Messages

... which only happens when you assign an interface that moves it's location upon reboot or is not there during early boot?


Cheers,
Franco

This will reset it to default:

# opnsense-revert os-lcdproc-sdeclcd


Cheers,
Franco

[1548=40+8+1500 bytes]

Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
PING(1548=40+8+1500 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1


--- 2001:1af8:5300:a010:1::1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error

This illustrates your problem: large IPv6 packets are not going through which also makes the package manager fail.


Cheers,
Franco

> My LAN interface is tracking the WAN interface with prefix ID "AAAA", with manual configuration turned off.

If I interpret this correct "manual configuration" off means "automatic configuration" on.  Part of this is distributing PDs when your WAN prefix is big enough.


Cheers,
Franco

How about confirming the patch instead?


Thanks,
Franco

There was a second bug with that particular code it seems which was fixed hereby applying to 26.1.1:

# opnsense-patch https://github.com/opnsense/core/commit/4912a671be1


Cheers,
Franco

There's no real need to do that.  It's only a FreeBSD ports message.


Cheers,
Franco

It depends on the scope of the fix to be made.  Though there were similar issues before and the impact is limited in general so in the best case it can wait one more week especially when it was in there for a year or so.


Cheers,
Franco

[in]

> - ISC plug-in issues during future upgrades.

Unlikely.  The most critical transition is from 25.7.11 to 26.1. After that the required ISC-DHCP files will remain on the disk without further intervention. Normal erratic behaviour always applies but that's from other factors.

> - A lot of misunderstanding about Track Interface vs. Identity Association and when to use which or why they both exist.

We have time now to update the documentation as the situation evolves and people ask the same questions and 5 months to figure out the next steps before anything changes.  That's also why we opted for a maintenance free update regarding ISC DHCP functionality: add new features only and make sure they work as expected before removing other things.

> And minimize the amount of support needed for all of the above ?!

We're in the minimized version of the transition I hope.

> In my case I was kind of expecting things to go wrong with the ISC-DHCP plugin

That wasn't the goal here.  Maybe it wasn't clear.  Yet ISC-DHCP is the Sword of Damocles in this situation which could fall any second due to security related incidents.  We don't know, we don't expect it but it could always happen.  Now all the tools for migration are there.  If you have to use them that's a different question.  Personally, I still use ISC-DHCP for IPv4 and IPv6.

> (Sorry for showing a bit of lack of trust... LOL!)

Why not.  It's probably the smarter approach.  :)

Cheers,
Franco

There were no upgrading issues related to ISC-DHCP plugin that needed to be fixed. There is, however, a long standing bug in the FreeBSD package manager that can stop at any point in time due to a race condition which will definitely hit the user regarding the final installation of the ISC plugin since it is the last operation in the upgrade, but this is is neither predictable nor prevalent.

26.1.1 will be reachable from 25.7.11 tomorrow after a few more tests.


Cheers,
Franco

Just post your firmware connectivity audit here so we can see :)


Cheers,
Franco

Hi Mario,

The prefix behaviour doesn't change at all. dhcp6c distributes prefixes to LAN interfaces in both Track interface and Identity association mode.

What's up to you is how you want to provide DHCPv6 servers on LAN and this is where the Track/Identity modes start to differ marginally*. If you're already using Kea or DNSmasq for IPv6 in your LAN you can consider switching to Identity association but should check if you currently use Radvd as it will require manual configuration for your LAN interfaces then too (if you don't use Radvd - Router Advertisements then maybe Dnsmasq is already doing that also).


Cheers,
Franco

* To answer your question identity association is what track interface's "Allow manual adjustment of DHCPv6 and Router Advertisements" mode checked is. It will differ more in the future and Track interface will be phased out when ISC-DHCP is going to be removed which could be 2028 or so. We have no plans for removal yet.

Hi Mike,

It means it's missing from your install. If would say "orphaned" if it wasn't on the mirror anymore. It's here also:

https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/MINT/26.1.1/latest/All/os-lcdproc-sdeclcd-1.1_1.pkg


Cheers,
Franco

So the question is which volatile network device/tunnel did you assign as an interface?


Cheers,
Franco

Kind of, yes, settings stay in place, but since the new default install does not have ISC-DHCP installing the plugin is required if you want to use it (which sounds logical).

If you can do an upgrade instead of a reinstall.  The only point to reinstall is when wanting to move from UFS to ZFS.

The upgrade is fire and forget (not counting upgrade related issues with disk, file system or package manager misbehaving which can obviously always happen but are not the norm).


Cheers,
Franco