El 13/8/20 a les 22:23, Daniel Gröber ha escrit:
Hi Luca,
On Thu, Aug 13, 2020 at 07:02:21PM +0200, Luca Olivetti wrote:
I found out that, since the router has RA enabled, the boxes get an ipv6
globally routable address. The problem is, when the prefix changes
(unfortunately it's not static, the isp assigns a new one on each PPPoE
session), the new address is added but the old one is never deleted, e.g.:
unless the ISP configured RA wrong those addresses should time out
automatically after their valid_lft time expires. Having lots of addresses
is pretty normal in IPv6 so I wouldn't worry about it :)
You can see the valid_lft field using `ip address` instead of ifconfit.
Mmmh, I think there's a problem
$ ip addr list wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether e8:94:f6:15:30:7a brd ff:ff:ff:ff:ff:ff
inet 192.168.10.6/24 brd 192.168.10.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3105:bd00:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3507:8200:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3605:7a00:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3306:9800:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3502:fb00:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3107:7100:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3508:f00:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3307:5700:ea94:f6ff:fe15:307a/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::ea94:f6ff:fe15:307a/64 scope link
valid_lft forever preferred_lft forever
Unfortunately the router is quite limited in what can be configured (and
only if you hack it to obtain admin access) and I see no option to
adjust the valid_lft, you can just turn RA on/off, set the M (maybe I
should set it to use dhcpv6 instead?) and O option, preference (?)
high/middle/low, prefix delegate type autosense/manual, a minimum retry
interval (currently 198) and maximum retry interval (600). And that's it.
Is there a way to automatically flush the old addresses?
If you insist on removing them you can do
ip -6 address flush deprecated
Well, since they're valid "forever" that doesn't remove any address :-/
which should remove all addresses with "preferred_lft 0" but nonzero
valid_lft which means they can still be used for incoming connections
side note: also the ipv6 firewall is quite limited, either no incoming
connection is forwarded or all of them to all internal hosts :-(
but
won't we used for outgoing ones.
OK, if it's no problem I won't bother.
Bye
--
Luca
