Package: network-manager
Version: 1.42.4-1
Severity: normal
File: /usr/sbin/NetworkManager

Dear Maintainer,

I have been fighting with wrong ipv6 routes for quite a while and have
finally been able to track them to NetworkManager being the cause. But not
what exactly in NetworkManager causes the issue.

I have a system with two ethernet interfaces. One is actually a vxlan interface used as a L2 VPN and is set up by some of my scripting.

In this example, assume eth0 and vxlan1

I have little control of the ipv6 RA being sent to both interfaces. But for the L2 VPN to
work as intended, I need the IPv6 default route to point to that interface. So prior to set
up the vxlan interface I disable accept_ra on eth0 and delete the existing default route:

ip link add vxlan1 type vxlan id 1 dstport 4789 remote 192.168.10.2
sysctl -w net.ipv6.conf.eth0.accept_ra_defrtr=0
sysctl -w net.ipv6.conf.eth0.accept_ra=0
ip -6 route delete default
ip link set dev vxlan1 up

As soon as an RA is received on vxlan1 the interface vxlan1 is configured and the correct ipv6 route created to send traffic via L2 VPN.

tcpdump -vvvv -ttt -i eth0 'icmp6 and ('ip6[40] = 134' or 'ip6[40] = 133')'

As soon as an RA is received on eth0, which according to the sysctl entry should
be ignored, a second default route (unfortunately with higher priority) is pointig
to eth0

All further attempts to 'fix' with sysctl by disabling autoconfig or setting the
'all' and 'default' interfaces did not fix the issue.

When I stop NetworkManager, the RA received on eth0 is ignored as configured by sysctl. This leads me to the conclusion, that NetworkManager somehow still handles RA even when disabled in the kernel via sysctl.

So I had a look at the NetworkManager ipv6 settings for eth0 and attempted to disable IPv6 RA there,
unfortunately with no success.

I wonder if this is a bug or if this is intended behaviour. If intended, how can
my use case be 'fixed'?

-- System Information:
Debian Release: 12.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-32-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager depends on:
ii adduser 3.134
ii dbus [default-dbus-system-bus] 1.14.10-1~deb12u1
ii libaudit1 1:3.0.9-1
ii libbluetooth3 5.66-1+deb12u2
ii libc6 2.36-9+deb12u10
ii libcurl3-gnutls 7.88.1-10+deb12u12
ii libglib2.0-0 2.74.6-2+deb12u5
ii libgnutls30 3.7.9-2+deb12u4
ii libjansson4 2.14-2
ii libmm-glib0 1.20.4-1
ii libndp0 1.8-1+deb12u1
ii libnewt0.52 0.52.23-1+b1
ii libnm0 1.42.4-1
ii libpsl5 0.21.2-1
ii libreadline8 8.2-1.3
ii libselinux1 3.4-1+b6
ii libsystemd0 252.36-1~deb12u1
ii libteamdctl0 1.31-1
ii libudev1 252.36-1~deb12u1
ii policykit-1 122-3
ii polkitd 122-3
ii udev 252.36-1~deb12u1

Versions of packages network-manager recommends:
ii dnsmasq-base [dnsmasq-base] 2.90-4~deb12u1
ii libpam-systemd 252.36-1~deb12u1
ii modemmanager 1.20.4-1
ii ppp 2.4.9-1+1.1+b1
ii wireless-regdb 2022.06.06-1
ii wpasupplicant 2:2.10-12+deb12u2

Versions of packages network-manager suggests:
ii iptables 1.8.9-2
pn libteam-utils <none>

Versions of packages network-manager is related to:
ii isc-dhcp-client 4.4.3-P1-2

-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed:
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false


-- no debconf information

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)