1
General Discussion / Re: Confused about IPv6
« Last post by luckylinux on Today at 10:36:45 am »Just an Update from my side (I haven't touched OPNSense for now) ....
The Issue about LAN clients losing IPv6 Connectivity after 30 Minutes / 1 Hour / etc can be "worked around" by restarting (via CRON) the WAN/WAN6 Interface on OpenWRT Router. That's really a "hack" as it will also cause loss of IPv4 Connectivity for approx. 30 seconds over 30 Minutes (1800 seconds) so approx 2% of the Time.
This would be the Hack. BOTH WAN6 and WAN Interface need to be Restarted in order for this to Work.
**ESSENTIAL** is that WAN6 Interface **MUST** be reset **BEFORE** WAN6 Interface !
OpenWRT -> System -> Scheduled Tasks
(disabled since the better Solution has been implemented, see further down the Post, and that appears to work well ... at least for now)
WAN Interface Reset Script in /usr/local/bin/restart-wan-interfaces
WAN6 Interface Reset Script in /usr/local/bin/restart-wan6-interfaces
Not Optimal, thus I researched a bit the OpenWRT Forums for Possible Clues ...
Primary Clue: https://forum.openwrt.org/t/loosing-ipv6-upstream-after-30-minutes/21131/21
Maybe also this: https://forum.openwrt.org/t/ipv6-works-only-with-wan-in-promiscuous-mode/490/18
So I applied the following Settings:
Going strong after more than 24h with IPv6 on LAN clients working ... Knock on Wood.
It seems that old versions of OpenWRT also needed to have the "Allow-DHCPv6" Firewall Rule modified and REMOVE the SRC_IP and DEST_IP (see the explanation https://forum.openwrt.org/t/ipv6-works-only-with-wan-in-promiscuous-mode/490/17). That didn't seem necessary in the latest Stable Build though (23.05).
Overall it seems that the main Things that made this work is, in essence:
The Issue about LAN clients losing IPv6 Connectivity after 30 Minutes / 1 Hour / etc can be "worked around" by restarting (via CRON) the WAN/WAN6 Interface on OpenWRT Router. That's really a "hack" as it will also cause loss of IPv4 Connectivity for approx. 30 seconds over 30 Minutes (1800 seconds) so approx 2% of the Time.
This would be the Hack. BOTH WAN6 and WAN Interface need to be Restarted in order for this to Work.
**ESSENTIAL** is that WAN6 Interface **MUST** be reset **BEFORE** WAN6 Interface !
OpenWRT -> System -> Scheduled Tasks
(disabled since the better Solution has been implemented, see further down the Post, and that appears to work well ... at least for now)
Code: [Select]
# !! WAN6 Interface must be reset BEFORE WAN Interface !!
#1 * * * * /usr/local/bin/restart-wan-interfaces
#0 * * * * /usr/local/bin/restart-wan6-interfaces
WAN Interface Reset Script in /usr/local/bin/restart-wan-interfaces
Code: [Select]
#!/bin/sh
# Define Interface
interface="wan"
# Echo
echo "Bringing down Interface ${interface}"
# Stop Interfaces
ifdown ${interface}
# Wait a bit
sleep 5
# Echo
echo "Bringing up again Interface ${interface}"
# Start Interfaces
ifup ${interface}
WAN6 Interface Reset Script in /usr/local/bin/restart-wan6-interfaces
Code: [Select]
#!/bin/sh
# Define Interface
interface="wan6"
# Echo
echo "Bringing down Interface ${interface}"
# Stop Interfaces
ifdown ${interface}
# Wait a bit
sleep 5
# Echo
echo "Bringing up again Interface ${interface}"
# Start Interfaces
ifup ${interface}
Not Optimal, thus I researched a bit the OpenWRT Forums for Possible Clues ...
Primary Clue: https://forum.openwrt.org/t/loosing-ipv6-upstream-after-30-minutes/21131/21
Maybe also this: https://forum.openwrt.org/t/ipv6-works-only-with-wan-in-promiscuous-mode/490/18
So I applied the following Settings:
- OpenWRT -> Network -> Interfaces -> LAN Interface
- Min RA interval: [3 seconds]
- Max RA interval: [600 seconds] (same as default)
- RA Lifetime: [1800 seconds] (same as default)
- OpenWRT -> Network -> Devices -> br-lan
- Enable multicast querier [checked]
- Enable multicast support: [checked]
- Enable Promiscous Mode: [disabled] (apparently only one of multicast or promiscous mode is required, thus I disabled Promiscous Mode, since Multicast is "safer" and with less Traffic)
- Force IGMP version: [no enforcement]
- Force MLD version: [no enforcement]
- OpenWRT -> Network -> Devices -> wan
- Enable multicast support: [checked]
- Enable Promiscous Mode: [disabled] (apparently only one of multicast or promiscous mode is required, thus I disabled Promiscous Mode, since Multicast is "safer" and with less Traffic)
- Force IGMP version: [no enforcement]
- Force MLD version: [no enforcement]
Going strong after more than 24h with IPv6 on LAN clients working ... Knock on Wood.
It seems that old versions of OpenWRT also needed to have the "Allow-DHCPv6" Firewall Rule modified and REMOVE the SRC_IP and DEST_IP (see the explanation https://forum.openwrt.org/t/ipv6-works-only-with-wan-in-promiscuous-mode/490/17). That didn't seem necessary in the latest Stable Build though (23.05).
Overall it seems that the main Things that made this work is, in essence:
- Enable Multicast
- Use shorter time/period between RA Renewals (Min RA interval especially, since Max RA interval & Max RA interval are set at their default Values)