Now seems like as good a time as any to reiterate the need for a page devoted completely to Router Advertisement configuration. My personal suggestion is to put it under the Services drop-down and tab the page for individual interface configuration. I realize it will need to tie in (to some degree) to the DHCPv6 Server page, but a checkbox on the latter reading Allow Router Advertisement configuration to override these settings or Use RA Configuration should suffice. At the very least, have an Advanced RA Configuration section on the DHCPv6 Server page that only expands or becomes visible/configurable when the Advanced RA Configuration box is checked.
Here is what I know is in need of repair as it stands. I can't turn RAs off on any interfaces as I mentioned in a previous post. I just realized recently that RAs are getting transmitted over HE and SixXS tunnels as well as the LANs. So far, no complaints on their end (you never know with SixXS, though) and maybe there never will be since I doubt seriously the RAs are making it past the far endpoint. The only interface that is immune is the IPv4 WAN. No configuration is ever generated for it in the rtadvd.conf.
And that brings me to the other rtadvd.conf problem. The DNS server address that is sent in the RA for every interface save the WAN is always that of the last configured interface. If I have two LANs, for instance, the pfSense interface addresses of which are fd00:ac10::65 (LAN1) and fd00:ac10:100::65 (LAN2), and RA is set to Managed on both interfaces in the order mentioned, fd00:ac10:100::65 will be included as the DNS server address in the RA on both interfaces/LANs. If I disable RA on LAN2, nothing changes. If I then disable RA on LAN1, still nothing changes. Now, both LANs have RA disabled; I set RA to Managed on LAN1. The DNS server address in the RA is still the address of the LAN2 interface.
I know neither of these examples is the desired behavior, but what is? This is going to vary by user, network, application, etc., which is why I'm advocating finer configuration options. In my case, I only want RAs on specific interfaces and if I wanted DNS servers advertised with the RA instead of DHCPv6, I would prefer that the address sent in the RA on LAN1 was that of the interface on LAN1 and likewise for LAN2. What I'd really prefer, however, is not to advertise DNS addresses in the RA at all; I'm using DHCPv6 for that and my DNS servers are separate machines which list the pfSense boxes as forwarders (convenient when they in turn forward to DNS servers provided by upstream DHCP). But that's what I want for my network. The next guy will want something else.
Since it seems like there are a few things to fix and a few others still to consider in light of this, now would be the ideal time for discussion about how best to implement RA configuration. Of all the puzzle pieces involved with setting up a functioning IPv6 network, getting the proper RA on the proper networks is the only remaining hurdle for me.
In the meantime, are there any workarounds?