Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - shallpion

Pages1
#1
General Discussion / ipv6 pd does not work, WAN received ipv6 but not LAN
December 14, 2020, 11:14:11 AM
Hi, so I recently my ipv6 stopped working without any configuration change. I have a very simple setup: WAN (igb0) using dhcp6c requesting a /60 from my ISP and LAN(igb1) is tracking it. This used to work just fine however I noticed since some time ago the LAN and all clients in LAN stopped getting any ipv6, the WAN on the other hand still has a working /64 address and I can ping ipv6 google address on the router itself.

I tried to load the config in a live USB running 20.1 (I am running latest 20.7) and still seeing the issue so I don't think it is anything broken in OPNSense at least: (the log is reverse time order: first line being latest)

Code Select

2020-12-14T10:02:38 dhcp6c[3635] dhcp6c REQUEST on igb0 - running newipv6
2020-12-14T10:02:38 dhcp6c[49330] dhcp6c REQUEST on igb0
2020-12-14T10:02:38 dhcp6c[86377] executes /var/etc/dhcp6c_wan_script.sh
2020-12-14T10:02:38 dhcp6c[86377] reset a timer on igb0, state=INIT, timeo=0, retrans=541
2020-12-14T10:02:38 dhcp6c[86377] remove an IA: PD-0
2020-12-14T10:02:38 dhcp6c[86377] IA PD-0 is invalidated
2020-12-14T10:02:38 dhcp6c[86377] status code for PD-0: no prefixes
2020-12-14T10:02:38 dhcp6c[86377] make an IA: PD-0
2020-12-14T10:02:38 dhcp6c[86377] nameserver[1] 2001:558:feed::2
2020-12-14T10:02:38 dhcp6c[86377] nameserver[0] 2001:558:feed::1
2020-12-14T10:02:38 dhcp6c[86377] Received REPLY for REQUEST
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option DNS, len 32
2020-12-14T10:02:38 dhcp6c[86377] preference: 255
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option preference, len 1
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:02:00:00:d2:6d:93:a8:41:89:93:2b:dd:28
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option client ID, len 14
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:01:00:01:27:67:68:10:5c:7d:7d:2a:5a:a1
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option server ID, len 14
2020-12-14T10:02:38 dhcp6c[86377] status code: no prefixes
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option status code, len 67
2020-12-14T10:02:38 dhcp6c[86377] IA_PD: ID=0, T1=0, T2=0
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option IA_PD, len 83
2020-12-14T10:02:38 dhcp6c[86377] receive reply from fe80::10:18ff:fe0c:757%igb0 on igb0
2020-12-14T10:02:38 dhcp6c[86377] reset a timer on igb0, state=REQUEST, timeo=0, retrans=937
2020-12-14T10:02:38 dhcp6c[86377] send request to ff02::1:2%igb0
2020-12-14T10:02:38 dhcp6c[86377] set IA_PD
2020-12-14T10:02:38 dhcp6c[86377] set status code
2020-12-14T10:02:38 dhcp6c[86377] set option request (len 4)
2020-12-14T10:02:38 dhcp6c[86377] set elapsed time (len 2)
2020-12-14T10:02:38 dhcp6c[86377] set server ID (len 14)
2020-12-14T10:02:38 dhcp6c[86377] set client ID (len 14)
2020-12-14T10:02:38 dhcp6c[86377] a new XID (960387) is generated
2020-12-14T10:02:38 dhcp6c[86377] Sending Request
2020-12-14T10:02:38 dhcp6c[86377] server ID: 00:01:00:01:27:67:68:10:5c:7d:7d:2a:5a:a1, pref=255
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option DNS, len 32
2020-12-14T10:02:38 dhcp6c[86377] preference: 255
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option preference, len 1
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:02:00:00:d2:6d:93:a8:41:89:93:2b:dd:28
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option client ID, len 14
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:01:00:01:27:67:68:10:5c:7d:7d:2a:5a:a1
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option server ID, len 14
2020-12-14T10:02:38 dhcp6c[86377] status code: no prefixes
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option status code, len 67
2020-12-14T10:02:38 dhcp6c[86377] IA_PD: ID=0, T1=0, T2=0
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option IA_PD, len 83
2020-12-14T10:02:38 dhcp6c[86377] receive advertise from fe80::10:18ff:fe0c:757%igb0 on igb0
2020-12-14T10:02:38 dhcp6c[86377] reset timer for igb0 to 0.997628
2020-12-14T10:02:38 dhcp6c[86377] server ID: 00:03:00:01:58:97:bd:19:62:80, pref=-1
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option domain search list, len 25
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option DNS, len 32
2020-12-14T10:02:38 dhcp6c[86377] IA_PD prefix: 2604:4080:11ac:8bb0::/60 pltime=1800 vltime=137593572298256
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option IA_PD prefix, len 25
2020-12-14T10:02:38 dhcp6c[86377] IA_PD: ID=0, T1=900, T2=1440
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option IA_PD, len 41
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:02:00:00:d2:6d:93:a8:41:89:93:2b:dd:28
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option client ID, len 14
2020-12-14T10:02:38 dhcp6c[86377] DUID: 00:03:00:01:58:97:bd:19:62:80
2020-12-14T10:02:38 dhcp6c[86377] get DHCP option server ID, len 10
2020-12-14T10:02:38 dhcp6c[86377] receive advertise from fe80::5a97:bdff:fe19:62bf%igb0 on igb0
2020-12-14T10:02:38 dhcp6c[86377] reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1029
2020-12-14T10:02:38 dhcp6c[86377] send solicit to ff02::1:2%igb0
2020-12-14T10:02:38 dhcp6c[86377] set IA_PD
2020-12-14T10:02:38 dhcp6c[86377] set IA_PD prefix
2020-12-14T10:02:38 dhcp6c[86377] set option request (len 4)
2020-12-14T10:02:38 dhcp6c[86377] set elapsed time (len 2)
2020-12-14T10:02:38 dhcp6c[86377] set client ID (len 14)
2020-12-14T10:02:38 dhcp6c[86377] a new XID (e121c) is generated
2020-12-14T10:02:38 dhcp6c[86377] Sending Solicit
2020-12-14T10:02:38 dhcp6c[86377] got an expected reply, sleeping.
2020-12-14T10:02:38 dhcp6c[86377] removing server (ID: 00:03:00:01:58:97:bd:19:62:80)
2020-12-14T10:02:38 dhcp6c[86377] removing server (ID: 00:01:00:01:27:67:68:10:5c:7d:7d:2a:5a:a1)
2020-12-14T10:02:38 dhcp6c[86377] removing an event on igb0, state=REQUEST
2020-12-14T10:02:38 dhcp6c[86377] script "/var/etc/dhcp6c_wan_script.sh" terminated
2020-12-14T10:02:35 dhcp6c[59994] dhcp6c REQUEST on igb0 - running newipv6
2020-12-14T10:02:35 dhcp6c[44275] dhcp6c REQUEST on igb0
2020-12-14T10:02:35 dhcp6c[86377] executes /var/etc/dhcp6c_wan_script.sh


So it seems that I was able to get a /60 PD based on this line:

Code Select

2020-12-14T10:02:38 dhcp6c[86377] IA_PD prefix: 2604:4080:11ac:8bb0::/60 pltime=1800 vltime=137593572298256


However no ipv6 for LAN (igb1) and I wonder if these two lines are related:
Code Select

2020-12-14T10:02:38 dhcp6c[86377] IA PD-0 is invalidated
2020-12-14T10:02:38 dhcp6c[86377] status code for PD-0: no prefixes


Doing tcpdump on the router has the following interesting communication:

Code Select

root@OPNsense:~ # tcpdump -i igb0 -n -vv '(udp port 546 or 547) or icmp6'
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:07:10.559447 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::4262:31ff:fe08:8c1c.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=afd2bb (client-ID vid 0000d26d93a84189) (elapsed-time 0) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/60 pltime:4294967295 vltime:4294967295)))
10:07:10.561580 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 154) fe80::5a97:bdff:fe19:62bf.547 > fe80::4262:31ff:fe08:8c1c.546: [udp sum ok] dhcp6 advertise (xid=afd2bb (server-ID hwaddr type 1 5897bd196280) (client-ID vid 0000d26d93a84189) (IA_PD IAID:0 T1:900 T2:1440 (IA_PD-prefix 2604:4080:11ac:8bb0::/60 pltime:1800 vltime:3600)) (DNS-server 2607:f060:2::1 2607:f060:2:1::1) (DNS-search-list users.condointernet.net.))
10:07:10.566420 IP6 (flowlabel 0x6a592, hlim 64, next-header UDP (17) payload length: 176) fe80::10:18ff:fe0c:757.547 > fe80::4262:31ff:fe08:8c1c.546: [udp sum ok] dhcp6 advertise (xid=afd2bb (IA_PD IAID:0 T1:0 T2:0 (status-code NoPrefixAvail)) (server-ID hwaddr/time type 1 time 661088272 5c7d7d2a5aa1) (client-ID vid 0000d26d93a84189) (preference 255) (DNS-server 2001:558:feed::1 2001:558:feed::2))


Again I am not sure if the NoPrefixAvail status-code is responsible... Is it possible or is there anyway to prove that my ISP changed something causing my ipv6 configuration stop working? Thanks!

#2
General Discussion / Potentially conflicting firewall direction instructions?
May 23, 2020, 07:27:20 AM
Hi, thanks for reading my post :) I am using OPNsense 20.1.7-amd64 and I notice that in the Firewall->Rules->LAN (could be any interface), if I edit any rule and also click the small "i" icon next to "Direction" tab, an instructional message appears:

QuoteDirection of the traffic. The default policy is to filter inbound traffic, which sets the policy to the interface originally receiving the traffic.

However if I read the online manual https://docs.opnsense.org/manual/firewall.html, it says

Quoteour default is to filter on incoming direction. In which case you would set the policy on the interface where the traffic originates from.

I think if I understood it correctly, the one on the web interface sounds correct and the online manual perhaps is a little misleading. Should this be fixed? Thanks :)
Pages1