Paul de Weerd wrote:
> Although we see RA's with a non-link-local source IP (bad), some more
> verbose output (tcpdump -vv) would've been nice. Here's a proper
> exchange (`tcpdump -nepvvs 1500 -i fxp0 icmp6`, in my case) :
My apologies, i've posted this in a couple of places and i've lost
track of who knows what.. I'll be more verbose :-
12:41:32.675554 00:0c:29:cd:f7:7a 33:33:00:00:00:02 86dd 70:
fe80::20c:29ff:fecd:f77a > ff02::2: icmp6: router solicitation (src
lladdr: 00:0c:29:cd:f7:7a) (len 16, hlim 255)
12:41:33.017952 00:0c:29:57:23:b6 33:33:00:00:00:01 86dd 110:
2001:8b0:13:1::1 > ff02::1: icmp6: router advertisement(chlim=64,
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
00:0c:29:57:23:b6)(prefix info: LA valid_ltime=2592000,
preferred_ltime=604800, prefix=2001:8b0:13:1::/64) (len 56, hlim 255)
12:41:36.684031 00:0c:29:cd:f7:7a 33:33:00:00:00:02 86dd 70:
fe80::20c:29ff:fecd:f77a > ff02::2: icmp6: router solicitation (src
lladdr: 00:0c:29:cd:f7:7a) (len 16, hlim 255)
12:41:36.966249 00:0c:29:57:23:b6 33:33:00:00:00:01 86dd 110:
2001:8b0:13:1::1 > ff02::1: icmp6: router advertisement(chlim=64,
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
00:0c:29:57:23:b6)(prefix info: LA valid_ltime=2592000,
preferred_ltime=604800, prefix=2001:8b0:13:1::/64) (len 56, hlim 255)
12:41:40.689911 00:0c:29:cd:f7:7a 33:33:00:00:00:02 86dd 70:
fe80::20c:29ff:fecd:f77a > ff02::2: icmp6: router solicitation (src
lladdr: 00:0c:29:cd:f7:7a) (len 16, hlim 255)
12:41:41.057608 00:0c:29:57:23:b6 33:33:00:00:00:01 86dd 110:
2001:8b0:13:1::1 > ff02::1: icmp6: router advertisement(chlim=64,
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
00:0c:29:57:23:b6)(prefix info: LA valid_ltime=2592000,
preferred_ltime=604800, prefix=2001:8b0:13:1::/64) (len 56, hlim 255)
> Mostly, the output of `ifconfig vic0` on the rtadvd machine, but in
> general it's better to give more details than less. The less
> assumptions we have to make (are there other machines on his network ?
> does he have 'interesting' pf rules ? are his sysctls set properly ?
> etc etc), the better we're able to help you.
On the router:
# ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
vic0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0c:29:57:23:b6
groups: egress
media: Ethernet autoselect
status: active
inet 217.169.13.143 netmask 0xffffff80 broadcast 217.169.13.255
inet6 2001:8b0:13:1::1 prefixlen 64
enc0: flags=0<> mtu 1536
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
groups: gif
physical address inet 217.169.13.143 --> 81.187.81.6
inet6 fe80::20c:29ff:fe57:23b6%gif0 -> prefixlen 64 scopeid 0x4
inet6 2001:8b0:13:1::1 -> 2001:8b0::1 prefixlen 128
And /etc/sysctl.conf (stripped);
net.inet6.ip6.forwarding=1
net.inet6.ip6.accept_rtadv=0
On the client, sysctrl.conf:-
net.inet6.ip6.forwarding=0
net.inet6.ip6.accept_rtadv=1
Just noticed, on the router in /var/log/daemon:-
Aug 11 12:45:37 sontaran rtadvd[14832]: <getent> open: No such file or directory
Aug 11 12:45:37 sontaran rtadvd[14832]: <getconfig> vic0 isn't defined
in the configuration file or the configuration file doesn't exist.
Treat it as default
.. when starting 'rtadvd -D vic0' - it was doing this before I renamed
/etc/rtadvd.conf (I did try specifiying -c /etc/rtadvd.conf before
too, to no avail).
Further info: no pf, no local firewalls on any machines, various
physical and virtual machines on various network segments - nothing
else is configured to listen for RA and nothing else is configured as
a 'ra server(?)'..
Hope this assists. Thanks!
