Modify

Opened 6 years ago

Closed 5 years ago

#11423 closed defect (fixed)

Bugs in IPv6 enabled openwrt configuration

Reported by: ard@… Owned by: developers
Priority: normal Milestone: Netifd Implementation
Component: base system Version: Trunk
Keywords: Cc:

Description

There is no real good way to set up an openwrt with ipv6 enabled.
For instance: if you create a vlan, you might disable ipv6 on the vlan you just created by using option 'ipv6_disable_ipv6' '1' in the /etc/config/network file, but the base interface will have ipv6 enabled.
If you want to have an ipv6 uplink, but do not want to have ipv6 bridged you are out of luck, because it is impossible to disable ipv6 on bridges.
It's even a security issue they way it is now. I could even unbrick 2 of my routers having a failed ipv4 configuration, but by just having ipv6 enabled in the kernel I could advertise a route and log into it anyway.

There are 2 approaches to fix this:
1) explicitly disable ipv6 on any interface you don't want it.

  • this means adding cludges to the existing scripts.

2) explicitly enable ipv6 on any interface you want (preferred)

  • this means echo 1 > ipv6.conf.default.disable_ipv6, and enable it for any interface we want it. This will hurt a little, since we have to enable it after interface creation and before interface enabling.

For it to hurt less for users we can have a default of "ipv6 enabled autoconfig" for any interface that is configured. This means that all slave interfaces of bridges will by default have it disabled, and better: also the primary interface of a slave interface will not be bound to the ipv6 stack. Only after creation of a bridge, the ipv6 will be enabled for the bridge.

I will be working on approach 2.

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by jow

  • Milestone changed from Attitude Adjustment (trunk) to Netifd Implementation

comment:2 Changed 5 years ago by jasa.david@…

Having IPv6 disabled by default these days seems pretty backward. I'd prefer v4/v6 setup to be consistent whereever applicable by default, notable exceptions are LAN address assignment and NAT (from top of my head so not exhaustive).

comment:3 Changed 5 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

IPv6 is enabled by default in current builds, IIRC the disable handling for bridge members is also implemented

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.