OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: bringha on September 24, 2017, 12:44:51 am

Title: [SOLVED] apinger and ipv6 gateway: cannot bind socket on address
Post by: bringha on September 24, 2017, 12:44:51 am
Hello together

after having updated to 17.7.3 from 17.1.11, I get the following error messages in the gateways.log file for the ipv6 gateway monitoring:
Code: [Select]
Could not bind socket on address(fe80::217:3fff:XXXX:XXXX) for monitoring address fe80::3631:c4ff:XXXX:XXXX(WAN_DHCP6) with error Can't assign requested address
OPNsense apinger: bind(): Can't assign requested address
Considering the /var/etc/apinger.conf, apinger sets the srcip to be the interface link-local address but it does not set the scope on the source IP or target, so apinger cannot reach the gateway.
Code: [Select]
target "fe80::3631:c4ff:XXXX:XXXX" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}
The correct config should look (if e.g. igb1 is your WAN interface)
Code: [Select]
target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX%igb1"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}
Have tried this out manually, with this config setting, the error message disappears.

As apinger restarts every 30 min. with a freshly written apinger.conf this needs to be included in the script generating the apinger.conf.

See also here: https://redmine.pfsense.org/issues/3969 (https://redmine.pfsense.org/issues/3969)

Br br
Title: Re: apinger and ipv6 gateway: cannot bind socket on address
Post by: franco on September 24, 2017, 12:22:16 pm
Hi br,

This code is a bit odd indeed. I've clean it up with no extensive testing, would you try to see if this helps?

https://github.com/opnsense/core/commit/678a209

Apply via:

# opnsense-patch 678a209

Apply again to remove if not working.


Cheers,
Franco
Title: Re: apinger and ipv6 gateway: cannot bind socket on address
Post by: franco on September 24, 2017, 12:48:06 pm
Maybe this is needed as well:

https://github.com/opnsense/core/commit/a31a0a4


Cheers,
Franco
Title: Re: apinger and ipv6 gateway: cannot bind socket on address
Post by: bringha on September 24, 2017, 03:19:54 pm
Hi Franco,

wow - thats has been fast!!

Applied both patches:

Your patches put the right line target into the apinger.conf

Code: [Select]
target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}

but the scrip line ist still incomplete, also here the %igb1 should be there. imho, line 254 in gwlb.inc should be replaced
(sorry I am not php expert, might be this is not correct in syntax)
Code: [Select]
- $apingercfg .= "  srcip \"{$gwifip}\"\n";

+ if (is_linklocal($gwifip) {
+    $apingercfg .= "  srcip \"{$gwifip}%{$gateway['interface']}\"\n";
+ }
+ else {
+      $apingercfg .= "  srcip \"{$gwifip}\"\n";
+ }

whereby I have to admit that I don't know whether the interface name is not also required for NON Link Local IP addresses too; in this case, the if .... can be saved.

Could this be an idea?

Br br
Title: Re: apinger and ipv6 gateway: cannot bind socket on address
Post by: franco on September 24, 2017, 03:41:38 pm
The second patch does that:

https://github.com/opnsense/core/commit/a31a0a4#diff-8b2f16275d25e516ee9095aa5b889e93R222

Unless there is a typo of course. I can't test this properly before tomorrow without the correct setup.

In the meantime, try to make sure /usr/local/etc/inc/gwlb.inc has the right code.



Cheers,
Franco
Title: Re: apinger and ipv6 gateway: cannot bind socket on address
Post by: bringha on September 24, 2017, 04:24:30 pm
Apologies Franco, my fault!!

It was a matter of time stamp. After applying the first patch and before the second, a restart sequence of apinger happened. Therefore only the first correction of the target line has been found in apinger.conf. With both patches it is at least for my config correctly working,  looks like

Code: [Select]
target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX%igb1"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}

Thanks for your fast help!!!!

Br br
Title: Re: [SOLVED] apinger and ipv6 gateway: cannot bind socket on address
Post by: franco on September 25, 2017, 08:29:35 am
So far so good...