OPNsense Forum

English Forums => General Discussion => Topic started by: karl047 on July 27, 2018, 09:43:23 am

Title: IPv6 link local on a Bridge Network !
Post by: karl047 on July 27, 2018, 09:43:23 am
Hi Forum,

I have posted my question on the german section, but I'd like to ask you too for helping me how I can solve this problem with IPv6 link local on a Bridge Network :-)

After a succeful configuration of a Bridge Interface with a static IPv4 & IPv6 Addresses, I noticed that this Interface has no IPv6 link local, I could ping IPv6 internet sites from this Interface, but the Clients behind it don't get an IPv6 Address (the IPv6 configuration of this Interface goes with unmanaged RADV).

It is a known BUG or an error with the configuration? maybe can I solve this Problem when I enter the IPv6 link local of this Interface but how and where?!

Thanks...
Title: Re: IPv6 link local on a Bridge Network !
Post by: bartjsmit on July 27, 2018, 10:18:00 am
Are you allowing icmp6? Does radvdump show the beacon information you are expecting? Have you packet traced the NDP traffic? Any host firewalls getting in the way?

Bart...
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on July 27, 2018, 12:01:37 pm
ICMPv6 is allowed, and it looks like the Bridge Interface missed the auto-configuration of IPv6 link local, I made some Research & found this issue:

https://github.com/opnsense/core/issues/926

I can tell you that everywhere on my Network is configured the same & works fine except the Bridge Network but only with IPv6, everything else is perfect.

Overview of my whole Interfaces shows that the Bridge Interface "only"  has no IPv6 link local, and there is no Firewall behind my OPNsense that blocks this way.
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on July 27, 2018, 10:32:44 pm
I found this Mail too... it describes the problem about Bridge Network & IPv6 link-local & how he solved it. It looks like the problem is known about 10 years ago!!!

https://lists.freebsd.org/pipermail/freebsd-net/2009-April/021675.html

Ok... it could be solved when I enter manually the inet6 fe80::blablabla depends to MAC-address, but how can I do it? where is the rc.conf in OPNsense? or anything else where I can do something about this entry? or command line?

I need your help... & please can a developer notice this problem as BUG? probably can somebody solve it with the new release?! it will be nice! Thanks
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on July 28, 2018, 06:24:58 pm
As I made a simple command over SSH with "ifconfig", I noticed that the Bridge Network has no IPv6 link-local like the another Interfaces that I have on OPNsense:


igb1_vlanxx: flags=xxxx<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400000<TXCSUM_IPV6>
   ether xx:xx:xx:xx:xx:xx
   inet6 fe80::xxxx:xxxx:xxxx:xxxx%igbx_vlanxxxx prefixlen 64 scopeid 0x11
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet 1000baseT <full-duplex>
   status: active
   vlan: xxxx vlanpcp: 0 parent interface: igbx
   groups: vlan
bridge0: flags=xxxx<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,STATICARP> metric 0 mtu 1500
   ether xx:xx:xx:xx:xx:xz
   inet xx.xx.xx.xx netmask 0xfffffe00 broadcast xx.xx.xx.xx
   nd6 options=1<PERFORMNUD>
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15

The Bridge Network get a MAC-Address but no IPv6 link-local is possible, nd6 options set by 1 & the another Interface by 21, & no "AUTO_LINKLOCAL", it is exactly what the Mail in the last post described.

but how can I enter the missed option manually? or is there an another way?

Thank you all...
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 10, 2018, 02:06:12 pm
after a big research in freeBSD tutorial & commands, I could enter the IPv6 link local manually:

when I add the Bridge Interface, it will have automatically a generated MAC-Address (like 00:45:d8:a1:cc:67), converted into IPv6 will give this Address (fe80::245:d8ff:fea1:cc67)

login in SSH & enter this command:

ifconifg bridge0 inet6 fe80::245:d8ff:fea1:cc67%bridge0 prefixlen 64

again ifconfig command, & the Bridge Interface has now a IPv6 link local :-)  BUT UNTIL THE REBOOT :-(

The solution for that in pfsense forum a 5 years ago (pfsense has the problem too, I tried the last version & I became no IPv6 link local too)! but as I said the solution was (thanks pendi from pfsense forum) to edit the file: interfaces.inc (in OPNsense is in /usr/local/etc/inc/ )

what he wrote:

To fix this I added (copied) the following lines into /etc/inc/interfaces.inc to the function "interface_bridge_configure" just before the line " if (isset($bridge['enablestp'])) {":

        /* Create link local address for bridges */
   $mac = get_interface_mac($bridge['bridgeif']);
     $v6address = generate_ipv6_from_mac($mac);
       mwexec("/sbin/ifconfig {$bridge['bridgeif']} inet6 {$v6address}");

it works fine under OPNsense without any problem, in pfsense works too but after every reboot get the Bridge Interface a new mac address.

I hope that it will help somebody, & I hope that a fix comes in the near future for that from OPNsense Developers.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 10, 2018, 05:25:45 pm
karl047 - Nice fix, do you want to issue a PR for that or raise an issue on Github and we'll see if it can be added, probably not in time for 18.7.1 though.


I have to tell you,  I just did an ifconfig on my bridge and this is there:


 inet6 fe80::277:70ff:fecd:1e00%bridge0 prefixlen 64 scopeid 0xb
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 11, 2018, 06:14:19 pm
do you want to issue a PR for that or raise an issue on Github and we'll see if it can be added, probably not in time for 18.7.1 though.

@marjohn56: can you do that for us? I havn't report an issue yet, & I don't know how I will :p
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 11, 2018, 06:17:49 pm
I can do but as you see from my last message, my bridge IS getting a mac address. How is your bridge interface being used?


Sorry.. wife was talking, I meant a link-local address.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 11, 2018, 06:37:21 pm
What are the members of your bridge?


As I say, mine works so there's something else going on.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 11, 2018, 06:44:30 pm
I've just created a bridge of my test Qotom, bridging the 2 spare ports onto the LAN so now I have three LAN ports. Here's the ifconfig output.


Code: [Select]
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:73:82:ed:48:00
        inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::1:1%bridge0 prefixlen 64 scopeid 0xa
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 55
        member: igb3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 55
        member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000000

As you can see, I have a link-local address...


Edit.. No I don't.. well how come I have one on my live unit... off to investigate.


But, after a reboot. I do


Code: [Select]
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:73:82:ed:48:00
        inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 2a02:8010:6228:dd00:73:82ff:feed:4800 prefixlen 64
        inet6 fe80::1:1%bridge0 prefixlen 64 scopeid 0xa
        inet6 fe80::273:82ff:feed:4800%bridge0 prefixlen 64 scopeid 0xa
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000000
        member: igb3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 55
        member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000000
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 11, 2018, 11:51:05 pm
you have to wait a moment please... you have a IPv6 link local on your Bridge Network (fe80::1:1%bridge0) because you have configured the IPv6 Address on your Bridge as Track Interface over WAN ! is it right?

After a succeful configuration of a Bridge Interface with a static IPv4 & IPv6 Addresses, I noticed that this Interface has no IPv6 link local, I could ping IPv6 internet sites from this Interface, but the Clients behind it don't get an IPv6 Address (the IPv6 configuration of this Interface goes with unmanaged RADV).

That what I mean, the configuration that I made was with a static IPv4 & IPv6 !!! after that you get no IPv6 link local on your Bridge Interface therefore you should configure it over ssh command with ifconfig or to copy the lines what I posted (thanks pendi from pfsense forum) in interfaces.inc

I hope that I clearly explained this point.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 12, 2018, 10:47:35 am
There is already a call to put a link local address on the LAN interface, I found it yesterday. It gets done when dhcpdv6 is setting up. So your system SHOULD work without your patch. We need to work out why it isn't.


The code in question is at around line 1417 in interfaces.inc and calls the function  generate_ipv6_from_mac($mac)

Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 12, 2018, 12:10:30 pm
I hope so...
I will tell you what I did & why I had to do with this patch:
firstly I have static IPv4 & IPv6 Addresses from my ISP, OPNsense firmware let you configure IPv6 on your Interfaces with the Option Track Interface over WAN with different IDs (depends to your prefix delegation), but you have 2 Problems with it: the first one: the prefix behind my fritzbox is 60 (from ISP is 56), it is OK too, you can setup with it 16 Networks, but you cannot configure your Interfaces because they aren't be configured with a static IPv6 Address! and that is the second problem.
then, I had to setup my WAN interface as static IPv6 Address with a customized IPv6 address match with the IPv6 Address of my fritzbox (like SLAAC, "the same prefix", but it is configured as static IPv6 Address), & I had the same with the another Interfaces but with a new prefix depends to the prefix delegation (/56), that means I have 256 Networks to setup & not only 16! AND I can configure my IPv6 on those Interfaces because they are configured with a static IPv6 Address!.
the only thing what I had to do: setup a IPv6 static route on my fritzbox for every Interface (except WAN Interface).
The Bridge Interface (in OPNsense or in pfSense) has no IPv6 link local when it will be added, but it will become one when it is configured as Track Interface (like the another Interfaces fe80::1:1), as static IPv6 Address it won't work (why? I don't know ! then I had to setup this patch & everything is fine after that, works, without any problem).

I'm really curious how the problem will be solved.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 12, 2018, 03:51:21 pm
The point is that the bridge interface, when dhcp6d is being configured, whether it's tracking or static, SHOULD automatically configure the link-local address on the bridge interface.


Actually I mislead you, the bit of the code that does this is actually in services.inc and in 18.7 it's at line 1313 >
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 12, 2018, 07:52:48 pm
The point is that the bridge interface, when dhcp6d is being configured, whether it's tracking or static, SHOULD automatically configure the link-local address on the bridge interface.

No, I have a different opinion: the Bridge Interface should have an IPv6 link local when it will be added like the another Interfaces (all my Interfaces have an IPv6 link local, all of them, except the bridge interface). I have tested more than 3 times, on OPNsense & pfSense, it won't work without this patch. Another point: I have tested too without IPv6 configuration, that means no SLAAC & no DHCPv6, & it didn't show an IPv6 link local !

Another Point, that it has nothing to do with our discussion here, but I want to tell you about it: it is a point why I like OPNsense: in the configuration of router advertisement (when you have a static IPv6 Address) is "Advertise Default Gateway", this should be unchecked when you configure a static IPv6 Interface with a static route over your Modem. I want to tell you about this point, maybe it will help you someday (believe me, it was a fight with the configuration of a bridge Network, & a fight with the configuration of static IPv6 in my network behind the fritzbox).
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 12, 2018, 09:59:29 pm
OK... There is some confusion here.


On my live system I have static IPv6 on both the WAN and the LAN interfaces, I also have a bridge interface with three physical NICs on my Bridge interface. I use dhcpd6 and radvd on my LAN. I have zero issues.


On my test system I use DHCP6 on WAN and track interface on LAN, I can set the dhcpd6c/radvd to auto or override it and manually set ranges and I have no problems with that either.


What is different with your system?
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 12, 2018, 10:42:32 pm
Good..
WAN get a static IPv6 & LAN is a bridge network over 3 not physical NIC but VLAN Interfaces (for example 101,102,103).

1. WAN & LAN with a static IPv6 Address: everything good except that LAN no IPv6 link local has, the clients get no IPv6 Address over DHCPv6 or Radvd until I manually add the IPv6 link local to this Interface, then everything is fine. (or with the patch then reboot).

2. WAN with DHCPv6 & LAN with Track Interface: LAN becomes suddenly an IPv6 link local (fe80::1:1%bridge0) & the clients get an IPv6 Addresses over Radvd, but I can't configure DHCPv6 or Radvd because it shows me that only Interfaces with a static IPv6 address can be configured !

that is what I have...
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 13, 2018, 12:03:27 am
At the bottom of the interfaces->LAN page In the Track interface section there is a manual configuration option to allow you to configure RADVD and dhcpd6 when using a tracked interface.
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 13, 2018, 10:55:23 am
just a moment please, is that a new function in 18.7? because I have 18.1.13 installed, & I havn't seen such option yet!
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 13, 2018, 11:10:27 am
It is yes..  :)
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 13, 2018, 11:34:34 am
Just a quick note, there is a bug in 18.7, it's fixed in 18.7.1 but you'll need to do these patches.


Have a look at this thread:


https://forum.opnsense.org/index.php?topic=9374.0 (https://forum.opnsense.org/index.php?topic=9374.0)
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 13, 2018, 01:56:52 pm
@marjohn56: you are one of the best in this forum, thank you for your information.

Whatever if DHCPv6 or Radvd are activated or not on an interface, the bridge network should have an IPv6 link local when it wil be added, like the another Interfaces, & with the lines that I posted in interfaces.inc, everything works fine.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 13, 2018, 02:35:45 pm
Thank you for your kind comments. What I am trying to say is that on my live unit ( statics all round ) and on my test unit ( dhcp6 all round ) I DO get a link local address, no changes to code required, it just works.

Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 13, 2018, 09:43:25 pm
on 18.7 with a Bridge Network?
I will try it & tell you later what I get with it  ;)
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 14, 2018, 11:11:04 pm
A big Report extra for you  8)

I've tried today over 4 hours with all scenarios (WAN: DHCPv6 & static ; Bridge: Track & static).
A little note firstly: "Patch" is the path what I've posted earlier, & I have installed to the configuration the guest network too, because it isn't a bridge network but a VLAN Interface (to compare the IPv6 link local on the both Interfaces), & as I said earlier, the Bridge Network is configured over 3 VLAN Interfaces.

So we can start with the first scenario:

(((((
1- 18.7 image: new installed & new configured (without Patch)
* no IPv6 configured yet on WAN or on another Interfaces: WAN & Guest have IPv6 link local (depends to MAC Address), Bridge has no IPv6 link local.
* ALL Interfaces have been configured with static IPv6: IPv6 on WAN & Guest is OK, no IPv6 on Bridge (& no IPv6 link local)
* WAN has been configured with DHCPv6 (prefix length behind Fritzbox is 60), Guest & Bridge as Track Interface: WAN get a IPv6 Address but cannot connect to the Internet; Guest & Bridge get IPv6 Addresses, can connect to the Internet, the first IPv6 link local on Guest is disappeared & Guest has now a new IPv6 link local (fe80::1:1%vlanxxx) , Bridge has now 2 IPv6 link local: fe80::1:1%bridge0 & a IPv6 link local depends to its MAC Address (!!!!!!!!!!!!!!!!!) (I couldn't believe it), but the Router of IPv6 Network on my iPhone shows the fe80::1:1
* configure the network again with no IPv6 Addresses: WAN & Guest have IPv6 link local again (depends to MAC Address), Bridge has no IPv6 link local more (!!!).
)))))

the second scenario:

(((((
2- 18.7 image: new installed & new configured (with Patch)
* * no IPv6 configured yet on WAN or on another Interfaces: ALL Interfaces have IPv6 link local (depends to MAC Address).
* ALL Interfaces have been configured with static IPv6: IPv6 on ALL Interfaces is OK.
* WAN has been configured with DHCPv6 (prefix length behind Fritzbox is 60), Guest & Bridge as Track Interface: WAN get a IPv6 Address but cannot connect to the Internet; Guest & Bridge get IPv6 Addresses, can connect to the Internet, the first IPv6 link local on Guest is disappeared & Guest has now a new IPv6 link local (fe80::1:1%vlanxxx) , Bridge has now 2 IPv6 link local: fe80::1:1%bridge0 & a IPv6 link local depends to its MAC Address, the Router of IPv6 Network on my iPhone shows the fe80::1:1
* configure the network again with no IPv6 Addresses: ALL Interfaces have IPv6 link local (depends to MAC Address).
)))))

NOTE: with the configuration of WAN with DHCPv6: the Gateway of IPv6 always stays online (after Reboot too), but RTT is 0 second; with the configuration of WAN with static IPv6, & manually added of IPv6 Gateway (the same one of DHCPv6), the Gateway will be online for max 3 minutes, RTT is 0,5 ms, then it will be offline (after Reboot still offline !!!).

I hope that I clearly explained the scenarios for you.

Thank you again for your help.
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 14, 2018, 11:33:33 pm
Very nice... :)


However there were patches issued to correct a couple of dhcpd6 issues in 18.7


Try upgrading to 18.7.1 ( out today! ) , it will overwrite your patch - see if it works then.
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 15, 2018, 09:09:08 am
I will do it today and tell you later...

but just a quastion please: what do you say about the IPv6 Gateway? why does it go offline after a few minutes when it is manually configured & still offline after Reboot?
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 15, 2018, 09:16:09 am
There were a couple of bugs around IPv6 in 18.7, it did not affect all users but a significant minority were affected. I want to make sure that your system is not one of those and that everything is in place before I try and find exactly why your system is behaving differently to mine.


I might ask you to pm me your config too so I can run it on my test unit.
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 15, 2018, 11:48:36 am
Deal  8)

I will try firstly the 18.7.1 & tell you later what I get with it.

I'd like to tell you one information about my experience with all images of OPNsense what I had: the only one that works without any problem (with IPv6 Gateway & directly connection over PPP0E or behind Fritzbox) was 18.1.9 , & the configuration that I made on it was the same of today on 18.7 !

Anyway I will tell you later today how everything goes...
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 15, 2018, 10:29:37 pm
@marjohn56: Image 18.7 updated to 18.7.1_3:

no IPv6 installed yet on WAN, Bridge & Guest: WAN & Guest have IPv6 link local, Bridge hasn't !

what should my next step please? I don't know what I can do more!
Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 15, 2018, 11:26:04 pm
Cool.. OK, now I need to emulate your config. Can you send me via Dropbox or other method your config.xml. Load it into an editor and remove the user and password fields and send me what's left, I'll build a new config that matches and I can then see what happens on my test rig.


Can you also try and setup the IPv6 on WAN and get it that working, also set up bridge as you would normally.



Title: Re: IPv6 link local on a Bridge Network !
Post by: marjohn56 on August 15, 2018, 11:29:14 pm
Please note my edit on the last message I want the config as it would normally be.
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 16, 2018, 08:45:40 am
I will you do it today & send the link to you...

Thank you very much for your kind Help
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on August 20, 2018, 12:43:33 pm
@marjohn56: I sent the link to you with a small description about the configuration.

Thank you very much for your help again.
Title: Re: (SOLVED) IPv6 link local on a Bridge Network !
Post by: karl047 on September 08, 2018, 09:27:20 pm
@ marjohn56 BIG THANKS  :-* :-* :-*
after the update to 18.7.2 the bridge network has further an IPv6 link-local, I've looked after that for my patch in Interfaces.inc and I haven't found it !!! you have the BUG fixed !!! THANK YOU AGAIN  :-* :-* :-*

but as I said in our messages, the gateway of IPv6 stays down.

Update: after a new Re-Configuration of all Interfaces with IPv6, the bridge interface lost its link-local address & I musst to apply the patch again.
Title: Re: (SOLVED) IPv6 link local on a Bridge Network !
Post by: marjohn56 on September 09, 2018, 12:54:29 am
OK, now show me a snapshot of your v6 gateway.
Title: Re: (SOLVED) IPv6 link local on a Bridge Network !
Post by: karl047 on September 10, 2018, 12:38:28 pm
Ok. I will send it to you as PM
Title: Re: IPv6 link local on a Bridge Network !
Post by: karl047 on December 30, 2018, 08:50:35 pm
deleted... sent as PM to Administrator !