How to disable stateless autoconf on FreeBSD router

[tibordp]

Hello!

I have a problem I have been unable to solve. I have successfuly configured an embedded FreeBSD box to perform as a IPv6 gateway for my home network via HE's tunnel broker. I use rtadvd to distribute IPs from my /64 to other PCs on LAN whilst the gateway itself uses a *::2 as provided by HE tunnel configuration.

I have a problem though. Since I enabled rtadv on the gateway, it gets an autoconfigured adress as well. I am not talking about a link-local addresses (which I am okay with) but a globally routable address. I would like to minimize the mess with all those IPs - I would like the gateway to only use *::2.

Is there any way I can disable the machine picking up its own router advertisments.

Code Select Expand


ae0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=82018<VLAN_MTU,VLAN_HWTAGGING,WOL_MAGIC,LINKSTATE>
       ether 00:1e:8c:06:95:56
       inet 192.168.201.2 netmask 0xffffff00 broadcast 192.168.201.255
       inet6 fe80::21e:8cff:fe06:9556%ae0 prefixlen 64 scopeid 0x1
       inet6 2001:470:****:****:21e:8cff:fe06:9556 prefixlen 64                    <----------------------- This is what I am talking about.
       inet6 2001:470:****:****:: prefixlen 64 anycast
       nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
       options=3<RXCSUM,TXCSUM>
       inet 127.0.0.1 netmask 0xff000000
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
       nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
       tunnel inet 192.168.201.2 --> 216.66.80.30
       inet6 fe80::21e:8cff:fe06:9556%gif0 prefixlen 64 scopeid 0x3
       inet6 2001:470:****:****::2 --> 2001:470:1f0a:187c::1 prefixlen 128
       nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
       options=1<ACCEPT_REV_ETHIP_VER>


I am using a rc.conf type of configuration:

Code Select Expand


ipv6_enable="YES"
ipv6_defaultrouter="2001:470:****:****::1"
ipv6_prefix_ae0="2001:470:****:****"

gif_interfaces="gif0 gif1"
gifconfig_gif0="192.168.201.2 216.66.80.30"
ipv6_ifconfig_gif0="2001:470:****:****::2 2001:470:****:****::1 prefixlen 128"

ipv6_gateway_enable="YES"
ipv6_router_enable="YES"
ipv6_router="/usr/sbin/route6d"
rtadvd_enable="YES"
rtadvd_interfaces="ae0"


And rtadvd configuration:

Code Select Expand

ae0:\
       :addrs#1:addr="2001:470:****:****::":prefixlen#64:tc=ether:


Thank you!

[cholzhauer]

get rid of

Code Select Expand


ipv6_prefix_ae0="2001:470:****:****"

in rc.conf

also, blocking out IP addresses makes it hard to read.

[tibordp]

I tried to do as you suggested but now even though router advertisements work, IPv6 packets don't get routed from/to LAN.

I apologize for censoring my prefix but I do feel slightly uneasy with it being published like this...

[cholzhauer]

you need some sort of ip address on your adapter..you'll either have to set it statically or use ra

[thixotropy]

I tried to do as you suggested but now even though router advertisements work, IPv6 packets don't get routed from/to LAN.

I apologize for censoring my prefix but I do feel slightly uneasy with it being published like this...

You assume that people who care can't figure it out anyways. 

You need to tell your machine not to accept router adverts, by setting net.inet6.ip6.accept_rtadv to 0. 
#sysctl net.inet6.ip6.accept_rtadv=0
That's the default, though, so you probably have set it to 1.

[tibordp]

I don't assume anything. It is just that I feel uneasy about it. Like you wouldn't post your private phone number on a public forum despite being listed in white pages. I do apologize for the inconvenience though and I will not mask my prefix in my further posts, should there be any.

I tried to do it the sysctl way (even explicitly setting it to 0 in sysctl.conf) but it doesn't appear to change anything.

[cholzhauer]

You removed the line I told you to and routing broke...did you re-add a manual address?  Your ae0 adapter has to have an IP on it so I can route packets