcd to configure the interface. In fact this will also do the IPv4 DHCP for you instead of using dhclient(8).

Just in case anybody else is interested in automatically configuring routes via RA, I'll post the config you need in addition to having something advertise the routes. You can see how advertising routes is done in my initial post.

Remove the interface from /etc/rc.conf:

# you can still rename an interface which I like. This means config, like dhcpcd.conf,
# is identical even when systems have different network interface names.
# But this does require you alter /usr/local/etc/rc.d/dhcpcd to REQUIRE netif.
ifconfig_re0_name="lan0"

Now configure /usr/local/etc/dhcpcd.conf:

# This is all the default up to slaac hwaddr
duid
persistent
vendorclassid
option domain_name_servers, domain_name, domain_search
option classless_static_routes
option interface_mtu
option rapid_commit

# This is where I change things, I prefer this to `slaac private` since I can
# easily take my MAC and generate the EUI-64 address to put the ULA in DNS.
# Once I have DHCP6 for ULA I will probably use `slaac private` for the GUA.
slaac hwaddr
# Turn things off by default, probably not needed
noipv6rs
nodhcp
nodhcp6
allowinterfaces lan0

# And this is what now has my interface pick up an IPv4 via DHCP and any
# IPv6 addresses AND routes from RAs it sees.
interface lan0
  ipv4
  ipv6
  ipv6rs
  dhcp
  ia_na 0

The very last line is for DHCP6 if we get a RA with the managed flag. I haven't set that up (yet) but you can still have it in your config.

Now, with no static routes set up in /etc/rc.conf this works (the /48 I advertise is shown):

# 
netstat -rn | grep fdc
fdc5:972:cd8b::/48                fe80::5a9c:fcff:fe00:2138%lan0 UG            lan0
fdc5:972:cd8b:2::/64              link#4                        U              lan0
fdc5:972:cd8b:2:1cf3:8eff:fefe:aeaf link#2                      UHS             lo0