OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: fbantgat7 on March 01, 2022, 12:05:28 am

Title: [SOLVED] Firewall Shaper causes IPv6 address loss on WAN
Post by: fbantgat7 on March 01, 2022, 12:05:28 am

Hi,

I moved to OPNsense after some time with pfSense and I am pleased I did so.  However, there is a problem I've come across I'm struggling to understand why it is happening and how to fix it.

When I first tried to set up the Firewall Shaper, I managed to reduce an otherwise abysmal bufferbloat on my slow ADSL.  However, this seems to interfere with Router Advertisements.  Invariably within a period of time WAN loses its IPv6 address and the dpinger service cannot be (re)started thereafter, whether I disable Shaper settings or not.

I can still ping my ISP's and any other internet IPv6 servers from the router's console and PCs in the LAN. PCs in the LAN retain their IPv6 address, but WAN's IPv6 address is gone and won't be re-established unless I reboot the router.

I have tried these Shaper settings:

https://forum.opnsense.org/index.php?topic=7423.0

https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/

and later added DNS and TCP ACK rules in the hope it would make a difference.  Nothing appears to have worked.  Can you please let me know what additional information (logs) you may need to help me troubleshoot this and where/how to capture them, because I am still finding my way around OPNsense and don't know where everything is.

The dpinger problem:

Code: [Select]

2022-02-28T21:08:38 Notice dpinger GATEWAY ALARM: WAN_DHCP6 (Addr: 20XX:XXX:X:XX::XXX Alarm: 1 RTT: 34297us RTTd: 33692us Loss: 22%)
2022-02-28T21:08:38 Warning dpinger WAN_DHCP6 20XX:XXX:X:XX::XXX: Alarm latency 34297us stddev 33692us loss 22%
Routing logs have been showing this all day, even while the WAN PPPoE had an IPv6 address (Shaper was off at the time) and while the dpinger worked as expected by monitoring an ISP server address:

Code: [Select]

<28>1 2022-02-28T16:55:50+00:00 OPNsense.localdomain radvd 11117 - [meta sequenceId="1"] sendmsg: Network is down
<28>1 2022-02-28T16:59:32+00:00 OPNsense.localdomain radvd 11117 - [meta sequenceId="1"] sendmsg: Network is down
<28>1 2022-02-28T17:08:58+00:00 OPNsense.localdomain radvd 11117 - [meta sequenceId="1"] sendmsg: Network is down
<28>1 2022-02-28T17:15:43+00:00 OPNsense.localdomain radvd 11117 - [meta sequenceId="1"] sendmsg: Network is down
<28>1 2022-02-28T17:21:53+00:00 OPNsense.localdomain radvd 11117 - [meta sequenceId="1"] sendmsg: Network is down
Since this is a new installation I don't know if it is a problem with previous version.  Currently running 22.1.1_3.

Thanks.

Title: Re: [SOLVED] Firewall Shaper causes IPv6 address loss on WAN
Post by: fbantgat7 on March 06, 2022, 05:57:26 pm

The problem was resolved by defining specific LAN subnets for source/destination in the traffic shaper rules, rather than any-any and relying on the Direction in/out to control the queues.  It seems the suggestions on this webpage to cater for traffic shaping on a dual IPv4/IPv6 stack would NOT work for my setup without bringing IPv6 dpinger down:  https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/