pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106)

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Fri, 02 Apr 2021 23:49:05 GMT

yaleman — Fri, 02 Apr 2021 23:49:05 GMT

@fabrizior I didn’t know it was a thing :) Thanks for the information.

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Fri, 02 Apr 2021 14:52:23 GMT

fabrizior — Fri, 02 Apr 2021 14:52:23 GMT

Thanks for the details!

A question though: is there a reason not to use the System_Patches package to make these kinds of enhancements in releases prior to those containing the new code revisions/commits?

Seems a lot easier than managing this stuff manually to me.

e.g

Make a backup of /etc/inc/services.inc
Review the diff for the actual source commit and copy the URL for the "unified diff" link at the bottom of the page
Install the System_Patches package
Add a Patch (System > Patches; Add New Patch)
Description: RADVD set AdvRDNSSLifetime. Fixes #11105
URL/Commit ID: https://redmine.pfsense.org/projects/pfsense/repository/revisions/54b3109f0b1978e22866117b6d93715eb8d78c29/diff?format=diff
Click Save
Click "Fetch" for the newly added patch entry and wait for it to update.
Click "Test" and review output
Click "Apply"
Restart the RADVD service
Verify with a grep for "AdvRDNSSLifetime" in /var/etc/radvd.conf - one entry per interface

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Tue, 30 Mar 2021 13:31:22 GMT

yaleman — Tue, 30 Mar 2021 13:31:22 GMT

I posted a hacky fix for this here on my blog, looks like the fix might be in production in 2.5.1? You can edit the PHP that generates radvd.conf so normal service restarts won't break the file - PHP's running as root so you can't stop it writing over it.

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 03 Dec 2020 14:53:09 GMT

csmith — Thu, 03 Dec 2020 14:53:09 GMT

@JKnott It still seems to be overwritten - I did a "chmod 444 /var/etc/radvd.conf", and the permissions seem to have stuck ("-r--r--r--"), but the contents of the file have reverted to the defaults after restarting the service.

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 03 Dec 2020 13:40:13 GMT

JKnott — Thu, 03 Dec 2020 13:40:13 GMT

@csmith

What happens if you make it read only, after you make the change?

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 03 Dec 2020 12:41:09 GMT

csmith — Thu, 03 Dec 2020 12:41:09 GMT

How can I make changes to the "radvd.conf" to work around this?

I've tried editing the file, but it appears that every time the service is restarted via the pfSense GUI, the file is regenerated and my changes are lost.

I've tried searching for a way to restart the service via the CLI but to no avail.

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 26 Nov 2020 11:47:24 GMT

csmith — Thu, 26 Nov 2020 11:47:24 GMT

Thanks for confirming, and opening the bug!

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 26 Nov 2020 06:11:24 GMT

viktor_g — Thu, 26 Nov 2020 06:11:24 GMT

https://redmine.pfsense.org/issues/11105

Reply to pfSense IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) on Thu, 26 Nov 2020 00:48:02 GMT

Napsterbater — Thu, 26 Nov 2020 00:48:02 GMT

I am seeing this as well.

The radvd.conf is getting generated without AdvRDNSSLifetime defined, which from what I can find SHOULD default to 2*MaxRtrAdvInterval from what I am reading but it seems it is using just the MaxRtrAdvInterval.

Adding AdvRDNSSLifetime {3*MaxRtrAdvInterval} to the config should fix it, and not require waiting for radvd to be fixed.

Making this,

	RDNSS 2001:470:****:1::3 2001:470:****:2::8 { };

into this.

	RDNSS 2001:470:****:1::3 2001:470:****:2::8 {
	AdvRDNSSLifetime 3060 
	};