OPNsense: RA Interface static vs dynamic

Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!

RA Interface: static vs dynamic

Some time ago I suggested adding a checkbox (🖇️ 🔐) so users can stop radvd from deprecating the IPv6 prefix on shutdown and created a corresponding pull request. This was not merged because the team was not happy about how I implemented it. But they promised to add this feature which they actually did pretty quick.
Under Services -> Router Advertisements -> LAN you can now choose between two options for RA Interface:

What happens under the hood

The RA interface basically controls the DeprecatePrefix config option in the radvd config file. DeprecatePrefix tells radvd if a router adverisement with “preferred lifetime” set to 0 should be sent on shutdown/prefix change or not. When your devices pick up such an advertisement they will deprecate their derived addresses and therefore won’t use them for new connections. With the “dynamic” RA interface this option will be set to on. With “static” Ra interface it will be set to off.

I’ve got a static prefix from my ISP. Therefore I’ve set my RA interface to LAN (static). If you want to take a look how your radvd config changes based on your choice have a look at the /var/etc/radvd.conf file on your OPNsense.

My usage scenario

I’m running OPNsense virtualized on my server at home conveniently named “homeserver”. When I update my homeserver I normally update my OPNsense as well. When shutting down OPNsense a router advertisement with preferred lifetime set to 0 is sent out breaking my ssh connection (obviously over IPv6) to my homeserver. My “workaround” was to use the link local address of my homeserver during updates.
Since I changed to my RA Interface to LAN (static) my addresses are not deprecated anymore and my ssh connection does not break. It’s just way more convenient.

Du hast einen Kommentar, einen Wunsch oder eine Verbesserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.

🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg)