OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: cobradevil on February 16, 2017, 03:37:46 pm

Title: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: cobradevil on February 16, 2017, 03:37:46 pm
Hello all,

I have upgraded my 16.7 firewall to 17.1.1 where I lost ipv6 6rd connectivity. The first issue i had was a kernel panic  which Franco already fixed for me see:https://forum.opnsense.org/index.php?topic=4437.0 (https://forum.opnsense.org/index.php?topic=4437.0)

I had to set my default ipv6 route manually with 16.7 but then it worked great.

Now the wan_stf interface  appears without an ipv6 address.
I have no idea what the issue could be because i entered the exact same settings in 17.1.1 as i did in 16.7.

Best regards,
William van de Velde

Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: cobradevil on February 16, 2017, 05:27:23 pm
after searching a bit i noticed that when i create the stf interface manually i have less options when invoking ifconfig on 17.1  then on 16.7

ifconfig stf0 (16.7)
stf0: flags=0<> metric 0 mtu 1280
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   v4net 0.0.0.0/32 -> tv4br 0.0.0.0

ifconfig stf0 (17.1.1)
stf0: flags=0<> metric 0 mtu 1280
   nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
   groups: stf

Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: franco on February 16, 2017, 05:48:54 pm
Hi William,

The stf handling in FreeBSD is a pure pfSense addition that never got around to be included in FreeBSD. This dates back to about 2013:

https://lists.freebsd.org/pipermail/freebsd-net/2013-June/035749.html

I tried to contact Hiroki in the past to no avail. I have no idea what the state is in FreeBSD.

In pfSense, there does not seem to be the necessary patches for FreeBSD 11.0, so we don't have them. I am not sure if:

(a) The work for stf on 11.0 will be picked back up by pfSense
(b) The current FreeBSD state on stf is enough for your setup

The original patch was too complex to handle without a working test setup. Where do you have your setup from? Commercial offering or otherwise?

The ifconfig handling is a bit different (less options), maybe we can solve this, but still not 100% sure it'll be enough on the state that FreeBSD 11.0 offers.

This was in the release notes. If you require a working setup you will have to stay on 16.7.14 until progress is made.


Cheers,
Franco
Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: cobradevil on February 16, 2017, 08:06:55 pm
Hello Franco,

the 6rd is working with the fiber from telfort in the netherlands.
I't is not supported by them directly but i have searched around and found all the info i need to get it working with pfsense and opnsense. But indeed the Freebsd 11 does not include the 6rd patches to make it work. The code was still in the webui so i (con)figured it could work.

Would it be possible to get this working or is this such a small base off people using this it is not worth getting this back into opnsense 11?

https://github.com/pfsense/FreeBSD-src/commit/62498dd06a33a82a579d1cc113c2fa04d995ac91

I can give access to my setup if needed.

Best regards,
William
Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: pat on May 29, 2017, 01:47:58 pm
Hi Franco, Hi William,
is there any change regarding status of 6rd with 17.1 release? I tried to setup 6RD tunnel with my 17.1.7 release. I do have neither an IPv6 address on my WAN interface nor even a STF interface visible. Tried to add a wan_stf manually but does not help.
Does anybody have a running 6RD configuration with 17.1.7?
A hint would be highly appreciated.

Best regards
Pat
Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: franco on August 16, 2017, 02:18:53 pm
According to pfSense, they are working on support for FreeBSD 11: "The 6rd patch was committed to 2.4 and is available on the latest snapshots. Tests are much appreciate."

https://redmine.pfsense.org/issues/7272

The patches, however, do not seem to be public at this point.

https://github.com/pfsense/FreeBSD-src/commits/RELENG_2_4

I could be missing something, I've asked here for clarity:

https://twitter.com/fitchitis/status/897488688321527808


Cheers,
Franco
Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: Execute on October 28, 2017, 01:40:35 pm
Hi,

is there any update on this topic?
I would love to migrate to my new OPNsense box, but without a working 6rd setup, this is useless. Currently my OpenWRT router receives the 6rd settings via DHCP Offer option 212. OPNsense does not even ask for that.

I even captured the DHCP request from Openwrt and transfered the received 6rd data into the OPNsense gui for 6rd retrieval, but no luck. I am not getting any IPv6 an WAN.

Thx,

Sebastian
Title: Re: upgrading from 16.7 to 17.1.1 disables my working ipv6 6rd setup
Post by: franco on October 28, 2017, 03:29:58 pm
Hi Sebastian,

We've asked on behalf of the users who asked what the state of 6RD in pfSense was:

https://forum.pfsense.org/index.php?topic=137636.0

The thread quickly deteriorated and ended on a note of "we want to steal the feature".

The larger issue at hand: pfSense stopped updating their FreeBSD source code for Version 2.4 altogether, still advertises as if nothing happened and aggressively attacks anyone who questions their unexplained motives:

https://forum.pfsense.org/index.php?topic=138822.0

We are unsure if the code will ever be back, which makes 6RD practically impossible in OPNsense unless someone picks up the older patches and repairs them for FreeBSD 11.1. We don't know of anyone working on this.

We will likely have to remove 6RD from 18.1 as it's unlikely that pfSense will change their stance and ever bring back their FreeBSD source code. Maybe it's for the best.


Sorry,
Franco