I have flat network with 7 nodes, one of the nodes act as the DHCPv6 server and also runs radvd.
When used like that, radvd will use the helper node (local-link) IP as the gateway when sending the RA.
How can I manually set/force/overwrite the IP that radvd will send as the network gateway?
Note, I get the IPv6 subnet as is from the cloud provider, I only get static routing, nothing else. I can manually configure each node, and set the GW address manually, but that is not what I'm looking for.
You cannot; the host that issues the Router Advertisement must be the router itself (unlike DHCP, there is no option to send RAs on behalf of another gateway), and per RFC 4861 section 4.2, Router Advertisements must be sent from the link-local address.
If all hosts are directly connected to the upstream network (e.g. through a switch), then you need to place your own router in front of them all which would issue RAs – or the "helper node" needs to be turned into a router for the rest. (The new router will also need to run Proxy-NDP, as the subnet is "on link" for the upstream gateway; fortunately this has zero additional impact on performance, but not all routers support this feature.)
It may be possible to broadcast fake RAs via packet injection tools (e.g. using scapy), edited to use the upstream gateway's link-local address as source (instead of your host's), but it must still be a link-local address. If you don't know the gateway's link-local address, sometimes it can be found in a packet capture or derived from the gateway's MAC address.
As said in this answer, radvd cannot overwrite the default gateway, but it can be modified without broadcasting with other programs. In a simple way, you can modify the advertisement with nftables, for example:
We can assume (data depends on the environment):
2001:db8::1111eth02001:db8::1inet table.$ sudo nft 'add table inet raw'
$ sudo nft 'add chain inet raw output { type filter hook output priority raw; policy accept; }'
$ sudo nft 'add rule inet raw output ip6 saddr 2001:db8::1111 oifname "eth0" ip6 daddr ff02::1 icmpv6 type nd-router-advert ip6 saddr set 2001:db8::1 notrack comment "RADVD"'
This produces:
table inet raw {
chain output {
type filter hook output priority raw; policy accept;
ip6 saddr 2001:db8::1111 oifname "eht0" ip6 daddr ff02::1 icmpv6 type nd-router-advert ip6 saddr set 2001:db8::1 notrack comment "RADVD"
}
}
I specified many parameters in the rule to match as much as possible the RA packets that radvd multicasts to ff02::1. But more parameters could be specified.
NOTE: This is not recommended for production, only for testing.
