OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: oneman on July 05, 2016, 11:15:26 pm
-
I've got a problem getting DHCP-PD to work for my ISP xs4all. There's a nice tutorial for xs4all & ipv6 (in Dutch, http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-pfsense-opnsense-ipv6/) that I followed. Others report succes, I can't get it to work.
I run the latest OPNsense 16.1.18-amd64.
The setup boils down to this:
- setup WAN with PPPoE for ipv4 and DHCPv6 voor ipv6
- setup DHCPv6 to use the ipv4 connectivity and request only a /48 prefix delegation
- setup the LAN to ipv4 static and ipv6 to track the WAN interface with prefix id 0.
This results in a working ipv4 connection but a semi working ipv6 setup:
- I do get a ipv6 ip and gateway
- I can ping6 the ipv6 gateway, but nothing beyond that
- I don't get a ipv6 on the LAN nic
When I look in the log I noticed there seems to be a issue setting up the default route to the gateway:
opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: on (IP address: fe80::20d:b9ff:fe41:e490) (interface: wan) (real interface: pppoe1).
opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 194.109.5.175
kernel: IPv6 address: "fe80:b::2a0:a50f:fc78:5530" is not on the network
opnsense: /usr/local/etc/rc.newwanipv6: The command '/sbin/route delete -inet6 'default' 'fe80::2a0:a50f:fc78:5530%pppoe1'' returned exit code '1', the output was 'route: writing to routing socket: No such process delete net default: gateway fe80::2a0:a50f:fc78:5530%pppoe1 fib 0: not in table'
When I look in the route table I notice:
- an entry for my ipv4 gateway, but not for ipv6
- an default route for my ipv4 gateway, but not for ipv6
I tried many things, but this is the best result I could get. What could be causing the default ipv6 route setup to fail? What can I try to remedy this?
-
Since my last post I've changed the setup by moving the PD setup to the advanced section of the WAN setup. Now everythng is almost fine: ipv4 still works, on the ipv6 side I get an WAN ipv6, and a gateway. The gateway is added as default route to the WAN without any issues, as I can tell from the route.log. However, routing to the outside still doesn't work.
In the GUI I don't see the added default gateway for ipv6, only the ipv4 one. Netstat -r -n however does show an entry for the correct ipv6 default gateway, only the entry linking the default ipv6 route to the WAN pppoe is missing! The route.log doesn't show anything that might shed some light on this issue.
What could cause this gateway ipv6 -> WAN pppoe routing table entry to be missing?
-
I've made a tcpdump on the igb1_vlan6 interface where the WAN pppoe tunnel is started. I can see the ppp setup both for ipv4 and ipv6 (PPP IPCP & PPP IPV6CP). Maybe that's where the ipv6 gateway originates.
Anyhow, there's no DHCPv6 traffic after pppoe setup is done. So, it seems no PD request is performed at all. In both configs that I tried, a prefex request was explicitly configured. What could cause the dhcpv6-pd to not run?
-
I'm not on XS4ALL, but I had similar issues.
Instead of tracking the WAN, I've picked a /64 subnet from my /48 for the internal LAN and assigned a static IPv6 from that to the LAN interface.
I configured OPNsense to send router advertisements on Services, DHCPv6, Advertisements as Unmanaged with high priority. This lets all internal hosts pick up a working IPv6 stack through SLAAC.
Bart...
-
I'm not on XS4ALL, but I had similar issues.
Instead of tracking the WAN, I've picked a /64 subnet from my /48 for the internal LAN and assigned a static IPv6 from that to the LAN interface.
I configured OPNsense to send router advertisements on Services, DHCPv6, Advertisements as Unmanaged with high priority. This lets all internal hosts pick up a working IPv6 stack through SLAAC.
Bart...
Thanks for the reply :)
I already did the same as you and on the LAN / DMZ side all is fine.
My problem however is on the WAN side. I do get the gateway for ipv6, but no routing takes place. There's a default route, but no route table entry linking this default gateway to an interface, so the ipv6 default route doesn't function.
I've since done a tcpdump on the WAN and I see unsolicited Router Advertisements from the gateway, so far so good. But a continuous stream of Neighbor Solicitations send to the gateway remain unanswered. I'd expect Solicited Router Advertisements in reply. That's strange.
More interesting is that there's no DHCPv6 deamon running and that I don't see any dhcpv6 activity on the WAN. I'd expect dhcpv6 to be running when I set the WAN ipv6 address to dhcpv6. Since that doesn't happen, it obviously doesn't do a Prefix Delegation request and thus there's no configured routing probably.
What I currently can't understand is why the dhcpv6 deamon doesn't run, even when the WAN interface is setup to get it's PD through dhcpv6?
-
Are you allowing inbound IPv6 ICMP?
-
Are you allowing inbound IPv6 ICMP?
Certainly, on the WAN ipv4/ipv6 ICMP any to any... can't be more open than that :-/
-
I tried starting the dhcp6c client on the WAN manually:
/usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_pppoe0.pid pppoe0
It just fails silently; nothing on the cli, nothing in the system.log, just exit == 1
It's normally called from /var/etc/rtsold_pppoe0_script.sh. That script logs a message. That message doesn't appear in system.log So, I think I can conclude that the rstold script isn't even started.
What could cause trsold not to be started? What part of the system calls this rtsold_xxx script normally? ???
-
Hi all,
On the most recent OPNsense versions dhcp6c (which handles DHCPv6 on a WAN link) will log to Services: DHCP: Log file.
Please also note a bug that appears not to be a bug, but rather an ISP oddity that won't send out router advertisements until a SOLICIT has been sent. A patch set is available for testing and should make it into 16.7...
https://github.com/opnsense/core/issues/637
Cheers,
Franco
-
Ah, that did it... would never have looked for dhcp6c logging under dhcp ??? Turned out I had, after all the tests I did, some errors in my dhcp6c_wan.conf. Fixing those and running dhcp6c manually started the PD and ipv6 routing is working now.
I'll have to resort to manually starting PD for now and I'll wait for the new version to solve it permanently.
Thanks
-
It has less testing than expected, but since it's a new settings we're shipping this directly in the initial 16.7. Internal testing looked good so far.