Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 link-local next-hop

    IPv6
    5
    12
    5302
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dietervh
      last edited by

      All,

      we suffer from an known (?) limitation in PFsense (snapshot : 2.1-BETA1 (amd64) built on Tue Feb 12 10:20:45 EST 2013)

      When trying to define a next-hop on a particular interface (via System -> Routing), we receive following error message :

      The gateway address FE80:6F8:xxxx::6 does not lie within the chosen interface's subnet '2001:6f8:xxxx::/64'.

      When adding this gateway (and route) via the CLI, it works like a charm. I presume there is something wrong with the input validation in the GUI?

      Any feedback?

      Thanks in advance,
      Dieter

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        yeah validation is too tight there.
        http://redmine.pfsense.org/issues/2841

        1 Reply Last reply Reply Quote 0
        • D
          dietervh
          last edited by

          Hi cmb,

          thanks for your reply. I presume this will be an easy fix…

          Regards,
          Dieter

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            hm, actually that's not really the issue. The input validation allows adding a gateway IP on fe80::/10. Is this something you can replicate with the latest version, and if so, how? I just added an fe80 gateway with no problem.

            1 Reply Last reply Reply Quote 0
            • M
              McGlenn
              last edited by

              I have the same issue. Just tried adding a link-local address as a gateway, but the webcfg won't take it:

              The gateway address FE80:f00d:cafe::6 does not lie within the chosen interface's subnet '2001:f00d:cafe::/64'.

              This is on:

              2.1-BETA1 (amd64)
              built on Tue Feb 12 10:20:45 EST 2013

              Regards

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                There's something more to it than that, we all went through and added fe80 gateways no problem. What kind of interface are you adding it on? Ethernet, wifi, tun, tap, gif, GRE, …? IP config of the interface static, DHCP, ... ? What page are you adding it on?

                1 Reply Last reply Reply Quote 0
                • rbgargaR
                  rbgarga Developer Netgate Administrator
                  last edited by

                  @McGlenn:

                  I have the same issue. Just tried adding a link-local address as a gateway, but the webcfg won't take it:

                  The gateway address FE80:f00d:cafe::6 does not lie within the chosen interface's subnet '2001:f00d:cafe::/64'.

                  This is on:

                  2.1-BETA1 (amd64)
                  built on Tue Feb 12 10:20:45 EST 2013

                  Regards

                  Please try to test it with a more recent snapshot. I could add the gateway without problems.

                  Renato Botelho

                  1 Reply Last reply Reply Quote 0
                  • M
                    McGlenn
                    last edited by

                    I just tried again using the snapshot of 1 April and am still getting the same input validation error.

                    The issue is that the input validation on system_gateways_edit.php is too tight. It does indeed check for "fe80::/" input, but that is too restrictive.

                    The IPv6 address I was trying to add is 'FE80:f00d:cafe::6/64', which using uppercase and doesn't have a double colon following the FE80.

                    I patched system_gateways_edit.php like this:

                    –- system_gateways_edit.php_orig 2013-04-14 15:57:27.000000000 +0200
                    +++ system_gateways_edit.php 2013-04-14 15:58:51.000000000 +0200
                    @@ -126,7 +126,7 @@
                    }
                    else if(is_ipaddrv6($_POST['gateway'])) {
                    /* do not do a subnet match on a link local address, it's valid */
                    -                        if(! preg_match("/fe80::/", $_POST['gateway'])) {

                    • if(! preg_match("/fe80:/i", $_POST['gateway'])) {
                      $parent_ip = get_interface_ipv6($_POST['interface']);
                      $parent_sn = get_interface_subnetv6($_POST['interface']);
                      if(empty($parent_ip) || empty($parent_sn)) {

                    And now it takes my IPv6 next-hop just fine.

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      Oh it's just not case-insensitive as it should be. I should have just fixed that. thanks

                      1 Reply Last reply Reply Quote 0
                      • M
                        McGlenn
                        last edited by

                        It was also expecting a double colon, which is not a must.

                        1 Reply Last reply Reply Quote 0
                        • M
                          Michael Sh.
                          last edited by

                          And at the beginning of the string, not anywhere.

                          if(! preg_match("/^fe80:/i", $_POST['gateway'])) {

                          1 Reply Last reply Reply Quote 0
                          • rbgargaR
                            rbgarga Developer Netgate Administrator
                            last edited by

                            @Michael:

                            And at the beginning of the string, not anywhere.

                            if(! preg_match("/^fe80:/i", $_POST['gateway'])) {

                            Fixed, thanks!

                            Renato Botelho

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post