FreeBSD does not reply to IPv6 Neighbor Solicitations

Mon Jan 4 16:27:40 UTC 2021

On Mon, 4 Jan 2021 11:33:49 +0700, Victor Sudakov <vas at sibptus.ru> wrote:

> Michael Sierchio wrote:
>> On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov <vas at sibptus.ru> wrote:
>> 
>>>> Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
>>>> Neighbor Solicitations from the router?
>>> 
>>> Any ideas please?
>>> 
>>> 
>> Are you permitting the required udp and icmp?  These could be tighter, but
>> 
>> ################################################################################
>> 
>> # dhcp / bootp
>> 
>> $FW add 00128 allow udp from any 67,68,546,547 to any 67,68,546,547
> 
> There is no firewall on the FreeBSD host in question. There is no need,
> the host is on the LAN of a Mikrotik router.
> 
>> 
>> The method I have found to be reliable is to use dhcp6c, which requires the
>> pkg 'dhcp6'
> 
> Why? On the host in question, I have a statically configured global IPv6
> address, and auto_linklocal enabled on all interfaces:
> 
> $ ifconfig re1
> re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
>        ether c4:12:f5:33:c9:7c
>        inet 192.168.170.5/24 broadcast 192.168.170.255
>        inet6 fe80::c612:f5ff:fe33:c97c%re1/64 scopeid 0x2
>        inet6 2001:470:ecba:3::5/64
>        media: Ethernet autoselect (1000baseT <full-duplex>)
>        status: active
>        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

I notice your nd6 options do not include ACCEPT_RTADV.  Perhaps this is a reason why your interface is ignoring routing messages?  My interface ifconfig shows "nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>"

I also use a statically-defined[*] IPv6 address, but include "accept_rtadv" in the interface definition in /etc/rc.conf.  Furthermore, I also set rtsold_enable="YES" to send router solicitation messages on the interface.

Cheers,

Paul.

[*] As well as a static IPv6 address I also enable SLAAC to get autoconfigured and privacy addresses on the interface.