English Forums > 24.1 Production Series
IPv6 stops routing a few minutes after boot
gazd25:
Hi All,
Firstly, I'd like to thank everybody for their sterling work on OPNsense, people like me would be much worse off without it, so thank you very much to all contributors.
I've been refining my OPNsense config for some considerable time and while it's now relatively complex, I have reached a very positive place with pretty much everyting I want working correctly.
I have been having a minor problem for some time, think it actually started back in the times 23.1 release which was around the time I first deployed IPv6 on my network. It's more of a niggle than a serious issue but the ability to replicate the fault fairly consistently does suggest a potential timing issue in the code at boot that might be responsible.
My system publishes IPv6 /56 from my ISP using track interface on my LAN network to a /64 internally, DHCPv6 sends my prefix from the ISP and they dont publish me an IP so an autoassigned one is set, but this is relatively normal and all traffic routes and works as expected.
The problem comes in that after boot up the system will be working and routing IPv6 correctly, then an unknown number of minutes later, for some reason will stop routing. When this happens, I'll go to the dashboard interface and restart the routing service manually and it'll start routing IPv6 again and until I reboot next time, it'll continue working as expected.
I would say the above occurs maybe 9/10 boots and occassionally for a reason I also cant define it simply continues to work as expected.
I'm hoping one of the experts here can help me get to the bottom of the root cause and fix and happy to collect logs, and test as needed since i run OPNsense in a VM with easy snapshot and rollback capability.
Many thanks
Gareth
gazd25:
I forgot to add, I'm currently running the latest stable release 24.1.6, though this issue has persisted for a long time throughout a fair number of updates.
Thanks
Gareth
gazd25:
Just done a little further testing and important to note that when the IPv6 routing fails, I have also tried to ping from an IPv6 interface on the OPNsense firewall to an internet IPv6 address and the error I see is "No Route to Host"
Restarting routing service then allows the same ping set in the diagnostics from the firewall host to the Internet address to succeed with no losses so while I thought maybe it was just routing through from the LAN side to the internet that was failing, it appears the firewall host itself also cannot route to the IPv6 internet while in this state.
Thanks
Gareth
opnfwb:
I've noticed something similar with my fiber provider. I think the issue is the provider's PD doesn't have a valid monitor address or has high packet loss. For instance, if I leave gateway monitoring enabled for my IPV6 WAN route I can see a high level of packet loss come and go just on the fe80% IP that gets discovered during the ISP handing out the PD.
This resolved my issue and resulted in stable IPv6. Again I'll caution that these settings might not be for everyone but this is what fixed my issue with some trial/error.
First you'll need to go to system/gateways/configuration and edit the WAN DHCP6 gateway. By default OPNsense has gateway monitoring disabled, enable it and you'll want to set a known good WAN IPv6 IP address. I like to use DNS servers like CloudFlare, Google, or Quad9 since they are anycast and always reachable if the WAN is up. I've attached a screenshot showing how I've configured my IPv6 WAN gateway.
I would also recommend doing something similar with your WAN_DHCP ipv4 gateway if you haven't already. It's okay to leave that IP to the ISP assigned WAN gateway (leave it blank and it will use the ISP gateway) as that usually always works. Enabling gateway monitoring for both of these will give you the "quality" graphs under Reporting/Health/Quality. Not only will you be able to see your average ping time across both gateways but you'll also be able to check if you're getting packet loss, which is quite handy.
Try these and see if your ipv6 stabilizes.
gazd25:
Thanks Opnfwb, I'll give this a try when I get a minute free this weekend
Navigation
[0] Message Index
[#] Next page
Go to full version