After updating to 24.1.10 and rebooting the system, my connection to Orange FR ISP stopped working. It seems there is no traffic on the WAN interface.
It was working fine till 24.1.8 at least (24.1.9 as well but I did not reboot after the update).
Rollback to 24.1.5 (my last snapshot) restored the connection.
Any suggestion on where to look?
IPv4 or IPv6 or both?
I get an IPv4, but Orange FR ISP does not work if there is no valid IPv6 set if I remember well.
EDIT: I'm not getting an IPv6 from DHCP on 24.1.10.
Can you lock the dhcp6c package while you are on 24.1.5 and try to upgrade again? We need to make sure we find the right component first.
Cheers,
Franco
ok, how can I do that?
EDIT: found it, upgrade in progress
Locked dhcp6c to 20230530, but same issue after upgrade.
If you revert this one https://github.com/opnsense/core/commit/e94baab85 by issuing:
# opnsense-patch e94baab85
?
Cheers,
Franco
It worked!
Note: IPv6 connection for my Wireguard VPN does not come up automatically after reboot, I have to restart the Wireguard service (tested twice).
Not sure what's the matter with Orange here. I've traced the origin of the other rule, we widened the scope of it and removed a faulty one. It tests and runs fine for IPv6 in general. Probably back to packet captures with one of you fine folks. We had a lot of fun with Orange over the years already. ;)
Cheers,
Franco
What IPv6 router address is Orange using?
# grep . /tmp/*_routerv6
fe80::ba0:bab.
Any clue on why the Wireguard IPv6 VPN does not come up automatically at reboot? Can it be related?
No clue. I'm more interested in finding out why Orange doesn't adhere to sending from fe80::/10 when in fact they appear to do it (at least the router would indicate this). The only change I can see offending is when the server decides it has a different address, but due to ND you can't viably escape fe80::/10 anyway. I'm missing some context here.
No other report so far from Orange FR users. A bit curious, because normally they are very quick to help get it solved. Just as a data point.
Cheers,
Franco
I'll issue a hotfix in a bit for https://github.com/opnsense/core/commit/0217a1a95b1 so please let me know if 24.1.10_1 will solve this for you as well.
Cheers,
Franco
Same issue after installing 24.1.10_1, unfortunately.
Thanks
Just to be sure: did you reboot (or at least reloaded the filter rules)?
Cheers,
Franco
Yes, it stopped working after reboot.
It's probably using a wrong address, but the annoying thing is that if we make the IPv6 requirements any more broad we could just open the ports and call it a day. Can you do a packet capture of the DHCPv6 sequence?
Cheers,
Franco
Can you try this one then? https://github.com/opnsense/core/commit/eb269e0d4
(on latest version)
# opnsense-revert opnsense
# opnsense-patch eb269e0d4
Cheers,
Franco
It worked, thank you!
Still this strange issue about my Wireguard VPNV6 which is not coming up automatically after reboot.
Ok, great, this will hotfix later tonight. It looks like it missed to set the VLAN priority which is required for Orange FR.
We need more data for WireGuard, but not for this week.
Cheers,
Franco
Is it fixed by "24.1.10_2" ? (Changelog says "dhcpv6 multicast problem", not vlan priority)
Quote from: meepmeep on July 13, 2024, 11:42:20 AM
Is it fixed by "24.1.10_2" ? (Changelog says "dhcpv6 multicast problem", not vlan priority)
If you are referring to the IPv6 not getting assigned, then yes. IDK about wireguard, but I have no problems with that on 24.1.10_2.
> Is it fixed by "24.1.10_2" ? (Changelog says "dhcpv6 multicast problem", not vlan priority)
Yes, it appears to be just one manifestation missing the priority. I've seen two other cases with different behaviour but all needed the same fix.
Cheers,
Franco