OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: cayenne on February 02, 2023, 12:00:00 pm

Title: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on February 02, 2023, 12:00:00 pm
Hello,
Yesterday, I updated OPNSense from 22.7.11->23.1_6.

Since the upgrade to version 23.1_6, the IPv6 default route disappears



My configuration did not change after the update



My configuration IPv6 is the prefix delegation for the OPNSense LAN.
The WAN interface is configured by SLAAC.
The LAN interface is configured to static IPv6.
Radvd advertises the /64 prefix.



After the upgrade, IPv6 does not work. The default route disappears after 3-5 minutes (the time for the IPv6 default route to disappear is random).

When the default route disappears, I have a line in log files : General :
2023-02-02T11:14:58   Notice   opnsense   /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]


When I disable/enable the IPv6 gateway, IPv6 is OK but not more than 3-5 minutes with the same message in the logs :
2023-02-02T11:14:58   Notice   opnsense   /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]

I have the default route disappearing at the same time.



Here is an IPv6 network diagram
(https://forum.opnsense.org/index.php?action=dlattach;topic=32263.0;attach=25579;image)

Here is IPv6 PD on the Freebox (Router)
(https://forum.opnsense.org/index.php?action=dlattach;topic=32263.0;attach=25577;image)



additional information added on 12/02/2023 :
I have just tried to analyse what is happening with a network analyser.

As soon as OPNSense receives an ICMPv6 type 134 (RA: Router Advertisement) from the Freebox, OPNSense removes the IPv6 default route

The IPv6 default route comes back when I disable/reactivate the IPv6 gateway in web interface system_gateways.php.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 02, 2023, 01:29:27 pm
SLAAC does not offer a prefix, so no prefix delegation takes place. I'm not sure what you had on 22.7 but indeed SLAAC behaved a bit differently there, but I think it was worse before...


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 01:36:22 pm
SLAAC does not offer a prefix, so no prefix delegation takes place. I'm not sure what you had on 22.7 but indeed SLAAC behaved a bit differently there, but I think it was worse before...


Cheers,
Franco

I may have misspoken but what I mean is, I have IPv6 routing through the Prefix Delegation provided by the Freebox

I'm looking for the problem that makes IPv6 not work on version 23.1. apart from disabling/enabling the IPv6 gateway in OPNSence every 5 minutes
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 02, 2023, 01:39:40 pm
These "no IP change" messages are the RAs from your provider or upstream router. They are used to pass on SLAAC connectivity information. It doesn't disable/enable a gateway...

Perhaps if you can better describe how 22.7 and 23.1 behave differently in log messages and ifconfig and ping behaviour i can help.


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 02:54:38 pm
These "no IP change" messages are the RAs from your provider or upstream router. They are used to pass on SLAAC connectivity information. It doesn't disable/enable a gateway...

Perhaps if you can better describe how 22.7 and 23.1 behave differently in log messages and ifconfig and ping behaviour i can help.


Cheers,
Franco

I don't know what I had as a message before version 23.1 as I wasn't looking at the logs as I had no problems.

In any case, the default IPv6 route disappears at the same time as the "no IP change" log appears.
After the disappearance of the IPv6 default route, The hosts "Unable to reach the destination network."

In fact, it is as soon as I do "Apply changes" without having changed anything that IPv6 comes back for a while and the IPv6 default route is added in OPNSense.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 02, 2023, 03:04:42 pm
# ls /tmp/opt2_*v6

What files do you have and what contents do they have when it works vs. when it doesn't?


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 03:24:21 pm
# ls /tmp/opt2_*v6

What files do you have and what contents do they have when it works vs. when it doesn't?


Cheers,
Franco

"ls /tmp/vtnet2_*v6" rather than "ls /tmp/opt2_*v6" ?

When it works :
Code: [Select]
# ls /tmp/opt2_*v6
ls: No match.

Code: [Select]
# ls /tmp/vtnet2_*v6
/tmp/vtnet2_oldipv6


Code: [Select]
# ls /tmp/
.interfaces.apply               filter_update_tables.lock       opnsense_menu_cache.xml         php-fastcgi.socket-1            rules.debug                     template_sample                 unbound-download_blocklists.tmp vtnet2_oldipv6
configdmodelfield.data          gateway_list.json               pfctl_si_out                    pkg_update.out                  rules.debug.old                 tmpHOSTS                        unbound_start.lock
ddb.conf                        lighttpdcompress                pfctl_ss_out                    pkg_upgrade.json                rules.limits                    unbound-blocklists.conf         vtnet2:slaac_nameserverv6
filter.lock                     opnsense_acl_cache.json         php-fastcgi.socket-0            pkg_upgrade.progress            syslog_applications.json        unbound-blocklists.conf.cache   vtnet2:slaac_routerv6

Content /tmp/vtnet2_oldipv6 :
2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx

it's IPv6 WAN_FTTH_Freebox interface (opt2, vtnet2)





When it not works :
Code: [Select]
# ls /tmp/opt2_*v6
ls: No match.

Code: [Select]
# ls /tmp/vtnet2_*v6
/tmp/vtnet2_oldipv6

Code: [Select]
# ls /tmp/
.interfaces.apply               filter_update_tables.lock       opnsense_menu_cache.xml         php-fastcgi.socket-1            rules.debug                     template_sample                 unbound-download_blocklists.tmp vtnet2_oldipv6
configdmodelfield.data          gateway_list.json               pfctl_si_out                    pkg_update.out                  rules.debug.old                 tmpHOSTS                        unbound_start.lock
ddb.conf                        lighttpdcompress                pfctl_ss_out                    pkg_upgrade.json                rules.limits                    unbound-blocklists.conf         vtnet2:slaac_nameserverv6
filter.lock                     opnsense_acl_cache.json         php-fastcgi.socket-0            pkg_upgrade.progress            syslog_applications.json        unbound-blocklists.conf.cache   vtnet2:slaac_routerv6



Content /tmp/vtnet2_oldipv6 :
2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx

it's IPv6 WAN_FTTH_Freebox interface (opt2, vtnet2)


no difference
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 02, 2023, 03:35:53 pm
Sorry, vtnet2 it is indeed.

So.... you don't have a primary router IP but you say it works?

/tmp/vtnet2:slaac_routerv6 is created as a fallback but that apparently doesn't work.

Can you try the following?

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

Still not working? Try:

# rm /tmp/vtnet2_oldip /tmp/vtnet2:slaac_routerv6
# /usr/local/etc/rc.newwanipv6 vtnet2


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 03:48:48 pm
Sorry, vtnet2 it is indeed.

So.... you don't have a primary router IP but you say it works?

/tmp/vtnet2:slaac_routerv6 is created as a fallback but that apparently doesn't work.

Can you try the following?

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

Still not working? Try:

# rm /tmp/vtnet2_oldip /tmp/vtnet2:slaac_routerv6
# /usr/local/etc/rc.newwanipv6 vtnet2


Cheers,
Franco

"So.... you don't have a primary router IP but you say it works?" :
This is the IPv6 of the OPNSense router and not that of the Freebox.
It only works for a certain time after applying any configuration

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

it is rather  "rm /tmp/vtnet2_oldip6" ?

Code: [Select]
# rm /tmp/vtnet2_oldip6
# /usr/local/etc/rc.newwanipv6 vtnet2

it worked for a few minutes and "Unable to reach the destination network" as usual what no change.

Code: [Select]
# rm /tmp/vtnet2_oldip6 /tmp/vtnet2:slaac_routerv6
rm: /tmp/vtnet2_oldip6: No such file or directory
# /usr/local/etc/rc.newwanipv6 vtnet2

it doesn't work, IPv6 didn't come back at all after the 2 commands
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 03:54:42 pm

In fact, it is as soon as I do "Apply changes" without having changed anything that IPv6 comes back for a while and the IPv6 default route is added in OPNSense.

now, as soon as "Apply changes" without having changed anything, IPv6 does not work at all
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 02, 2023, 04:35:02 pm
It's starting to make less and less sense. It's difficult to work with "when I do this complex operation nothing works anymore" and I've tried to break it down, perhaps on the wrong end but if you have trouble just reboot to rule out any local timing issues.

This can't be a huge deal in code even if it the implications look gloomy.


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 05:12:31 pm
After restarting OPNSense, IPv6 was good for less than 5 minutes~ and I could browse the internet in IPv6.
after 5 minutes~, the IPv6 default route disappeared from "System: Routes: Status"

Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 05:25:22 pm
Here are the Warn/erreor/critical logs after restarting the OPNSense:

Code: [Select]

2023-02-02T16:58:45 Warning opnsense /usr/local/etc/rc.routing_configure: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:43 Error dhcp6c transmit failed: Can't assign requested address
2023-02-02T16:58:43 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:04 Critical reboot rebooted by root

The IPv6 default route has disappeared as of 17:02:22.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 02, 2023, 05:29:33 pm
System: Log Files: General on debug mode as of reboot
Code: [Select]
2023-02-02T17:20:44 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:15:25 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:09:16 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:05:43 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:02:22 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : webgui_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : vxlan_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : unbound_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : openssh_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : opendns_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : ntpd_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dyndns_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dnsmasq_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt2)
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : openvpn_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : ipsec_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt2)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_FTTH_FREEBOX_SLAAC))
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,WAN_FTTH_FREEBOX_SLAAC)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,Gateway_FTTH_Freebox))
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,Gateway_FTTH_Freebox)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::8e97:eaff:fe37:xxxx%vtnet2'
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e97:eaff:fe37:xxxx
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'opt2'
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renwal starting (new: 2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx, old: , interface: WAN_FTTH_Freebox[opt2], device: vtnet2)
2023-02-02T16:58:46 Notice syslog-ng Configuration reload finished;
2023-02-02T16:58:46 Notice syslog-ng Configuration reload request received, reloading configuration;
2023-02-02T16:58:45 Warning opnsense /usr/local/etc/rc.routing_configure: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: plugins_configure monitor (execute task : dpinger_configure_do(1,))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: plugins_configure monitor (1,)
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway 'fe80::8e97:eaff:fe37:xxxx%vtnet2'
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: setting IPv6 default route to fe80::8e97:eaff:fe37:xxx
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : unbound_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : opendns_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : ntpd_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: miniupnpd: Starting service on interface: lan
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : miniupnpd_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : dyndns_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (1)
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (execute task : openvpn_configure_do(1))
2023-02-02T16:58:43 Error dhcp6c transmit failed: Can't assign requested address
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (execute task : ipsec_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (1)
2023-02-02T16:58:43 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure monitor (execute task : dpinger_configure_do(1,,1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure monitor (1,,1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (execute task : unbound_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (execute task : dnsmasq_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcrelay (execute task : dhcpd_dhcrelay_configure(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcrelay (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: skipping IPv6 default route
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: entering configure using defaults
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : unbound_cache_flush(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : openssh_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (1)
2023-02-02T16:58:42 Notice dhcp6c RTSOLD script - Starting dhcp6 client
2023-02-02T16:58:42 Notice syslog-ng syslog-ng starting up; version='3.38.1'
2023-02-02T16:58:04 Notice dhcp6c dhcp6c EXIT on vtnet2 - running newipv6
2023-02-02T16:58:04 Notice syslog-ng syslog-ng shutting down; version='3.38.1'
2023-02-02T16:58:04 Critical reboot rebooted by root
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: franco on February 03, 2023, 09:18:52 am
Let's try this patch to diagnose... https://github.com/opnsense/core/commit/930685e7d6

# opnsense-patch 930685e7d6

Does it keep working after reboot?


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 03, 2023, 04:48:01 pm
Let's try this patch to diagnose... https://github.com/opnsense/core/commit/930685e7d6

# opnsense-patch 930685e7d6

Does it keep working after reboot?


Cheers,
Franco

Hello,

I just tested and it's not good.
I just tested commenting out lines 65 and 69 in the "/usr/local/opnsense/scripts/interfaces/rtsold_resolvconf.sh" file.
I then restarted the OPNSense.

It doesn't change the behaviour. The default IPv6 route would disappear after 5 minutes~ (it's random time).



Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 03, 2023, 04:50:30 pm
System: Log Files: General :
Code: [Select]
2023-02-03T16:47:16 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-03T16:38:51 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : webgui_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : vxlan_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : unbound_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : openssh_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : opendns_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : ntpd_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dyndns_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dnsmasq_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt2)
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : openvpn_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : ipsec_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt2)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_FTTH_FREEBOX_SLAAC))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,WAN_FTTH_FREEBOX_SLAAC)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,Gateway_FTTH_Freebox))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,Gateway_FTTH_Freebox)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: skipping IPv6 default route
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'opt2'
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renwal starting (new: 2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx, old: , interface: WAN_FTTH_Freebox[opt2], device: vtnet2)
2023-02-03T16:36:11 Error dhcp6c transmit failed: Can't assign requested address
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (1)
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: skipping IPv6 default route
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv6 default gateway set to opt2
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv4 default gateway set to opt2
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: entering configure using defaults
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : unbound_cache_flush(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : openssh_configure_do(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (1)
2023-02-03T16:36:10 Notice dhcp6c RTSOLD script - Starting dhcp6 client
2023-02-03T16:36:10 Notice syslog-ng syslog-ng starting up; version='3.38.1'
2023-02-03T16:35:32 Notice dhcp6c dhcp6c EXIT on vtnet2 - running newipv6
2023-02-03T16:35:32 Notice syslog-ng syslog-ng shutting down; version='3.38.1'
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 12, 2023, 11:55:02 am
I have just tried to analyse what is happening with a network analyser.

As soon as OPNSense receives an ICMPv6 type 134 (RA: Router Advertisement) from the Freebox, OPNSense removes the IPv6 default route

The IPv6 default route comes back when I disable/reactivate the IPv6 gateway in web interface system_gateways.php.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1
Post by: cayenne on February 15, 2023, 01:07:08 pm
Hello,
I have just updated OPNSense to version 23.1.1

The bug is not solved.
@franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on February 15, 2023, 01:46:15 pm
Franky I'm unsure what causes this. My attempts to help find a clue ended in "still doesn't work" and I don't have any other ideas or a mistake has been made.


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 22, 2023, 03:52:17 pm
I'm having this same issue: IPv6 works initially then stops. Worked fine on 22.7. Stopped working properly upon upgrading to 23.1.

Setup

AT&T Fiber, IPv6 prefix delegation.
WAN set to DHCPv4 and DHCPv6.
LAN set to static IPv4 and IPv6 set to Track Interface (WAN).

Serves out IPv6 addresses just fine, works for a while, then stops routing IPv6. Seems to be a bug. If I go to LAN interface and save, it starts routing again for a while abut then stops.

Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on February 22, 2023, 04:27:00 pm
Can you try this patch?

https://github.com/opnsense/core/commit/9eaff5c21907d

# opnsense-patch 9eaff5c21907d


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on February 22, 2023, 05:08:40 pm
I came here because I was having the same problem, also with AT&T Fiber. The opnsense-patch 9eaff5c21907d command has fixed my issue - my IPv6 is now working again.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on February 22, 2023, 08:22:39 pm
Wasn't expecting feedback so fast but that's promising, thanks!


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on February 22, 2023, 09:06:24 pm
Can you try this patch?

https://github.com/opnsense/core/commit/9eaff5c21907d

# opnsense-patch 9eaff5c21907d


Cheers,
Franco
Hello,

I have just tested the patch:
# opnsense-patch 9eaff5c21907d

it's not good.

As soon as Opnsense receives a router advertisement packet, the default gateway disappears in IPv6
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 22, 2023, 09:30:08 pm
I tried the patch as well. Even rebooted firewall. Same thing. Stops routing after 30-45 minutes or so. I have a log output in debug for dhcpv6 when the event occurred:

Code: [Select]
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:10-06:00 Notice dhcp6c IA_NA address: XXXX:XXXX:XXXX:XXXX::30 pltime=5400 vltime=7500
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option IA address, len 24
2023-02-22T14:15:10-06:00 Notice dhcp6c IA_NA: ID=0, T1=2700, T2=4320
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option identity association, len 40
2023-02-22T14:15:10-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:10-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:10-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:05-06:00 Notice dhcp6c got an expected reply, sleeping.
2023-02-22T14:15:05-06:00 Notice dhcp6c removing an event on vtnet0, state=REQUEST
2023-02-22T14:15:05-06:00 Notice dhcp6c script "/var/etc/dhcp6c_wan_script.sh" terminated
2023-02-22T14:15:05-06:00 Notice dhcp6c dhcp6c REQUEST on vtnet0 - running newipv6
2023-02-22T14:15:05-06:00 Notice dhcp6c dhcp6c REQUEST on vtnet0
2023-02-22T14:15:05-06:00 Notice dhcp6c executes /var/etc/dhcp6c_wan_script.sh
2023-02-22T14:15:05-06:00 Notice dhcp6c update an address XXXX:XXXX:XXXX:XXXX::30 pltime=5400, vltime=140733193395532
2023-02-22T14:15:05-06:00 Notice dhcp6c update an IA: NA-0
2023-02-22T14:15:05-06:00 Notice dhcp6c nameserver[0] XXXX:XXXX:XXXX:XXXX::1
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:05-06:00 Notice dhcp6c IA_NA address: XXXX:XXXX:XXXX:XXXX::30 pltime=5400 vltime=7500
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option IA address, len 24
2023-02-22T14:15:05-06:00 Notice dhcp6c IA_NA: ID=0, T1=2700, T2=4320
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option identity association, len 40
2023-02-22T14:15:05-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:05-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:05-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:04-06:00 Notice dhcp6c reset a timer on vtnet0, state=REQUEST, timeo=1, retrans=1902
2023-02-22T14:15:04-06:00 Notice dhcp6c send request to ff02::1:2%vtnet0
2023-02-22T14:15:04-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:04-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:04-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:04-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:04-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:04-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c got an expected reply, sleeping.
2023-02-22T14:15:03-06:00 Notice dhcp6c removing an event on vtnet0, state=RENEW
2023-02-22T14:15:03-06:00 Notice dhcp6c script "/var/etc/dhcp6c_wan_script.sh" terminated
2023-02-22T14:15:03-06:00 Notice dhcp6c dhcp6c RENEW on vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c executes /var/etc/dhcp6c_wan_script.sh
2023-02-22T14:15:03-06:00 Notice dhcp6c send request to ff02::1:2%vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:03-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:03-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:03-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:03-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:03-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c a new XID (928448) is generated
2023-02-22T14:15:03-06:00 Notice dhcp6c reset a timer on vtnet0, state=REQUEST, timeo=0, retrans=938
2023-02-22T14:15:03-06:00 Notice dhcp6c re-establishing IA: NA-0
2023-02-22T14:15:03-06:00 Notice dhcp6c update an IA: NA-0
2023-02-22T14:15:03-06:00 Notice dhcp6c nameserver[0] XXXX:XXXX:XXXX:XXXX::1
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:03-06:00 Notice dhcp6c status code: no binding
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option status code, len 2
2023-02-22T14:15:03-06:00 Notice dhcp6c IA_NA: ID=0, T1=0, T2=0
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option identity association, len 18
2023-02-22T14:15:03-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:03-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:03-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c send renew to ff02::1:2%vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:03-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:03-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:03-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:03-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:03-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c a new XID (c0425b) is generated
2023-02-22T14:15:03-06:00 Notice dhcp6c reset a timer on vtnet0, state=RENEW, timeo=0, retrans=9913
2023-02-22T14:15:03-06:00 Notice dhcp6c IA timeout for NA-0, state=ACTIVE
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 23, 2023, 12:42:05 am
Well for now, I gave up on the track interface config, changed to static addresses on the interfaces, setup routing advertisement for the network using my chosen prefix, and turned on managed DHCPv6. So far it's still up.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 23, 2023, 12:55:14 am
Even that doesn't work. Definitely the routing advertisement service. :\
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on February 23, 2023, 08:12:34 am
Different issue perhaps. Sounds like it could also be configuration related.


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on February 23, 2023, 03:10:57 pm
So as not to be that person who got their answer and vanished -

My firewall is still running great after applying the patch.

I have AT&T Fiber, 1Gbps up/down, running through their BGW320 gateway set to IP passthrough mode.

Configuration wise, I'm on 23.1.1_2 + that patch on a Protectli box.
LAN interface is static for IPv4 and track interface for IPv6.
WAN interface is DHCP4 + DHCPv6 with DHCPv6-PD. I'm sending a hint for a /64 prefix.
RADVD is running in stateless mode so it can push DNS servers.
I have Zenarmor (paid) running.

Just about everything else is defaults. Very simple config.

The only oddity in the system logs is that dhclient reports unknown dhcp option value 0x7d with some regularity; that does not seem to impact anything.

It sounds like the others must be having another issue, or perhaps an additional one. I'm happy that the patch fixed me - my wife was complaining of things acting strangely, which makes sense knowing that IPv6 was broken. Android seems to not handle that case well, while my iPhone is running through iCloud private relay so I never noticed.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 24, 2023, 01:34:10 am
I re-applied the patch, made sure it was applied, and so far, after two hours, it's still up. Hoping it sticks.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on February 24, 2023, 08:55:28 am
make sure to restart configd, it is required and was forgotten to be mentioned:

# service configd restart


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 24, 2023, 07:11:36 pm
Thanks. So far so good. It's been running overnight with no drops.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on February 25, 2023, 11:51:33 am
My OPNSense WAN interface is not DHCPv6 but SLAAC.

Maybe the patch is just for those who are in DHCPv6 @franco ?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: gpb on February 25, 2023, 03:31:53 pm
Not sure this is entirely related, but yesterday morning zabbix reported ipv6 was down.  Didn't see anything obviously wrong aside from clients couldn't ping to the wan (didn't try local)...restarted radvd and it all came back.  It appeared opnsense still had a wan ipv6 address.  Using SLAAC.  Cheers.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on February 27, 2023, 11:43:37 pm
Well I must have spoken too soon. IPv6 is down again today, even with the patch - and this time restarting radvd isn't getting it going again.

Do we have any new ideas to try? I hate having to reboot the whole firewall, it's disruptive and annoying to the other residents of my streaming-only TV house.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on February 28, 2023, 05:23:36 am
I have found that after rebooting I have to re-apply the patch every time and then it works again.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 04, 2023, 10:40:37 pm
Adding more from additional testing. Not even using router advertisement or DHCP6 server anymore. Just static IPv6 addresses on internal server and OPNsense firewall. Still drops after 30-40 minutes. I apply patch, go to Interface, LAN, Save and it works again, until I reboot.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on March 07, 2023, 09:45:34 pm
Hello,
I have just upgraded to version 23.1.2 and the problem is still there
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 07, 2023, 09:52:58 pm
I'll be upgrading later tonight.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on March 07, 2023, 10:11:25 pm
I've been stable since the last time I posted so I'm leery of updating - I'll wait and see.

I haven't done anything to make it stabilize, I'm still in the same place - 23.1_6 + the aforementioned patch.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 08, 2023, 05:07:03 am
Upgraded to 23.1.2, mine failed again, same issue. IPv6 route dropped upon DHCP6 renew.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on March 09, 2023, 09:58:00 pm
I had an internet blip happen in the middle of the day and now I'm broken again.

I took the chance to go ahead and upgrade to 23.1.2 figuring it's not going to work less at this point - or if it does I can just disable IPv6 entirely until it gets fixed.

Anything further on your end cayenne or dfw3xan1n3r?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 10, 2023, 04:31:03 pm
For now, I have a static IPv6 address on LAN (no internal DHCPv6 or RA running) and DHCPv6 on WAN to pull IP and delegated prefix. Right now it's running and with no drops, but if I reboot it probably will do the same thing and drop after 30-40 minutes upon renewal. When I reboot again, we'll see.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 12, 2023, 05:18:10 pm
Had to restart it (due to unbound lack of ability to do dns lookups for some reason): same thing. Dropped ipv6 route after 45 minutes. Did a Save on the LAN interface, came back up for now.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on March 12, 2023, 05:33:06 pm
The moment IPv6 dropped @ 10:57am (attached). Running 23.1.3. Not sure what to do at this point.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on March 12, 2023, 06:39:18 pm
I turned off IPv6 entirely while I decide if I want to downgrade back to 22.z when it worked properly, or buy a Firewalla.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: gpb on March 20, 2023, 02:48:31 pm
Replying to this thread because I replied earlier...still not sure if this issue is related. 

Last night my ISP "bounced" my connection, zabbix reported couldn't ping either ipv4 and ipv6...ipv4 problem lasted for about 2 minutes, but ipv6 never recovered.  Restarting radvd did nothing and my ipad had an assigned ipv6 address but couldn't ping ipv6 on the wan.  To solve without a reboot I went to interfaces and without making any changes, just clicked save/apply for my primary LAN and it immediately recovered.  I don't have gateway monitoring enabled and wondering if this has any automation to auto-recover...guessing not.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: BrokenRouter on March 20, 2023, 02:59:20 pm
I gave up and pulled the OPNsense box out. Reset my AT&T gateway to be the firewall/router. Spouse is much happier now. There's enough stuff that will use IPv6 out there that it has to work if you're going to have it enabled. I wasn't noticing the issue from my Mac since it was using the iCloud private relay, but her Android has no such thing enabled and it definitely did not like having broken IPv6.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: jphylips on March 20, 2023, 03:20:32 pm
@gpb, if this happens again, could you execute this:

/usr/local/etc/rc.configure_interface wan

Maybe that will restore things?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gromhelm on March 28, 2023, 06:43:44 pm
Came here after having IPv6 problems since the last update. Before the update, https://internet.nl/connection/ showed all green checks. Now I had problems with IPv6 not being available, three checks somehow disappeared in the WAN configuration:

After checking these again and restarting, IPv6 works again, but my General System Log is spammed with these entries:
Code: [Select]
2023-03-28T18:23:28 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
2023-03-28T18:23:28 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:23:28 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:13:26 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
2023-03-28T18:13:25 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:13:25 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:03:23 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]

The period is every 10 Minutes - what could cause that?

I am on DHCPv6 with a delegated 64 prefix and a LAN that is set to track IPv6 WAN, according to the standard setup from the docs (https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html).

Under Gateway, my DHCPv6 gateway shows online and does have a link-local IP (fe80::224e:71ff:fe11:2cfe).
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gromhelm on March 29, 2023, 06:07:32 am
I run
Code: [Select]
/usr/local/etc/rc.configure_interface wan, without success. After the command, some errors popped up in the log, but I think they are mostly meaningless:
Code: [Select]
/usr/local/etc/rc.newwanipv6:
The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb1 igb3' returned exit code '1',
the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Warning: subnet 2003:e7:1f11:300::/32 overlaps subnet 2003:e7:1f11:300::/32
Config file: /etc/dhcpdv6.conf
Database file: /var/db/dhcpd6.leases
PID file: /var/run/dhcpdv6.pid
There's already a DHCP server running.
If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

I tried to check
Code: [Select]
/etc/dhcpdv6.conf, but it doesn't exist.

[edit]

Perhaps I am seeing these log entries because both my IPSEC Gateways are IPv4 only?
Only my default WAN gateway is Dualstack (IPv4 + IPv6).
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gromhelm on April 01, 2023, 06:13:33 am
Fixed my issue - it was a missing default gateway set under System > General > DNS. Described here, with a Pull Request attached:
https://github.com/opnsense/core/issues/6435#issuecomment-1492616278
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on May 25, 2023, 10:39:58 pm
Hi @franco,

Has the problem been solved?

I've upgraded to OPNsense 23.1.8 and I'm not having the same problem. The IPv6 default route is not deleted.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on May 25, 2023, 10:55:14 pm
Some things regarding IPv6 have been changed in 23.1.8. I honestly don't know what your issue is/was, but perhaps we finally caught it.

If not we need to see how to get more relevant info from you. It feels like we missed something obvious before.


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gobd on May 26, 2023, 10:10:56 pm
I'm no longer getting an IPV6 address detected by https://test-ipv6.com/ after updating to 23.1.8 from the previous most recent release. I attached a log that starts right after the update. Hopefully someone can help me figure out what's wrong with that.

Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gromhelm on May 27, 2023, 06:28:47 am
For me, too: I could solve my problems described above, everything is green in OPNsense for IPv6, but https://test-ipv6.com/ returns Zero connectivity for IPv6. It was all green before 23.1.8.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: bringha on May 27, 2023, 10:08:23 am
@Gromhelm That's interesting!

Exactly the other way round for my place:

Finally test-ipv6.com reports that I have ipv6 connectivity with 23.1.8 ... :o
 Br br


Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: cayenne on May 27, 2023, 02:03:51 pm
@Gromhelm That's interesting!

Exactly the other way round for my place:

Finally test-ipv6.com reports that I have ipv6 connectivity with 23.1.8 ... :o
 Br br

Like me, who created this post.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Cyberturtle on May 27, 2023, 02:13:02 pm
For me, too: I could solve my problems described above, everything is green in OPNsense for IPv6, but https://test-ipv6.com/ returns Zero connectivity for IPv6. It was all green before 23.1.8.

23.1.8 changed a few things about IPv6. So does your OPNsense get a WAN IPv6 address and prefixes? How is your WAN (or dial up connection) configured?
Do you use DHCPv6 for your LAN devices or SLAAC (in unmanged mode) only?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Cyberturtle on May 27, 2023, 02:15:49 pm
I'm no longer getting an IPV6 address detected by https://test-ipv6.com/ after updating to 23.1.8 from the previous most recent release. I attached a log that starts right after the update. Hopefully someone can help me figure out what's wrong with that.

Can you pleaese provide some screenshots of your configuration? Your logs describes problems forwarding IPv6 packets/request, but I don't know why. Dou you have static IPv6 leases/prefixes?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gobd on May 27, 2023, 03:32:38 pm
Sorry I'm not sure which parts of my config you'd want screenshots of, hopefully a slightly redacted config backup will work. If not let me know which config pages you'd want screenshots of and I'll be happy to provide.

I found another post that said saving the WAN interface again fixes this. It did fix https://test-ipv6.com/ but it broke again after a restart. Also the routing problems were still showing up in the log even though it reported IPV6 was working.

Also getting "failed to create listening socket for port 65354: Address already in use" again. It seems every every restart I have to change the listen port for dnsmasq for it to start up.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Cyberturtle on May 28, 2023, 06:16:33 pm
So if it's not wirking after a restart and after saving the interface a IPv6 DHCP log could be helpful. You can change the log level under Interfaces -> Settings -> IPv6 DHCP log level to Debug.
I have had a look into you configuration, but screenshots will help a lot more of:
Keep in mind to remove credentials from your screenshots as well parts of the IPv6 prefixes for privacy.
Meanwhile you could try the "Prevent Release" option under Interfaces -> Settings -> IPv6 DHCP Prevent release and check it and reboot.
What shows your logfile under System -> Log Files -> General when you search for dhcp6 and selecting Debug?
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on May 31, 2023, 05:47:06 pm
Update: whatever was fixed regarding IPv6, DHCPv6 and delegated prefixes in the 23.1.8 update seems to have resolved my IPv6 dropping issues. I rebooted afterward and at the very least, so far, have not had to touch it. It just works.  ;D
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on May 31, 2023, 05:52:20 pm
You mean 23.1.9?


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: dfw3xam1n3r on May 31, 2023, 06:24:09 pm
Yeah I updated mid-typing.
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: franco on June 01, 2023, 09:20:38 am
Ok, thanks. No concrete complaints from IPv6/23.19 combo yet.. looks like we are one step further now. :)


Cheers,
Franco
Title: Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
Post by: Gromhelm on June 02, 2023, 06:52:57 am
Just updated to 23.1.9 and Yes! All green lights on https://test-ipv6.com/ !

Quote
Your readiness score 10/10   for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

Nothing changed in the configuration. I did see an error regarding IPv6 prefix update in the logs after update, and Unbound failed to start automatically, but everything was fine after manually starting unbound (see my description of this on GH (https://github.com/opnsense/core/issues/6522#issuecomment-1573137166)).