RADVD timer issues

JonathanLee

Hello fellow netgate community members can you please help? How can I fix the timer issue there is no GUI option for this timer and we cant manually adapt the file ...

Jul 9 12:34:37	radvd	49592	warning: AdvDNSSLLifetime <= 2*MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Jul 9 12:34:37	radvd	49592	warning: (/var/etc/radvd.conf:62) AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Jul 9 12:34:37	radvd	49592	warning: AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Jul 9 12:34:37	radvd	49592	warning: AdvDNSSLLifetime <= 2*MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Jul 9 12:34:37	radvd	49592	warning: (/var/etc/radvd.conf:29) AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Jul 9 12:34:37	radvd	49592	warning: AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster

patient0

@JonathanLee what pfSense version are you using? I mean to remember that this was an issue a quite while back.

Checking with 2.8.0, if I for example set MaxRtrAdvInterval to 900 then AdvDNSSLLifetime is automagically set to 3*MaxRtrAdvInterval = 2700:

[2.8.0-RELEASE][root@pfSense.home.arpa]/root: cat /var/etc/radvd.conf 
# Automatically Generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface em1 {
        ...
        MinRtrAdvInterval 300;
        MaxRtrAdvInterval 900;
       ...
        DNSSL home.arpa {
                AdvDNSSLLifetime 2700;
        };
};

JonathanLee

@patient0 This is on 23.05.01 is there a work around to fix this?

patient0

@JonathanLee

This is on 23.05.01 is there a work around to fix this?

I can't remember right now, you would have to look through the available system patches.
Maybe I'll remember in a bit.

JonathanLee

@patient0 I have all the patches installed for them on 23.05.01. Thanks for your help, I still have this issue with the patches

patient0

@JonathanLee said in RADVD timer issues:

I have all the patches installed for them on 23.05.01. Thanks for your help, I still have this issue with the patches

It's only a warning. Of course you can try lower the MaxRtrAdvInterval value. If the default value for AdvDNSSLLifetime is also 1800 for that version of radvd, then try setting MaxRtrAdvInterval to a value < 1800/2.

I don't have a 23.05 running, @stephenw10 has probably a way better brain then me and can rember the fix. Maybe a commit one can reference for a patch.

JonathanLee

@patient0

Screenshot 2025-07-09 at 14.14.11.png

It is set to 600,,

JonathanLee

@patient0 Thanks

	Description	Fetch	Apply	Revert	View	Debug	Auto Apply	Actions
 	NTP Auth patch A Redmine #8794							 
 	NTP View AUTH patch A Redmine #8794							 
 	Memory boot error Redmine #14011							 
 	Option to configure a custom value for the PHP memory limit Redmine #13377							 
 	OS Boot Log timestamp typo #15106							 
 	NTP GUI FIX							 
 	NTP GUI 3							 
 	AES-GCM						


Workaround for Terrapin SSH Attack (After applying the patch, reboot or restart the SSH daemon, FreeBSD-SA-23:19.openssh, Terrapin Attack)				
Fix CRL generation for intermediate certificate authorities (Save/Apply services using CRLs with intermediate CAs (or reboot) and export new copies of affected CRLs as needed, Redmine #9889)				
Fix Static ARP entries not being configured at boot (Redmine #14374)				
Fix log rotation not active when configuration contains an empty syslog section (Redmine #14517)				
Fix per-log settings for file size and retenation count not being respected (Redmine #14545)				
Fix Firewall rule bulk copy function not respecting Convert interface definitions option (Redmine #14576)				
Fix Captive Portal link to view custom HTML not working (Redmine #14598)				
Fix DHCPv6 Prefix Delegation not installing routes (Requires manual "pkg install dhcpleases6", Redmine #14502)				
Fix OpenVPN selecting wrong interface address when VIPs are present (Redmine #14646)				
Fix Unicast CARP reverting to multicast when adding IP alias using this CARP VIP as parent (Redmine #14586)				
Fix Potential XSS via PPP Provider Selection (Redmine #14547)				
Fix Potential XSS via Dynamic Filter Logs (Redmine #14548)				
Fix potential arbitrary command execution in GIF/GRE interface management (Redmine #14549)				
Fix potential arbitrary command execution in Packet Capture (Redmine #14809)				
Fix IPsec restart in CARP event not triggering properly (Redmine #14738)				
Fix OpenVPN resync potentially acting on unrelated interfaces (Redmine #14781)				
Fix PHP Error viewing traffic graphs in iftop mode (Redmine #14500)				
Fix PHP Error with one.com Dynamic DNS Provider (Redmine #14649)				
Fix list of Dynamic DNS Providers with split host and domain name parts missing several providers (Redmine #14783)				
Fix PHP error in status_ipsec.php after removing an active tunnel (Redmine #14525)				
Fix Captive Portal incorrectly allowing creation of voucher rolls with leading zeroes (Edit and save affected rolls after applying patch to correct the roll configuration, Redmine #14325)				
Fix PHP Error in CSRF with invalid time value (Redmine #14394)				
Fix copying a user group does not work for first entry in list (Redmine #14695)				
Fix crash dumps not being recovered properly on systems with multiple swap partitions (e.g. ZFS mirrored disks) (Redmine #14767)				
Fix GUI TCP port not being updated when left blank (Redmine #14820)				
Fix update check in GUI not honoring proxy settings (Redmine #14609)				
Add Intel Speed Shift options (Redmine #14047)				
Add option to invalidate GUI login sessions if client IP address changes (Redmine #14265)				
Fix ctype_xdigit result is invalid for values <= 255 (Redmine #14702)

This is the stuff I have applied
@stephenw10 can you please help direct me to what patch id I am missing?

JonathanLee

Maybe I can apply this

https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/54b3109f0b1978e22866117b6d93715eb8d78c29

https://forum.netgate.com/topic/164399/do-the-default-ra-s-need-tweaking/23

patient0

@JonathanLee said in RADVD timer issues:

Maybe I can apply this

Looking at the patch and a current /etc/inc/services.inc on 2.8.0 I would say there is a good change that this fixes it. It does make sure that MaxRtrAdvInterval is 3*MaxRtrAdvInterval and with that the warning condition should not be met.

JonathanLee

@patient0 it wont work with 23.05.01 for me

patient0

@JonathanLee said in RADVD timer issues:

it wont work with 23.05.01 for me

Oh, bummer. Does the patch apply at all?

Btw: what is the actual content of the radvd.conf file, is MaxRtrAdvInterval set at all?

Edit: the oldest ZFS snapshot I have on that pfSense+ VM is 23.09.1 and there it seems to be fixed already. Any change you can upgrade to that at all?

JonathanLee

@patient0 it is not listed inside that file it is missing it, the patch fails for me

Gertjan

@JonathanLee said in RADVD timer issues:

the patch fails for me

As the other thread, that patch (link shown above) was based against 'a 4 years old pfSense version' like (can't remember) : 2.3.x ?
Your /etc/inc/services.inc is many generation older or .... more recent.

JonathanLee

@Gertjan plus I have that authenticated ntp patch on that file also