OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: kirkg on January 07, 2017, 05:19:14 pm

Title: [SOLVED] IPv6 on WAN broken after upgrade to 17.1.b
Post by: kirkg on January 07, 2017, 05:19:14 pm

Morning all,
  I've been wanting to play with the Wifi stuff that comes with FreeBSD 11, and after some testing with it, I decided to make the jump on my home OPNSense box this morning. The upgrade went smoothly. Love it.
  However, I noticed that after the upgrade I'm no longer able to get an IPv6 IP from my provider. I'm not 100% sure where I should start looking, so I thought I'd see if I can solicit any advice from the forums.
  Here are what I think my relevant details are:

Code: [Select]

OPNsense 17.1.b-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016
My WAN interface (em0) is configured to receive an IPv6 address via DHCPv6, with a /64 prefix. This configuration worked perfectly in OPNSense 16.7.13. My provider is Comcast, and I've been using IPv6 with OPNSense from them since August 2015.

What has changed, though I can't imagine that it is related, is that I switched OPNSense back to OpenSSL (from LibreSSL) for the upgrade to 17.1.b and FreeBSD 11.0. Aside from that my config is exactly as it was.

Here is what I have tried, in vain, to wit:

• Disable IPv6 on WAN.
• Change the IPv6 prefix from /64 to /48
• Directly send SOLICIT checked.
• Use IPv4 connectivity checked.

For each of those changes, I applied the change, waited a bit, and checked for an IPv6 address. When nothing came about after 2 - 5 minutes of waiting, I undid the change, and waited again for a few minutes. So far, I haven't yet made changes to more than a single setting at a time.

Is there a log file that might offer me some insight into this? It isn't a huge deal, but I (and my kids) notice that things seem to be smoother when I use v6 as much as possible -- Netflix and Youtube buffer a lot less.

Any and all help is appreciated.

Title: Re: IPv6 on WAN broken after upgrade to 17.1.b
Post by: kirkg on January 07, 2017, 06:12:51 pm

I've found something, I think. It appears the /var/etc/dhcp6c_wan.conf is never being changed, no matter what I do on the front end. I've verified this by making a copy of it in /tmp, and then making changes to the DHCPv6 client section of the WAN interface in the UI. Multiple changes at one, and pressing save.

My assumption is that pressing save writes the changes to the underlying config files, and pressing apply (which I have not done) restarts the service in question with the new config.

I'm trying to run `/usr/local/sbin/dhcp6c -Df -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_em0.pid em0` in the foreground with the various changes, which is why I haven't applied any changed. Only saved.

Title: Re: IPv6 on WAN broken after upgrade to 17.1.b
Post by: xtof on January 08, 2017, 01:24:23 am

Hi there!

I'm having the same problem. I switched to OPNsense 17.1.b to try the Wifi improvements (seem to work fine btw). But I noticed that Prefix Delegation doesn't work properly.
I made a wireshark capture of the firewall establishing its PPPoE connection. You can see that after the PPP handshake and IPv6 router advertisements have occurred, the firewall sends DHCPv6 Solicit messages and receives DHCPv6 Advertise messages (including the PD option), but the firewall never sends a DHCPv6 Request message to actually request the offered prefix.

Any ideas?

PS: I also reported another problem wrt. interface tracking just now: https://github.com/opnsense/core/issues/1331 (https://github.com/opnsense/core/issues/1331).

Title: Re: IPv6 on WAN broken after upgrade to 17.1.b
Post by: kirkg on January 09, 2017, 01:24:36 pm

I'm glad I'm not the only one. I don't have a PCAP of the transaction, but from what I can see, I'm not even getting anything back from the SOLICIT, but that could be my technique more than anything. Maybe I should try a tcpdump ...

I'm going to try the patches suggested by fitch tonight in your github issue.

Quote from: xtof on January 08, 2017, 01:24:23 am

Hi there!

I'm having the same problem. I switched to OPNsense 17.1.b to try the Wifi improvements (seem to work fine btw). But I noticed that Prefix Delegation doesn't work properly.
I made a wireshark capture of the firewall establishing its PPPoE connection. You can see that after the PPP handshake and IPv6 router advertisements have occurred, the firewall sends DHCPv6 Solicit messages and receives DHCPv6 Advertise messages (including the PD option), but the firewall never sends a DHCPv6 Request message to actually request the offered prefix.

Any ideas?

PS: I also reported another problem wrt. interface tracking just now: https://github.com/opnsense/core/issues/1331 (https://github.com/opnsense/core/issues/1331).

Title: Re: IPv6 on WAN broken after upgrade to 17.1.b
Post by: franco on January 21, 2017, 09:47:50 pm

We fixed this in time for 17.1-RC1. Thanks again.