OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: walkerx on May 28, 2022, 03:43:30 pm

Title: Lost DHCPv6 after installing plugin
Post by: walkerx on May 28, 2022, 03:43:30 pm

I've installed Zenarmour (Sensei) on my OpnSense 22.1.8_1-amd64 system and immediately after activating I lose ipv6 addressing on my lan.

The dashboard reports that dhcpv6 server has stopped and can't be restarted.

IPv6 is working on my WAN, just now not accross my lan network.

If I disable Sensei and reboot Opnsense i have no issues and dhcpv6 and npt are working again

Does Sensei actually work with users who use ipv6 or is it something we should not use

Title: Re: Lost DHCPv6 after installing plugin
Post by: sy on May 30, 2022, 01:43:59 pm

Hi,

Did you try in bypass mode (Status - Services - Zenarmor Packet Engine - Enter Bypass Mode)?

Title: Re: Lost DHCPv6 after installing plugin
Post by: walkerx on May 30, 2022, 06:05:52 pm

when you enable sensi it doesn't allow the restart of dhcpv6 and when set to bypass it still prevents dhcpv6 from running

it also prevents nettime from working

Title: Re: Lost DHCPv6 after installing plugin
Post by: walkerx on June 21, 2022, 03:50:42 pm

update: Zenarmor report they are unable to reproduce the issues I'm experiencing with the DHCPv6 Server going offline and not restarting after starting their product.

My connection looks to be configured correctly as can get IPv6 through the internet, IPv6-Test shows it is working and I'm getting IPv6 entries in my lease table when I don't use Zenarmour.

Has anyone had similar issues or any other advice regarding the configuration of this plugin before I uninstall it

Title: Re: Lost DHCPv6 after installing plugin
Post by: sy on June 21, 2022, 04:38:22 pm

Hi,

Please make sure that you try in bypass mode. In bypass mode, the Zenarmor packet engine just forwards the packages and never inspects them. I remember that it has occurred in bypass mode as well. Most probably it is a netmap issue and needs to look into it. It occurs with Suricate in IPS mode as well. Is Suricata active in your OPNsense?

Title: Re: Lost DHCPv6 after installing plugin
Post by: walkerx on June 21, 2022, 06:59:23 pm

Quote from: sy on June 21, 2022, 04:38:22 pm

Hi,

Please make sure that you try in bypass mode. In bypass mode, the Zenarmor packet engine just forwards the packages and never inspects them. I remember that it has occurred in bypass mode as well. Most probably it is a netmap issue and needs to look into it. It occurs with Suricate in IPS mode as well. Is Suricata active in your OPNsense?

As stated previously, I have tried in bypass mode and have exactly the same problem, whenever the engine starts DHCPv6 Server stops and can't be restarted. I've even tried with IPS disabled and have the same problem.

Its whenever the packet engine starts, dhcpv6 fails and can't be restarted until I disable zenarmour and reboot the whole system.

Update: 18:37  - I think I have it working - managed to get static ipv6 working after some trial and error, started zenarmour and dhcpv6 server still running, so it looks like when it's set to track interface I have the problem. I'm going to monitor to see if I have any issues as not sure if I've set router advertisements correctly (left these on assisted)