IPv6 Autoconf & Forwarding


#1

Hey,

Is there any reason why I need to disable IPv6 forwarding when I want to use IPv6 Autoconf?
Currently, it is basically unusual on clouds that does IPv6 via RA like Vultr and so on.


#2

Hi Mr. Funken,

what do you mean with ‘IPv6 autoconf’? SLAAC?


#3

I’m talking about the auto conf feature xD
https://wiki.vyos.net/wiki/Network_address_setup#IPv6_autoconfiguration

The issue, is basically, that I get the gateway only via the Router Advertisement.
Usual I just would set a static default route and everything is working but as such gateways that get advertised via an Router Advertisement can be dynamic or at least change over time, it is not a solution to just set an static route :frowning:


#4

That is expected behavior, as soon as you run as host you are not a router and therefore you shouldn’t forward packets to other networks.
As a work around try the following (if eth0 is your interface, otherwise change it to the one you accept the ra on):
set system sysctl custom net.ipv6.conf.eth0.forwarding 1

Let me know if it works for you.


#6

If you really feel like it, you may set the accept_ra variable to 2 (see https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt).

However, the default behaviour does make sense: a router accepting RA is a major mess up waiting to happen if something else on the network starts advertising itself as a router for example.


#7

I know, that this is not an optimal solution.
However, I don’t know another solution than that, to get IPv6 working on cloud providers like Vultr.

Or did anyone of you have a different Idea? :frowning:


#8

Howabout:

So they want it messy :smiley:

[…]
If you have IP forwarding enabled (using your server as a VPN or similar), you will also need to add the following lines to the /etc/sysctl.conf file. The default settings for these variables (which is 1), prevents IPv6 from working properly when IP forwarding is enabled. You can check if IP forwarding is enabled by running “sysctl net.ipv4.ip_forward”.
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.eth0.accept_ra=2
[…]