Using OpenBSD 5.8-current (GENERIC) #0, amd64 I have a simple ntpd.conf:
server 10.20.1.1 constraints from "https://www.google.com"; The ifconfig for the NIC in question is: % ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:22:68:99:41:8e priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.20.1.150 netmask 0xff000000 broadcast 10.255.255.255 inet6 fe80::222:68ff:fe99:418e%em0 prefixlen 64 scopeid 0x1 inet6 fdcf:b715:2f4d:1::150 prefixlen 64 I noticed in my pf logs that a RFC4193 IPv6 address was trying to access google. My understanding is that the RFC4193 addresses, while routable, should not be routed over the global Internet. Fortunately, I block/log all such attempts at my firewall. Here's one of the log records: pf: rule 1..16777216/0(match): block out on em0: fdcf:b715:2f4d:1::150.3664 > 2607:f8b0:4004:808::1012.443: tcp 0 The 2607 address is google's, which was my first clue when I started to backtrace the source of the traffic. So my question is --- should ntpd's constraint traffic use the NIC's IPv4 address when there is no globally routable IPv6 address available? Is there something else I need to configure to nudge ntpd's constraint traffic in the correct direction?
