OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: col360 on November 21, 2018, 11:57:32 am
-
My ISP has started offering IPV6 and I'm trying it out. I am having an issue where I can't seem to start the DHCPv6 server an gets the log filled with below errors:
opnsense: /status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 10: expecting a parameter or declaration authoritative; ^ Configuration file errors encountered -- exiting If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'I don't have anything set int he DHCPv6 settings fore the LAn other than enabling it with " Enable DHCPv6 server on LAN interface".
The DHCP6 service simply refuse to start with above errors.
-
did you put in a prefix ID on the lan? Should use track interface for the lan and not dhcp
Did you configure the wan interface for dhcp and put a prefix delegation in?
One problem I found after 2 days of configuring was there were several extra gateways and when I deleted the extras and had only one for dhcp4 and only one for dhsp6 both made the default gateways everything fell into place and i now have it working for Spectrum.
I also added DNS for both dhcp4 and dhcp 6
-
what worked for me was do the wan first
i used a 56 for prefix delegation and also enabled prefix hint
save and apply
on the lan I did track interface and 0 for the prefix id
save and apply
then reboot
IGNORE it if your gateway on the dashboard says offline for now and try the site. The offline dhcp6 can be dealt with after you have it all working and ignore whatever you have for addresses. some will be link local and some not.
after everything comes back up unplug your cat 5 or turn off the wireless on the system your using plug back in or turn on the wireless and got to http://www.kame.net/ and you should see the turttle moving. If not you may have to reset your modem, after it come up boot the OPN box then boot the system your on. Of course shut everything down first.
Make sure you have no extra gateways! thats what my major malfunction was.
IPv6 works for everything on my network now including the cell phones and 2 nas's
-
I'll give those suggestions a try
-
Also note that IPv6 only needs DHCP in exceptional circumstances. Most settings are set through multicast. Give RA a go if you get stuck.
Bart...
-
you need to explain a lot better than give ra a try
It seems most everything to do with IPv6 is exceptional as in exceptionally hard to get working.
-
Pick a /64 subnet from your ISP assigned range. Set the LAN interface to a static IPv6 address in that subnet.
Services, router advertisements, LAN. Unmanaged, high priority, advertise DG, DNS servers IPv6 of your (internal) DNS if you have it, with domain search list, tick RA, min/max 200/600 second.
Start the service, log into the shell, confirm all is well with radvdump. Set clients to SLAAC (usually default)
Done 8)
Bart...
-
Also, if you're not averse to spending a modest amount of cash, udemy has a few highly rated courses on IPv6. Disclaimer; I have no relationship with them, other than as a satisfied customer. ;-)
Bart...
-
I'm back to not getting an IPv6 WAN IP not sure if this is related :(
-
Who is your ISP? There may be others here with the same provider.
Bart...
-
now theres 2 ways explained and it cost nothing but if you want Bart you can give me your money to spend :)
cryptic non explanations help nobody.
-
Col can you go to the kame project site and see the turtle moving even if it looks like you have no wan?
My wan looks like it has a fe LL address and my lan has a 2600 type.
by looking at what i see in my gateway it looks like no IPv6 also but it is there.
Gateways
Name RTT RTTd Loss Status
SPECTRUM_DHCP
90.59.64.1 7.2 ms 0.7 ms 0.0 % Online
SPECTRUM_DHCP6
fe80::2a3:d1ff:feed:7c19%em1 33.1 ms 1.7 ms 0.0 % Online
Interfaces
LAN 1000baseT <full-duplex> 192.168.10.1
2603:9090:e719:1600:215:17ff:fee8:97e0
SPECTRUM 1000baseT <full-duplex> 96.59.119.50
2603:9090:ff00:e7:3c39:1679:317a:9099
-
I'm with AussieBroadband no one on it with OpnSense have any success. Some report success with PFSense.
Already try the Kame and and the turtle not moving!
BTW I'm using IPoE with a bridged VDSL modem in front of OPNSense. If I plug my Windows laptop directly into the Bridged modem I get an IPV6 straight away without any effort!
Best I can do is get a link local address on the WAN interface fe80::20e:c4ff:fed0:48e2
Settings https://i.imgur.com/rXsH6ZP.png
The log says below
Nov 28 01:26:10 sshd[85727]: Received signal 15; terminating.
Nov 28 01:26:10 opnsense: /interfaces.php: Warning! services_radvd_configure(auto) found no suitable IPv6 address on igb0
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: skipping IPv6 default route
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: skipping IPv4 default route
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: no IPv6 default gateway set, assuming wan Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: no IPv4 default gateway set, assuming wan Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: entering configure using 'lan'
Nov 28 01:26:06 opnsense: /interfaces.php: Warning! services_radvd_configure(auto) found no suitable IPv6 address on igb0
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: skipping IPv6 default route
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: keeping current default gateway '180.150.xxx.z'
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: setting IPv4 default route to 180.150.xxx.z
-
igb1 is the WAN interface.
DHCP log looks like thisNov 27 18:17:27 gw1 dhcp6c[68673]: send solicit to ff02::1:2%igb1
Nov 27 18:17:27 gw1 dhcp6c[68673]: reset a timer on igb1, state=SOLICIT, timeo=4155, retrans=128388
Nov 27 18:18:09 gw1 dhcp6c[68673]: restarting
Nov 27 18:18:09 gw1 dhcp6c[68673]: removing an event on igb1, state=SOLICIT
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[interface] (9)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <5>[igb1] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[send] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[ia-pd] (5)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>comment [# request prefix delegation] (27)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[request] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[domain-name-servers] (19)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[request] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[domain-name] (11)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[script] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>comment [# we'd like some nameservers please] (35)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[id-assoc] (
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>[pd] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[prefix] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[::] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[/] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[56] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[infinity] (
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[prefix-interface] (16)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <5>[igb0] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[sla-id] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[sla-len] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[8] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: called
Nov 27 18:18:09 gw1 dhcp6c[68673]: called
Nov 27 18:18:09 gw1 dhcp6c[68673]: reset a timer on igb1, state=INIT, timeo=0, retrans=433
Nov 27 18:18:10 gw1 dhcp6c[68673]: Sending Solicit
Nov 27 18:18:10 gw1 dhcp6c[68673]: a new XID (7ae07) is generated
Nov 27 18:18:10 gw1 dhcp6c[68673]: set client ID (len 14)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set elapsed time (len 2)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set option request (len 4)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set IA_PD prefix
Nov 27 18:18:10 gw1 dhcp6c[68673]: set IA_PD
Routing log looks like thisNov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> Processing RA
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608230
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 1
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:36 gw1 rtsold[55679]: <make_rsid> rsid = [igb1:slaac]
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::b226:80ff:fe1f:4442 on igb1, state is 0
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> Processing RA
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608230
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608238
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 5
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <make_rsid> rsid = [igb1:slaac]
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:42 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:42 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:45 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:45 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:54 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:54 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:00 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:08:00 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:08 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:08:08 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:09 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1af1:45ff:fe74:a29d on igb1, state is 0
Digging some more I see a lot of below in the firewall logNov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2404:6800:4006:807::2003,59900,443,0,S,595995957,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60123,443,0,S,961410098,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56608,443,0,S,1099330371,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56609,443,0,S,3527085472,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56610,443,0,S,1318992366,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2404:6800:4006:807::2003,59905,443,0,S,100023556,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60128,443,0,S,2870499212,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60129,443,0,S,439595810,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xc5fab,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,9993,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x11c6a,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,9993,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xb7b0b,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,21645,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x638ca,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,21645,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x6e486,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,21646,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xba747,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,21646,9993,157
-
Not quite sure what I fiddled with that made it works. The LAN interface and hosts now get proper IPv6 addresses!
The WAN interface still say it has a link local IPv6 IP.
-
I seem to have made it worked!
WAN confighttps://i.imgur.com/R2S8qt4.png (https://i.imgur.com/5whNX1F.png)
https://i.imgur.com/9CAHSf8.png (https://i.imgur.com/KgPMct5.png)
LAN Config https://i.imgur.com/jy2mZrh.png (https://i.imgur.com/akdzljB.png)
Also under Firewall->Settings->AdvancedUntick "Allow IPv6" & Click SaveThen Tick "Allow IPv6" & Click Save
Also Under WAN Firewall rules I've added below rule. Not sure if this matters.https://i.imgur.com/Q8FcA6p.png (https://i.imgur.com/pMQoIhs.png)
The LAN interface and devices behind the OPNSense are getting their IPv6 IPs now.
-
thats why i told you to ignore any LL while configuring. I also always show a LL for the IPv6 gateway and for the lan I get the proper addressing shown.
It takes a few moments and most often shuting everything down at least once then botting in order.
1) dsl/cable/whatever modem
2) OPNsense box
3) whatever else is left on the lan.
for example my gateway shows LL
Gateways
Name RTT RTTd Loss Status
SPECTRUM_DHCP
90.59.64.1 7.2 ms 0.7 ms 0.0 % Online
SPECTRUM_DHCP6
fe80::2a3:d1ff:feed:7c19%em1 33.1 ms 1.7 ms 0.0 % Online
My two biggest hurdles to get it working was i had multiple gateways so I deleted all but 2 which helped.
And like you I paid far to much attention to what what was assigned at the gateway and didn't just check when I seen a LL. Something isn't right in OPNsense I imagine maybe?
It all works :)
Congratulations you can count yourself as one of the few there to have it working.
-
For those wonder what GDickson mean by "LL" = link local IPV6 Address.
Looking into it more may have something to do with my ISP giving out the link local IP. However doesn't quite explain why Windows direct was getting a proper IPv6 when connected directly to the bridged modem.
-
It's quite normal to have a link local address for the next IPv6 router hop. My ISP works like that. The assigned range is on your side of the PPPoE link, the router only needs to know where it lives.
Bart...
-
For those wonder what GDickson mean by "LL" = link local IPV6 Address.
Looking into it more may have something to do with my ISP giving out the link local IP. However doesn't quite explain why Windows direct was getting a proper IPv6 when connected directly to the bridged modem.
Same for me, I can get a other than LL address on windows and opensuse tumbleweed connected directly to the cable modem (cable modem has no routing is just a bridged modem) also using a linksys router, belkin router, d-link router and a have no idea was laying around no name cheapy don't even know where I got it or why router.
Seems the same behavior for a DSL modem also regarding just a LL address.
That was why it made it so damn confusing when on OPNsense we see just a LL on the gateway and instead of consistently testing anyhow we figure it won't or don't work and configure once again.
OPNsense is the only appliance / firewall-router I see this behavior with the gateway having a LL address.
When I ignored what was in the gateway and started to test each configuration was when it all came together WITHOUT throwing money at it hmmmmm.
-
Interesting observation there. The linklocal address throw me off for quite some time as I did not bother testing the clients hosts thinking it didn't work!
For some reason today I found IPV6 has stopped working on the OPNsese box and DHCP6 service also stopped. I gave it a reboot and things seems to come back on correctly. Don't know if its issue with OPNSense or not. No time to look into at the moment.
-
DHCPv6 service derived from interface tracking will stop if your LAN has no IPv6 address where it could broadcast from. It would point to a defunct tracking setup or defunct IPv6 WAN setup.
Cheers,
Franco