OPNsense: RA Interface static vs dynamic
Friday, April 2 2021 · Lesezeit: 2 Minuten · 350 Wörter · Tags: opnsenseipv6 Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!RA Interface: static vs dynamic
Some time ago I suggested adding a checkbox (🖇️ 🔐)
so users can stop radvd from deprecating the IPv6 prefix on shutdown and created a corresponding pull request. This was not merged because the team was not happy about how I implemented it. But they promised to add this feature which they actually did pretty quick.
Under Services -> Router Advertisements -> LAN you can now choose between two options for RA Interface:
- (Interface name) dynamic e.g.
LAN (dynamic): Use this if your ISP is allocating a dynamic prefix to you. When the prefix changes a fast, seamless switch to the new one can be done. - (Interface name) static e.g.
LAN (static): Use this if your ISP is allocating you a static prefix.
What happens under the hood
The RA interface basically controls the DeprecatePrefix config option in the radvd config file. DeprecatePrefix tells radvd if a router adverisement with “preferred lifetime” set to 0 should be sent on shutdown/prefix change or not. When your devices pick up such an advertisement they will deprecate their derived addresses and therefore won’t use them for new connections. With the “dynamic” RA interface this option will be set to on. With “static” Ra interface it will be set to off.
I’ve got a static prefix from my ISP. Therefore I’ve set my RA interface to LAN (static). If you want to take a look how your radvd config changes based on your choice have a look at the /var/etc/radvd.conf file on your OPNsense.
My usage scenario
I’m running OPNsense virtualized on my server at home conveniently named “homeserver”. When I update my homeserver I normally update my OPNsense as well. When shutting down OPNsense a router advertisement with preferred lifetime set to 0 is sent out breaking my ssh connection (obviously over IPv6) to my homeserver. My “workaround” was to use the link local address of my homeserver during updates.
Since I changed to my RA Interface to LAN (static) my addresses are not deprecated anymore and my ssh connection does not break. It’s just way more convenient.
Du hast einen Kommentar, einen Wunsch oder eine Verbesserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.
🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg) Zurück