IPv6 link-local next-hop



  • All,

    we suffer from an known (?) limitation in PFsense (snapshot : 2.1-BETA1 (amd64) built on Tue Feb 12 10:20:45 EST 2013)

    When trying to define a next-hop on a particular interface (via System -> Routing), we receive following error message :

    The gateway address FE80:6F8:xxxx::6 does not lie within the chosen interface's subnet '2001:6f8:xxxx::/64'.

    When adding this gateway (and route) via the CLI, it works like a charm. I presume there is something wrong with the input validation in the GUI?

    Any feedback?

    Thanks in advance,
    Dieter



  • yeah validation is too tight there.
    http://redmine.pfsense.org/issues/2841



  • Hi cmb,

    thanks for your reply. I presume this will be an easy fix…

    Regards,
    Dieter



  • hm, actually that's not really the issue. The input validation allows adding a gateway IP on fe80::/10. Is this something you can replicate with the latest version, and if so, how? I just added an fe80 gateway with no problem.



  • I have the same issue. Just tried adding a link-local address as a gateway, but the webcfg won't take it:

    The gateway address FE80:f00d:cafe::6 does not lie within the chosen interface's subnet '2001:f00d:cafe::/64'.

    This is on:

    2.1-BETA1 (amd64)
    built on Tue Feb 12 10:20:45 EST 2013

    Regards



  • There's something more to it than that, we all went through and added fe80 gateways no problem. What kind of interface are you adding it on? Ethernet, wifi, tun, tap, gif, GRE, …? IP config of the interface static, DHCP, ... ? What page are you adding it on?


  • Developer Netgate Administrator

    @McGlenn:

    I have the same issue. Just tried adding a link-local address as a gateway, but the webcfg won't take it:

    The gateway address FE80:f00d:cafe::6 does not lie within the chosen interface's subnet '2001:f00d:cafe::/64'.

    This is on:

    2.1-BETA1 (amd64)
    built on Tue Feb 12 10:20:45 EST 2013

    Regards

    Please try to test it with a more recent snapshot. I could add the gateway without problems.



  • I just tried again using the snapshot of 1 April and am still getting the same input validation error.

    The issue is that the input validation on system_gateways_edit.php is too tight. It does indeed check for "fe80::/" input, but that is too restrictive.

    The IPv6 address I was trying to add is 'FE80:f00d:cafe::6/64', which using uppercase and doesn't have a double colon following the FE80.

    I patched system_gateways_edit.php like this:

    –- system_gateways_edit.php_orig 2013-04-14 15:57:27.000000000 +0200
    +++ system_gateways_edit.php 2013-04-14 15:58:51.000000000 +0200
    @@ -126,7 +126,7 @@
    }
    else if(is_ipaddrv6($_POST['gateway'])) {
    /* do not do a subnet match on a link local address, it's valid */
    -                        if(! preg_match("/fe80::/", $_POST['gateway'])) {

    • if(! preg_match("/fe80:/i", $_POST['gateway'])) {
      $parent_ip = get_interface_ipv6($_POST['interface']);
      $parent_sn = get_interface_subnetv6($_POST['interface']);
      if(empty($parent_ip) || empty($parent_sn)) {

    And now it takes my IPv6 next-hop just fine.



  • Oh it's just not case-insensitive as it should be. I should have just fixed that. thanks



  • It was also expecting a double colon, which is not a must.



  • And at the beginning of the string, not anywhere.

    if(! preg_match("/^fe80:/i", $_POST['gateway'])) {


  • Developer Netgate Administrator

    @Michael:

    And at the beginning of the string, not anywhere.

    if(! preg_match("/^fe80:/i", $_POST['gateway'])) {

    Fixed, thanks!


Log in to reply