FreeBSD does not reply to IPv6 Neighbor Solicitations

Michael Sierchio kudzu at tenebras.com
Mon Jan 4 03:42:03 UTC 2021


On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov <vas at sibptus.ru> wrote:

> > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > Neighbor Solicitations from the router?
>
> Any ideas please?
>
>
Are you permitting the required udp and icmp?  These could be tighter, but

################################################################################

# dhcp / bootp

$FW add 00128 allow udp from any 67,68,546,547 to any 67,68,546,547


################################################################################

# Neighbor Discovery Protocol

$FW add 00129 allow ipv6-icmp from any to any icmp6types 133,134,135,136,137



The method I have found to be reliable is to use dhcp6c, which requires the
pkg 'dhcp6'

So for a FreeBSD host in ec2, for example:

ifconfig_eth0="SYNCDHCP"

ipv6_activate_all_interfaces="YES"

ifconfig_eth0_ipv6="inet6 accept_rtadv up"

dhcp6c_enable="YES"

dhcp6c_interfaces="eth0"


and /usr/local/etc/dhcp6c.conf is simple


interface eth0 {

       send ia-na 1;

       send rapid-commit;

};


id-assoc na 1 {

};

For a more complicated example, I have a firewall that gets its addresses
from my cable company:

ipv6_gateway_enable="YES"

ipv6_activate_all_interfaces="YES"


rtadvd_enable="YES"

rtadvd_interfaces="eth1 eth2"


dhcp6c_enable="YES"

dhcp6c_interfaces="eth0"

ipv6_default_interface="eth1"



and


interface eth0 {

        send    ia-na 1;

        send    ia-pd 1;

        send    rapid-commit;

};


id-assoc pd 1 {

        prefix ::/64 1800;


        prefix-interface eth1 {

                sla-id 0;

                sla-len 0;

        };


        prefix-interface eth2 {

                sla-id 1;

                sla-len 0;

        };


};



id-assoc na 1 {  };




-- 

"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata


More information about the freebsd-questions mailing list