upstream/opnsense-docs
1
0
Fork 0
mirror of https://github.com/opnsense/docs.git synced 2026-05-28 04:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

radvd: Rewrite manual for mvc implementation (#834)

Browse source 
* radvd: Rewrite manual for mvc implementation

* Explicitely mark General and Advanced settings, adjust some help texts for clarity

* Add a small configuration example section

* Add Shutdown Advertisement

* Make some explanations clearer

* Add DHCPv6 example

* Better add radvd to the DHCP manual as well, as its a requirement for DHCPv6 to work
This commit is contained in:
Monviech 2026-01-19 14:51:58 +01:00 committed by GitHub
parent 5a3a93b839
commit 9ae6db257e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 126 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
source/manual/dhcp.rst
View file

@ -16,6 +16,11 @@ There are different DHCP servers/relays to choose from:
- :ref:`Dhcrelay <dhcrelay>`
- :ref:`ISC <isc-dhcp>` (EOL)
For DHCPv6 these services can offer Router Advertisements:
- :doc:`radvd </manual/radvd>`
- :ref:`Dnsmasq <dnsmasq-dhcp>`
.. _dnsmasq-dhcp:

155
source/manual/radvd.rst
View file

@ -2,6 +2,9 @@
Router Advertisements
==========================
.. contents:: Index
radvd (the service responsible for this functionality) is the router advertisement daemon for IPv6.
It listens to router solicitations and sends router advertisements as described in
"Neighbor Discovery for IP Version 6 (IPv6)" (`RFC 4861 <https://tools.ietf.org/html/rfc4861>`__).
@ -9,6 +12,74 @@ With these advertisements hosts can automatically configure their addresses and
It also defines "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)"
(`RFC6775 <https://tools.ietf.org/html/rfc6775>`__). They also can choose a default router based on these advertisements.
.. Attention::
:doc:`Dnsmasq </manual/dnsmasq>` is the default RA daemon in new installations, deactivate its *Router Advertisement*
setting if you want to use radvd.
-------------------------
General Settings
-------------------------
The service can be configured in :menuselection:`Services --> Router Advertisements`.
.. tabs::
.. tab:: General Settings
========================================= ====================================================================================
**Option** **Description**
========================================= ====================================================================================
**Enabled** Enable or disable this entry. If "Track Interface (legacy)" is used, an existing
disabled entry will also deactivate advertisements on that interface. Alternatively,
switch to "Identity association" for full manual configuration if needed.
**Interface** Choose the interface that should send Router Advertisements. A prefix will be constructed
from the primary IP of that interface, which is assigned by "Identity association" or
"Track interface (legacy)" IPv6 modes of said interface. If additional virtual IP addresses exist on
this interface, their prefixes will also be advertised.
**Mode** Select which flags to set in Router Advertisements sent from this interface.
**Minimum interval** The minimum time allowed between sending unsolicited multicast router advertisements
from the interface, in seconds.
**Maximum interval** The maximum time allowed between sending unsolicited multicast router advertisements
from the interface, in seconds.
**Recursive DNS Servers (RDNSS)** The default is to use this interface IP address with an enabled DNS service or the
configured global DNS servers. You may specify up to three explict servers here instead.
**DNS Search List (DNSSL)** The default is to use the domain name of this system as the DNSSL option.
You may specify explicit domains here instead.
**Routes** Routes are specified in CIDR format. The prefix of a route definition should be network prefix;
it can be used to advertise more specific routes to the hosts.
========================================= ====================================================================================
.. tab:: Advanced Settings
========================================= ====================================================================================
**Option** **Description**
========================================= ====================================================================================
**Constructor** Per default, the primary prefix of the given *Interface* in
*General Settings* is used. When setting a constructor,
the primary prefix of a WAN interface can be used instead.
An :doc:`NDP proxy </manual/ndp-proxy-go>` is required if the same WAN prefix is
shared by multiple LAN interfaces.
**Preference** Select the Priority for the Router Advertisement (RA) Daemon.
**Deprecate Prefix** Deprecate advertised prefixes on shutdown by announcing a zero preferred lifetime.
**Shutdown Advertisement** Upon shutdown, send a final advertisement with zero router lifetime.
**Default Lifetime** Lifetime in seconds this router is considered a valid default router.
**Preferred Lifetime** Lifetime in seconds addresses remain preferred for new connections.
**Valid Lifetime** Lifetime in seconds addresses remain valid before becoming unusable.
**Source Address** Select the source address embedded in the RA messages.
If a CARP address is used DeprecatePrefix and RemoveRoute are both set to "off" by default.
**NAT64 prefix** The NAT64 prefix included in the router advertisements.
The "well-known prefix" reserved for this service is 64:ff9b::/96.
**Link MTU** Advertise a specific MTU to clients. Must be equal or greater than 1280 and valid for the link.
**Enable DNS** Control the sending of the embedded DNS configuration (RFC 8106).
**Recursive DNS Servers Lifetime** Lifetime in seconds for advertised recursive DNS servers.
**DNS Search List Lifetime** Lifetime in seconds for advertised DNS search domains.
**Route Lifetime** Lifetime in seconds for advertised routes.
**Remove Route** Withdraw advertised routes on shutdown by sending a zero lifetime.
========================================= ====================================================================================
.. _radvd-mode:
--------------------------------
Router Advertisements (Mode)
@ -50,47 +121,63 @@ A detailed overview of the :code:`radvd` settings determined by the mode can be
Technical details about the options can be found in the `man <https://www.freebsd.org/cgi/man.cgi?query=radvd.conf>`__ page of radvd
--------------------------------
General
Configuration examples
--------------------------------
==================================== ===============================================================================
Priority The preference associated with the default router,
as either "low", "medium" (default), or "high".
RA Interface Interface to use prefix from.
Advertise Default Gateway uses :code:`AdvDefaultLifetime` to disable advertising as default router when
unset.
Advertise Routes Advertise more specific specific routes to the clients.
==================================== ===============================================================================
Advertise a prefix on LAN
--------------------------------------------------
The most common configuration would be DHCPv6 on the WAN interface and receiving a routed prefix via DHCPv6-PD.
When setting the LAN IPv6 configuration to either of "Track Interface (legacy)" or "Identity association" with a unique prefix ID,
router advertisements can send that prefix and a default route to clients.
Go to :menuselection:`Services --> Router Advertisements` and add a new entry:
========================================= ====================================================================================
**Option** **Description**
========================================= ====================================================================================
**Enabled** X
**Interface** LAN
========================================= ====================================================================================
Press **Save** and **Apply**
Per default, RDNSS and DNSSL options will be sent to clients, containing the IPv6 address of the LAN interface, and the default system domain.
--------------------------------
DNS
--------------------------------
Advertise multiple prefixes on LAN
--------------------------------------------------
For supported clients, DNS settings can also be propagated by radvd as detailed in `RFC 8106 <https://tools.ietf.org/html/rfc8106>`__
If an ULA (Unique Local Address) prefix should be sent in addition to a GUA (Global Unicast Address) prefix, create a virtual IPv6 address
in :menuselection:`Interfaces --> Virtual IPs`. Configure it on the LAN interface, make sure the prefix length is /64.
==================================== ===============================================================================
DNS servers Define which dns servers to publish to the clients, either the ones
defined here or (when **Use the DNS settings of the DHCPv6 server** is set)
the ones defined in the DHCPv6 server for this interface.
(:code:`RDNSS` in :code:`radvd`)
Domain search list Domain search list to push to the clients, when not specified the local
domain name from this firewall is used. (:code:`DNSSL` in :code:`radvd`)
==================================== ===============================================================================
Afterwards, applying the configuration in :menuselection:`Services --> Router Advertisements` will configure the additional prefix.
--------------------------------
Intervals
--------------------------------
The time between unsolicited multicast router advertisement can be configured, using the following settings,
usually these are left default.
DHCPv6
--------------------------------------------------
==================================== ===============================================================================
Minimum Interval The minimum time allowed between sending unsolicited multicast
router advertisements from the interface, in seconds.
Must be no less than 3 seconds and no greater than 0.75 * "Maximum Interval".
Maximum Interval The maximum time allowed between sending unsolicited multicast
router advertisements from the interface, in seconds.
Must be no less than 4 seconds and no greater than 1800 seconds.
==================================== ===============================================================================
Router Advertisements are sufficient for clients to auto-generate a SLAAC address, receive a default gateway and a DNS server.
These are the basic requirement for IPv6 connectivity.
There can be advanced requirements like hostname registration, static reservations and DHCPv6 options.
For these cases, there are two DHCPv6 servers available: :doc:`KEA </manual/kea>` and :doc:`Dnsmasq </manual/dnsmasq>`.
As Dnsmasq is best used with its own router advertisement functionality, KEA is the most logical choice to pair with radvd.
This is especially true for HA setups, as KEA can synchronize IPv6 leases.
.. Attention::
A combination of KEA and radvd requires a static WAN prefix, as KEA cannot track prefixes dynamically.
To advertise a DHCPv6 server to clients, configure the available :ref:`modes <radvd-mode>` to your requirements.
High availability
--------------------------------------------------
For high availability with IPv6, static prefixes are a requirement for seamless failover.
You can follow this setup example: :doc:`Configure CARP </manual/how-tos/carp>`