RamNode logo
    Sign UpLogin
    Back to Legacy KVM Documentation

    OpenBSD IPv6 Issue

    Fixing IPv6 connectivity on OpenBSD

    On This Page

    OpenBSD does not always play well with our current IPv6 networking setup due to non-RFC compliant hardening.

    The Problem

    OpenBSD has implemented non-RFC compliant hardening that rejects RFC-compliant neighbor solicitation responses from our routers. This prevents IPv6 from working properly.

    More technical information: OpenBSD Mailing List Discussion

    The Solution: Kernel Patch

    To fix IPv6 on OpenBSD, you need to patch the kernel to remove the non-compliant hardening. Here's the patch that needs to be applied:

    Kernel patch (nd6_nbr.c)
    Index: nd6_nbr.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.66
diff -u -p -r1.66 nd6_nbr.c
--- nd6_nbr.c   7 Mar 2013 09:03:16 -0000   1.66
+++ nd6_nbr.c   7 May 2013 11:44:56 -0000
@@ -132,17 +132,7 @@ nd6_ns_input(struct mbuf *m, int off, in
        "(wrong ip6 dst)\n"));
     goto bad;
     }
-   } else {
-   /*
-   * Make sure the source address is from a neighbor's address.
-   */
-   if (!in6_ifpprefix(ifp, &saddr6)) {
-   nd6log((LOG_INFO, "nd6_ns_input: "
-      "NS packet from non-neighbor\n"));
-   goto bad;
-   }
-   }
-
+   }
    if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
     nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
     goto bad;

    Applying the Patch

    To apply this patch, you'll need to:

    1

    Download OpenBSD source code

    2

    Apply patch to nd6_nbr.c

    3

    Rebuild the kernel

    4

    Install new kernel

    5

    Reboot with patched kernel

    Step-by-Step Instructions
    # Get OpenBSD source
cd /usr/src
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs checkout -P src

# Save the patch to a file
cat > /tmp/ipv6-fix.patch << 'EOF'
[paste patch content here]
EOF

# Apply the patch
cd /usr/src/sys/netinet6
patch < /tmp/ipv6-fix.patch

# Build and install kernel
cd /usr/src/sys/arch/$(machine)/conf
config GENERIC
cd ../compile/GENERIC
make clean && make
make install

# Reboot
reboot

    Advanced Users Only

    Patching and rebuilding the kernel requires significant Unix/OpenBSD knowledge. If you're not comfortable with kernel compilation, consider using a different BSD or Linux distribution.

    Alternative: Use IPv4 Only

    If patching the kernel seems too complex, you can simply use IPv4:

    IPv4 Works Perfectly

    OpenBSD IPv4 works without any patches

    Most Services Work

    Most services work fine with IPv4 only

    Less Complexity

    Simpler network configuration

    No Patching Required

    Works out of the box

    Other BSDs

    If you need IPv6 without kernel patching:

    FreeBSD

    Works perfectly with our IPv6 setup

    NetBSD

    Also compatible without patches

    Linux

    Full IPv6 support out of the box

    Verifying IPv6 After Patching

    Verify IPv6
    # Check IPv6 address assignment
ifconfig

# Test IPv6 connectivity
ping6 -c 4 ipv6.google.com

# Check routing
netstat -rn -f inet6

    Future OpenBSD Versions

    Check if newer OpenBSD versions have resolved this issue or provided a configuration option. The OpenBSD team may eventually make this behavior configurable.

    Need Help?

    If you need assistance with applying the kernel patch, troubleshooting IPv6 connectivity, or choosing an alternative BSD/Linux, contact our support team. While we can't patch your kernel for you, we can provide guidance and troubleshooting assistance.