Messages

This is OPNsense 19.7.8-amd64 behind a (Vodafone Germany) cable modem (Compal CH7466CE in bridge mode) with (currently) a single WAN, with a fixed IPv4 (DHCPv4) and a /56 IPv6 subnet delegated.

IPv4 is fully working. IPv6 is partly working -- aka no route present, since no gateway.

While I'm getting a public /128 on the WAN assigned and also a /64 from my fixed /56 allocation showing up on the LAN NIC there's no IPv6 gateway nor a route.

clog -f /var/log/system.log shows things like

Jan  2 15:19:01 opns dhcp6c[23287]: Received REPLY for RENEW
Jan  2 15:19:01 opns dhcp6c[23287]: add an address 2a02:xxxxx:x:xx:xxxx:xxxx:xxxx:xxxx/128 on igb0
Jan  2 15:19:01 opns dhcp6c: dhcp6c RENEW on igb0

cat /var/etc/radvd.conf

interface igb2 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix 2a02:xxxx:xxx:xxx::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2a02:xxxx:xxx:xxx:xxxx:xxxx:xxxx:xxxx { };
        DNSSL xxxxxx { };
};

Any idea how to debug this? Thanks.

P.S. WAN is on igb0,

tcpdump -vvvv -ttt -i igb0 icmp6 and 'ip6[40] = 134'
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes

produces nothing, whereas it does on the LAN interface (igb2).

Ok, there's definitely the default gateway/router for WAN missing:

root@opns:~ # ls -la /tmp/*router*
-rw-r-----  1 root  wheel  14 Jan  3 09:18 /tmp/igb0_router


How can I force the gateway manually? The web interface doesn't seem to allow it.

I can see a Casa Systems Inc. MAC in NDP table corresponding to fe80::1%igb0 and I can ping it:

root@opns:~ # ping6 fe80::1%igb0
PING6(56=40+8+8 bytes) fe80::ae16:2dff:fe96:2558%igb0 --> fe80::1%igb0
16 bytes from fe80::1%igb0, icmp_seq=0 hlim=64 time=30.687 ms
16 bytes from fe80::1%igb0, icmp_seq=1 hlim=64 time=10.807 ms
16 bytes from fe80::1%igb0, icmp_seq=2 hlim=64 time=8.504 ms
16 bytes from fe80::1%igb0, icmp_seq=3 hlim=64 time=7.904 ms
16 bytes from fe80::1%igb0, icmp_seq=4 hlim=64 time=16.850 ms
16 bytes from fe80::1%igb0, icmp_seq=5 hlim=64 time=7.834 ms
16 bytes from fe80::1%igb0, icmp_seq=6 hlim=64 time=7.720 ms
16 bytes from fe80::1%igb0, icmp_seq=7 hlim=64 time=9.581 ms
16 bytes from fe80::1%igb0, icmp_seq=8 hlim=64 time=8.467 ms
16 bytes from fe80::1%igb0, icmp_seq=9 hlim=64 time=11.037 ms
16 bytes from fe80::1%igb0, icmp_seq=10 hlim=64 time=8.409 ms
16 bytes from fe80::1%igb0, icmp_seq=11 hlim=64 time=7.365 ms
16 bytes from fe80::1%igb0, icmp_seq=12 hlim=64 time=8.821 ms
^C
--- fe80::1%igb0 ping6 statistics ---
13 packets transmitted, 13 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 7.365/11.076/30.687/6.149 ms

so that should be presumably my gateway, and if all runs correctly there should be a /tmp/igb0_routerv6 entry with fe80::1%igb0 in it, presumably.

Interactively, at command line:

route -n add -inet6 default  fe80::1%igb0
add net default: gateway fe80::1%igb0

seems to work. But how can I make it stick?

Before:

Internet6:
Destination        Gateway            Flags     Netif Expire
localhost          link#6             UH          lo0
opns               link#1             UHS         lo0
fe80::%igb0/64     link#1             U          igb0

After:

netstat -6 -r -n
Routing tables

Internet6:
Destination                       Gateway                       Flags     Netif Expire
default                           fe80::1%igb0                  UGS        igb0
::1                               link#6                        UH          lo0

Ok, as a workaround I put

cat /usr/local/etc/rc.syshook.d/start/40-ipv6-default-gateway
/sbin/route -n add -inet6 default  fe80::1%igb0

which seems (no idea what happens after DHCPv6 WAN lease expiry) to work after reboot.