IPv6 RS with unspecified source address
-
2.1-BETA0 (i386)
built on Tue Sep 18 12:28:26 EDT 2012
FreeBSD 8.3-RELEASE-p4From what I can see, pfSense does not respond to Router Solicitation messages where the source address is unspecified.
The client I have tested with, then waits for 4 seconds before sending out a new RS message with the link-local address as source, to which pfSense responds to.The pfSense RA is set to "Unmanaged", normal "Router Priority" and no "RA Subnets".
Is this a known issue, limitation, or is it due to a wrong configuration on my side?
Thank you.
-
Hi,
I have checked the RFC (4861), and it clearly states that router solicitation messages can have undefined source address:Source Address
An IP address assigned to the sending interface, or
the unspecified address if no address is assigned
to the sending interface.I have tested several times, and pfSense does not reply with RA if the source address in the RS message is undefined.
I consider this to be a fault in the pfSense.
-
We currently use the radvd daemon for RA, so if there is a fault, it lies there.
Does anything show up under Status > System Logs on the Routing tab from radvd when it receives one of these packets?
-
No, there are no log entries due to these RS messages.
-
My bad!
I noticed an IPv6 rule that did not allow undefined address access to the fw.
After I explicitly created a rule for this case, pfSense responds with RA after the RS mentioned above.Sorry for the confusion.