IPv6 FE80 routing/forwarding issue

styxl

I have two devices attempting to communicate using fe80/10 addresses, both are on the same LAN and plugged in directly on the SG-3100 LAN ports, for some reason the pFsense device is unable to forward the packets between these two devices, my syslog logs are full of the errors below, no other device using fe80 is having this issue, is there a way i can stop logging these or maybe fix the forwarding/routing issue?

|-|-May 19 11:54:08 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:58 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:48 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:38 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:28 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:18 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:53:08 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:52:57 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:52:47 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:52:27 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:52:17 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1
May 19 11:51:26 kernel cannot forward from fe80:2::211:32ff:fe93:2f50 to fe80:2::1411:32ff:febc:4e44 nxt 58 received on mvneta1-|

Cornel

Interesting. I am trying to solve the same issue. I have found that in my case the addresses in the log entries originated from Chromebooks.

"cannot forward from fe80:10::840a:77ff:fe60:bf89 to fe80:10::9c84:20ff:febf:9d9c nxt 58 received on mvneta1.30"

It is clear that link local addresses should not be routed, so I understand the error. But how did these addresses end up on that interface.

Hope someone is able to help us out here.

ebcdic

@styxl Link local addresses are supposed to have the 54 bits after the 10 high bits of fe80 all zero.

I have an Android phone which tries to send packets out from fe80:z::aaaa:bbbb:cccc:dddd when its real address is fe80::aaaa:bbbb:cccc:dddd (z varies, it's always a single hex digit). In my case it's trying to send them outside, mostly to Google addresses. Are yours also Android or ChromeOS devices?

ebcdic

It appears that some IPv6 implementations internally use the third and fourth bytes of a link-local address to store the interface index (see e.g. https://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ipv6.html). Such addresses should never appear on the network. It may be a bug in the kernel or some program on the device.

styxl

@ebcdic my two devices are actually wifi AP's specifically Synology WiFi AP's linked in a Mesh, the vendor says i should turn off IPv6 if i dont want to see the messages...it does appear to be a bug