DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th October 2014
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default Any info on OpenBSD 5.6's new default IPv6 to off change?

Hi, good morning everyone.

I am interested in understanding the bit about OpenBSD 5.6's networking stack change to have IPv6 disabled by default on new interfaces.

I would like to know the reason for the change and also how will it affect a OpenBSD installation setup as a firewall gateway for both IPv4 and IPv6 (IPv4 makes use of NAT in PF, but IPv6 is just raw router with basic firewalling)?

I currently make use of Dibbler IPv6 client to pull relevant DHCPv6 info from my ISP (Comcast HSI), because one cannot use pure IPv6 Router Advertisements because once you enable IPv6 routing, that is disabled. I then make use of radvd to advertise out the prefix I am delegated from Comcast obtained previously in Dibbler client (I do not make use of the Dibbler server as that's functionality I do not need).

So my question is...will having IPv6 disabled on all interfaces by default break my setup, and what can I do to prevent that?

Midnight
Reply With Quote
  #2   (View Single Post)  
Old 18th October 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The change is equivalent to having used the ifconfig(8) -noinet6 option. According to the ifconfig(8) man page, to enable IPv6 on an interface, use either the eui64 option, assign a static IPv6 address, or use rtsol(8).

The eui64 option fills the interface index automatically. Invoking rtsold(8) as rtsol will probe for a router, one time, without becoming a daemon
Reply With Quote
  #3   (View Single Post)  
Old 20th October 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I realized I didn't answer your first question.
Quote:
Originally Posted by SlyM View Post
I would like to know the reason for the change...
Henning Brauer (henning@) wrote about this in the OpenBSD Journal.
Quote:
Automagically adding an inet6 address just because an interface comes up is ridiculous and actually a security risk, since your machine is suddenly reachable over it (to some extent), which might not even be clear to the person taking the interface up. And it goes further, that automagic inet6 address even causes problems in some setups, e. g. with bridges. So we eventually decided to turn off v6 by default, which is how it should have been from the beginning - actively adding an inet6 address, manually or by running rtsol for autoconfig, turned it on and everything magically worked right. Without the implicit attack vector. So that is actually invisible to almost all that use inet6 - only those just using link-local, without any "real" inet6 address, had to adapt slightly. Pleasantly even the die-hard inet6 lovers in our group agreed with that move.
Reply With Quote
  #4   (View Single Post)  
Old 2nd November 2014
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default

Thank you for the reason why. Now if only I could figure out why after upgrading to 5.6 my IPv6 access is broken.

I narrowed it down to the ifconfig command I run to plumb up the main IPv6 address even with prefixlen set to 64, no route is added to route the whole subnet through that interface. And no command I try with route add and every version ifconfig command will not add the appropriate route for the local subnet.

What am I doing wrong?

Let me see if I can copy output to show what I'm talking about.
Reply With Quote
  #5   (View Single Post)  
Old 2nd November 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I'm not an IPv6 user. And with the minimal information provided so far, it appears you might not be soliciting a route by using rtsol(8), as mentioned above.
Reply With Quote
Reply

Tags
ipv6, rtsol

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Info for openbsd manual in italian language ilparente OpenBSD General 3 23rd November 2013 07:25 PM
With World IPv6 Launch, IPv6 on by default will be the new normal J65nko News 0 29th March 2012 07:59 PM
change default font of the X rex FreeBSD General 2 26th October 2008 05:54 PM
pfctl -s info counters don't change audio FreeBSD Security 2 16th July 2008 11:01 PM
Permanently Change Default sound device. shep FreeBSD General 5 14th June 2008 05:58 PM


All times are GMT. The time now is 07:39 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick