OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: marcel on May 20, 2019, 02:10:21 pm
-
Hi
I saw a weird issue with opnsense 19.1.8 and IPv6. I have three interfaces (WAN, DMZ, LAN). I request a prefix with DHCPv6 on WAN. On LAN and DMZ I use track interface to configure the dynamic IPv6.
When I plug-in a device at the DMZ interface it gets an IPv6 address with a new prefix. This also changes the currently existing IPv6 address on LAN. This breaks all devices behind that interface as they now have IPv6 addresses based on multiple prefixes configured and opnsense doesn't invalidate the old prefixes.
Config of WAN:
- IPv6 Configuration Type: DHCPv6
- DHCPv6 client configuration
- Configuration Mode: Basic
- Request only an IPv6 prefix: No
- Prefix delegation size: /48
- Send IPv6 prefix hint: Yes
- Directly send SOLICIT: Yes
- Prevent release: No
- Enable debug: Yes
- Use IPv4 connectivity: No
Config of LAN (re1_vlan34) / DMZ (re2)
- IPv6 Configuration Type: Track Interface
- Track IPv6 Interface
- IPv6 Interface: WAN
- IPv6 Prefix ID: 0x34 (LAN), 0x35 (DMZ)
- Manual configuration: No
I'm not sure about the prevent release option. I tried turning that on but after setting it and a reboot I haven't received any prefix at all. (Maybe I have reached the maximum allowed prefixes from the provider).
Is that expected behavior?
Where can I find the dhcp-pd debug logs? -> clog /var/log/system.log | grep dhcp6
clog /var/log/system.log | grep -E 're2|re1_vlan34|dhcp6c'
May 18 13:04:14 opnsense kernel: re2: link state changed to DOWN
May 18 13:04:14 opnsense dhcp6c[52690]: restarting
May 18 13:04:15 opnsense dhcp6c[52690]: Sending Solicit
May 18 13:04:16 opnsense dhcp6c[52690]: Sending Request
May 18 13:04:16 opnsense dhcp6c[52690]: Received REPLY for REQUEST
May 18 13:04:16 opnsense dhcp6c[52690]: add an address 2001:DB8:d65c:35:xxxx:xxxx:xxxx:xx6/64 on re2
May 18 13:04:16 opnsense dhcp6c[52690]: add an address 2001:DB8:d65c:34:xxxx:xxxx:xxxx:xx5/64 on re1_vlan34
May 18 13:04:16 opnsense dhcp6c[52690]: add an address 2001:DB8:xxxx:xx::30/128 on re0
May 18 13:04:16 opnsense dhcp6c: dhcp6c REQUEST on re0
May 18 13:04:16 opnsense dhcp6c: dhcp6c REQUEST on re0 - running newipv6
May 18 13:15:27 opnsense kernel: re2: link state changed to UP
May 18 13:15:28 opnsense dhcp6c[52690]: restarting
May 18 13:15:28 opnsense dhcp6c[52690]: Start address release
May 18 13:15:28 opnsense dhcp6c[52690]: Sending Release
May 18 13:15:28 opnsense dhcp6c[52690]: remove an address 2001:DB8:xxxx:xx::30/128 on re0
May 18 13:15:28 opnsense dhcp6c[52690]: Start address release
May 18 13:15:28 opnsense dhcp6c[52690]: Sending Release
May 18 13:15:28 opnsense dhcp6c[52690]: failed to remove an address on re2: Can't assign requested address
May 18 13:15:28 opnsense dhcp6c[52690]: remove an address 2001:DB8:d65c:34:xxxx:xxxx:xxxx:xx5/64 on re1_vlan34
May 18 13:15:28 opnsense dhcp6c[52690]: Received REPLY for RELEASE
May 18 13:15:28 opnsense dhcp6c[52690]: status code: success
May 18 13:15:28 opnsense dhcp6c: dhcp6c RELEASE on re0
May 18 13:15:28 opnsense dhcp6c: dhcp6c RELEASE on re0 - running newipv6
May 18 13:15:29 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re2
May 18 13:15:29 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re1_vlan34
May 18 13:15:29 opnsense kernel: re2: link state changed to DOWN
May 18 13:15:30 opnsense opnsense: /usr/local/etc/rc.linkup: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re2
May 18 13:15:30 opnsense opnsense: /usr/local/etc/rc.linkup: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re1_vlan34
May 18 13:15:34 opnsense dhcp6c[52690]: restarting
May 18 13:15:34 opnsense dhcp6c[52690]: Sending Release
May 18 13:15:34 opnsense dhcp6c[52690]: Received REPLY for RELEASE
May 18 13:15:34 opnsense dhcp6c[52690]: status code: success
May 18 13:15:34 opnsense dhcp6c: dhcp6c RELEASE on re0
May 18 13:15:34 opnsense dhcp6c: dhcp6c RELEASE on re0 - running newipv6
May 18 13:15:35 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re2
May 18 13:15:35 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Warning! services_radvd_configure(auto) found no suitable IPv6 address on re1_vlan34
May 18 13:15:40 opnsense dhcp6c[52690]: Sending Solicit
May 18 13:15:40 opnsense dhcp6c[52690]: XID mismatch
May 18 13:15:41 opnsense dhcp6c[52690]: Sending Request
May 18 13:15:41 opnsense dhcp6c[52690]: Received REPLY for REQUEST
May 18 13:15:41 opnsense dhcp6c[52690]: add an address 2001:DB8:d65d:35:xxxx:xxxx:xxxx:xx6/64 on re2
May 18 13:15:41 opnsense dhcp6c[52690]: add an address 2001:DB8:d65d:34:xxxx:xxxx:xxxx:xx5/64 on re1_vlan34
May 18 13:15:41 opnsense dhcp6c[52690]: add an address 2001:DB8:xxxx:xx::31/128 on re0
May 18 13:15:41 opnsense dhcp6c: dhcp6c REQUEST on re0
May 18 13:15:41 opnsense dhcp6c: dhcp6c REQUEST on re0 - running newipv6
[EDIT]
Added dhcp6c and link status logs and interface names.
-
I now have configured a static DUID and set the checkbox for prevent release. The DUID hopefully gives me the same prefix when requesting one as long as the lease still exists. The prevent release should ignore the interface shutdown.
Unfortunately I can't test it until the ISP dhcp offers me new prefixes (there seems to be a hard-limit of prefixes given out)
-
After testing with the new settings (static DUID and prevent release) bringing re2 (DMZ) up still removes the IPv6 from re1_vlan34 (LAN).