OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: sbellon on August 21, 2022, 08:39:36 am
-
Hi all,
I've recently updated my OPNsense from 22.1.10 to 22.7.2 and noticed one regression that I haven't been able to solve yet.
I'm on a German Telekom VDSL dual IP stack via PPPoE where LAN has a static IPv4 with DHCPv4 and track6 for IPv6 with DHCPv6 also enabled.
The LAN interface on the OPNsense looks like:
igb1: ...
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::xxxx%igb1 prefixlen 64 scopeid 0x2
inet6 2003:de:yyyy prefixlen 64
On the OPNsense, after an WAN IP renewal, I get the following behaviour:
root@opnsense:~ # host www.google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004
root@opnsense:~ # host www.google.com ::1
Using domain server:
Name: ::1
Address: ::1#53
Aliases:
www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004
root@opnsense:~ # host www.google.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases:
www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004
root@opnsense:~ # host www.google.com 2003:de:yyyy
;; connection timed out; no servers could be reached
As you can see, dnsmasq is working for all but the LAN's IPv6 address. Only after a restart of the dnsmasq service, I also get it running on the IPv6 address:
root@opnsense:~ # host www.google.com 2003:de:yyyy
Using domain server:
Name: 2003:de:f724:b400:2a1:ecff:fe68:f1c0
Address: 2003:de:f724:b400:2a1:ecff:fe68:f1c0#53
Aliases:
www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004
1) Is this a know issue or a configuration problem of my setup?
2) If so, how can I fix it?
Greetings,
Stefan
-
Nobody any idea?
This is really annoying as each morning (after the nightly forced disconnection) I have to manually restart dnsmasq in order to not have degraded DNS lookup in the network.
Alternatively: Is there a way to configure DHCP to only hand out the IPv4 of the OPNsense as nameserver and not also the IPv6 (where dnsmasq stopped listening)?
-
This could be an (intentional) side effect from https://github.com/opnsense/core/commit/7aaa6a263b1351 added to 22.7.1.
DNSmasq never had a good handling of this but it's possible to add it to the right spot if you can confirm the suspicion.
Cheers,
Franco
-
How would I confirm your suspicion? Using some "opnsense-patch 7aaa6a263b1351" or similar (which I've never done before) and then waiting?
-
Yes. opnsense-patch either removes or adds the patch depending on the previous state. On 22.7.2 the patch is present and running the command removes it.
Cheers,
Franco
-
Ok, done ("All patches have been applied successfully. Have a nice day.").
Do I have to restart some services for the changes to take effect?
-
The theory is that DHCP(v6) calling /usr/local/etc/rc.newwanip(v6) will restart Dnsmasq. You don't have to do anything else other than wait and verify.
Cheers,
Franco
-
I just wanted to report back that applying this patch did not fix the issue. After an IPv6 renewal on the track6 LAN interface, dnsmasq still does not listen until I restart it, even with the patch applied.
Any other ideas?
And: Should I revert the patch (or does it not make future updates problematic)?
-
Next firmware update will remove the patch(es) and in this case it's not critical to leave it.
How about this then? https://github.com/opnsense/core/commit/87b3d351a
# opnsense-patch 87b3d351a
Cheers,
Franco
-
Ok, this seems to have worked now. :-)
After a manually forced PPPoE reload via Interfaces -> Overview the IPv6 address changed and dnsmasq is successfully listening on the new one.
I'll keep watching whether it also works for nightly forced disconnects (but I assume so).
-
Should be good, but please report back in any case :)
Cheers,
Franco
-
Reporting back that I had a forced disconnect tonight, LAN track6 interface got new IPv6 and dnsmasq started to listen on it as well, so with
opnsense-patch 7aaa6a263b1351
opnsense-patch 87b3d351a
on top of 22.7.3 it works for me. Would be happy if that could somehow go into future releases.
-
It's been queued up for 22.7.4. Thanks for following up :)
Cheers,
Franco