Em 18-08-2015 04:30, Claus Lensbøl escreveu: > I tried setting a custom link-local address, didn't help. The weird > thing is that I have tested a similar set up on a 5.3 router > that has no vlan interfaces and a much less strict pf than this one, > and that just worked out of the box.
It might be obvious, but you are logging blocked rules right? You ruleset might indeed be blocking things, which is why you need to log, and also, use tcpdump. I'm starting to think you have a problem with your vlan configuration. > > > I tried a: > pass on vlan710 from fe80::/10 > , but that didn't help either. The packets appear on the VLAN? > > It's a bit problematic disabling pf as the site is running v4 in > production. No need, use tcpdump. > > Any other suggestions? Beside debugging it more and upgrading your OpenBSD installation, none. I don't think IPv6 is the problem though. Remember, SLAAC is ICMPv6 only and DHCPv6 is UDP based, just as DHCPv4 is. So your ruleset must accommodate for that. Cheers, Giancarlo Razzolini
