New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
outgoing IPv6 NAT uses wrong (probably old) address #5325
Comments
@bimbar It's relatively easy to emulate if the kernel address selection listens to address updates or not, especially with the ":0" selector. My guess is that it's probably not implemented so it would require a pfctl rules reload to take effect? Cheers, |
It normally works, it just seemed that after a few days it stops to update its address. Since I can't know when an address update comes, I can't really do a pfctl rules reload when it happens. |
I did mean a static test interface where one could change the IP address via ifconfig. It looks like this attaches to a ifaddr_event hook, but there could still be issues with it... https://github.com/opnsense/src/blob/3778c319d0c0786fe9ec88ac81e624ee9f48a47b/sys/netpfil/pf/pf_if.c#L917 |
Crashing the party here, just trying to get my head around something to do with NPTv6 as I am now back to using dhcp6. and have not used NPTv6, In the GUI you have to specify the 'External Prefix', could the NPTv6 functions be expanded so that the prefix is taken from PD of the LAN, thus you take the lower 'n' bits of a ULA address on the LAN and use the PD upper 64 bits as the external prefix? Might want to take this to a seperate discussion, but might it not be a useful option for servers etc on the LAN side? Using this option would negate the need for prefix tracking etc. |
Is that even an opnsense problem or is that upstream? If so, maybe it'll work with the upcoming freebsd 13 upgrade? |
I doubt there is any change in this regard with FreeBSD 13 .. at least not from the pf(4) end. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
I have an IPv6 dialup with dynamic addresses. For that I use ULA internally, and use outgoing NAT for IPv6.
and
but when pinging google from inside, tcpdump shows:
which is the wrong prefix.
To Reproduce
See above, configure NATv6, wait a few days.
Expected behavior
I did expect the right source IP to be used.
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 21.7.3 (amd64, OpenSSL).
APU2D4
The text was updated successfully, but these errors were encountered: