Disable accepting RA advertisements on an interface

dtoubelis · Mar 10, 2017, 1:00 AM

I'm trying to migrate my configuration from ageing Juniper SSG-20 to pfSense 2.3.3 and I'm having some troubles with setting up IPv6. Here is my current understanding of the problem:

My provider is Teksavvy (Canada) and they provide me with /64 and /56 subnets (non-overlaping) over DSL/PPPoE.
Their setup is that after PPPoE connection is established they start sending RA packets for /64 subnet and I need to use DHCP6-PD if I want my /56 block.
The problem is that the interface is picking up an address from /64 network via radv and by the time I sent my DHCP6-PD request the interface already has address and it cannot assign it a new one from /56 range.
The way I worked around this problem with Juniper is that they have option to disable accepting router advertisements on the interface and only use DHCP6C.

So, my question is if there is a way to do disable accepting radv for an interface in pfSense?

luckman212 · Mar 10, 2017, 5:04 PM

Have you already tried ticking the "Do not wait for a RA" option?

If that doesn't work, and you are comfortable at the console, you can try editing /etc/inc/interfaces.inc

Look around line ~4140 for a line that reads /* accept router advertisements for this interface */

then find the "mwexec" line and change it from

mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv");

to

mwexec("/sbin/ifconfig {$wanif} inet6 -accept_rtadv");

Save and reboot, see if that works…..

Guest · Mar 10, 2017, 2:21 PM

@luckman212:

If that doesn't work, and you are comfortable at the console, you can try editing /etc/inc/interfaces.inc

Look around line ~4140 for a line that reads /* accept router advertisements for this interface */

then find the "mwexec" line and change it from
mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv");
to
mwexec("/sbin/ifconfig {$wanif} inet6 -accept_rtadv");
Save and reboot, see if that works…..

That will break a lot of things. If you stop it accepting RA's in non dhcp6 before RA mode then it will never launch dhcp6c, if you do it in the dhcp6 before RA mode then it will never launch the WAN IPv6 update script. Either way it will not work at all.

luckman212 · Mar 10, 2017, 2:32 PM

Hmm :-\ So do you know of any way to achieve what the OP is asking for?

Guest · Mar 10, 2017, 4:52 PM

@luckman212:

Hmm :-\ So do you know of any way to achieve what the OP is asking for?

There is no way to achieve the same thing as he could do with the old router without modifications to pfSense. Both the current modes of dhcp6c operation require an RA to either instigate or complete the process.

It may be though that just seleting dhcp6 before RA option will do the job, as dhcp6c will have already obtained the PD when the RA comes back.

dtoubelis · Mar 12, 2017, 3:27 AM

Thanks for all replies! I contacted my service provider and they suggested a workaround that actually worked :) The /64 network that they provide apparently has some issues and they suggested to ditch it and just get /128 address from the dynamic pool. After that reconfiguration I do not receive RA from them any longer and the rest of configuration worked like a champ.

Thanks again for your input.