"
Thanks for the swift reply, and apologies for not checking the Github issues.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
25.7 Series / Kea - Routes not assigned during prefix delegation
Today at 06:00:11 PM
I've got two OPNSense routers. One receives a /48 from my ISP, and delegates a /60 to the other.
This has been working on ISC DHCP for a few years. It's a very similar setup in some ways to the one in this topic:-
https://forum.opnsense.org/index.php?topic=48651.0
I've migrated the first router to Kea now, and I've had to add a static route to the second router for the delegated prefix in order for everything to work correctly. There doesn't seem to be an automated addition of the route for the delegated prefix.
I've added a static lease for the second router, and this is outside of the delegated prefix range.
In the topic linked above, you point slowhawkeclipse at the file https://github.com/opnsense/core/blob/master/src/opnsense/scripts/dhcp/prefixes.php. I can't find an equivalent of this for for Kea.
Am I missing something, or is this facility not yet implemented?
Thanks for any info.
This has been working on ISC DHCP for a few years. It's a very similar setup in some ways to the one in this topic:-
https://forum.opnsense.org/index.php?topic=48651.0
I've migrated the first router to Kea now, and I've had to add a static route to the second router for the delegated prefix in order for everything to work correctly. There doesn't seem to be an automated addition of the route for the delegated prefix.
I've added a static lease for the second router, and this is outside of the delegated prefix range.
In the topic linked above, you point slowhawkeclipse at the file https://github.com/opnsense/core/blob/master/src/opnsense/scripts/dhcp/prefixes.php. I can't find an equivalent of this for for Kea.
Am I missing something, or is this facility not yet implemented?
Thanks for any info.
#3
24.1, 24.4 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request
July 11, 2024, 12:38:41 PM
Since you've quoted me dfw3xam1n3r, I'll reply as best I can.
On the face of it I can't see a reason for this to be related, but I'm just a random software developer off the internet. This is my first PR for opnsense. I'm best described as an enthusiastic user of opnsense, so my product knowledge level is at best patchy. For example, I don't know how the dataflows for the 'track interface' feature are implemented.
That's the disclaimer. However, you can investigate this yourself as follows, if you're on 24.1.9:-
1) Restart the WAN connection
2) Get up a terminal and investigate the WAN connection with ifconfig -L pppoe0 (assuming you're on PPPoE).
You should see your IPv6 GUA there. After the text vltime there will be a value. This is the number of seconds remaining before your GUA disappears. Your ISP will still believe your GUA is active, as it will be getting regular RENEW requests from you.
When your GUA does disappear, a range of things can happen from 'hardly anything' to 'no IPv6'. This is ISP-dependent to a large extent. However, you have a precise time when this happens, and so with a bit of detective work you should be able to figure out if there is a dependency between events on your network and the GUA disappearing.
BTW, I believe a release which addresses this issue is imminent so this may be moot.
On the face of it I can't see a reason for this to be related, but I'm just a random software developer off the internet. This is my first PR for opnsense. I'm best described as an enthusiastic user of opnsense, so my product knowledge level is at best patchy. For example, I don't know how the dataflows for the 'track interface' feature are implemented.
That's the disclaimer. However, you can investigate this yourself as follows, if you're on 24.1.9:-
1) Restart the WAN connection
2) Get up a terminal and investigate the WAN connection with ifconfig -L pppoe0 (assuming you're on PPPoE).
You should see your IPv6 GUA there. After the text vltime there will be a value. This is the number of seconds remaining before your GUA disappears. Your ISP will still believe your GUA is active, as it will be getting regular RENEW requests from you.
When your GUA does disappear, a range of things can happen from 'hardly anything' to 'no IPv6'. This is ISP-dependent to a large extent. However, you have a precise time when this happens, and so with a bit of detective work you should be able to figure out if there is a dependency between events on your network and the GUA disappearing.
BTW, I believe a release which addresses this issue is imminent so this may be moot.
#4
24.1, 24.4 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request
July 08, 2024, 04:48:32 PM
I've tracked down what is happening on my simple setup (address only, no prefix) and created a PR for discussion:-
https://github.com/opnsense/dhcp6c/pull/36
https://github.com/opnsense/dhcp6c/pull/36
#5
24.1, 24.4 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request
July 03, 2024, 07:07:33 PM
Attached is my packet capture from 24.1.9
As I write this, system uptime is 2:56, and it's 17:56 BST here. So the capture started at around 15:00 BST. This isn't an exact time. I note 'who -b' doesn't seem to work on my system.
I ran a IPv6 ping test of my WAN address in parallel at a rate of one a minute. The ping test dropped out at 17:03 BST approx.
The initial lease from 15:00 BST (approx.) has a valid lifetime of 7200 secs (packet 6). A renew request is made at 16:00 BST and answered (packets 10 and 11), and another one is made at 17:00 BST (packets 12 and 13). Round about this point the IP address is dropped.
So it looks to me as though the DHCP REPLY packets are not being acted on, or when they are received the valid lifetime is not being updated.
I really hope this is of use. I'm happy to reproduce this if required to get more information, (e.g. logging), or to try something else, but I'll wait to be guided by someone who knows more about this than I do! I'm going to roll back to 24.1.8 here for now.
As I write this, system uptime is 2:56, and it's 17:56 BST here. So the capture started at around 15:00 BST. This isn't an exact time. I note 'who -b' doesn't seem to work on my system.
I ran a IPv6 ping test of my WAN address in parallel at a rate of one a minute. The ping test dropped out at 17:03 BST approx.
The initial lease from 15:00 BST (approx.) has a valid lifetime of 7200 secs (packet 6). A renew request is made at 16:00 BST and answered (packets 10 and 11), and another one is made at 17:00 BST (packets 12 and 13). Round about this point the IP address is dropped.
So it looks to me as though the DHCP REPLY packets are not being acted on, or when they are received the valid lifetime is not being updated.
I really hope this is of use. I'm happy to reproduce this if required to get more information, (e.g. logging), or to try something else, but I'll wait to be guided by someone who knows more about this than I do! I'm going to roll back to 24.1.8 here for now.
#6
24.1, 24.4 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request
July 03, 2024, 03:56:44 PM
Packet capture from DHCPv6 over 4 hours on 24.1.8 following SIGHUP to dhcp6c
There are a few RELEASE messages (packets 1, 5, 7, 8, 9) with an XID of 0x3f4706 which I think are related to the initial HUP I sent dhcp6c. Other than that, it's pretty much as expected.
I've installed 24.1.9 and rebooted. /var/etc/dhcp6c.conf is identical. I've restarted the capture. Currently I have a pingable WAN address.
There are a few RELEASE messages (packets 1, 5, 7, 8, 9) with an XID of 0x3f4706 which I think are related to the initial HUP I sent dhcp6c. Other than that, it's pretty much as expected.
I've installed 24.1.9 and rebooted. /var/etc/dhcp6c.conf is identical. I've restarted the capture. Currently I have a pingable WAN address.
#7
24.1, 24.4 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request
July 03, 2024, 11:27:33 AM
I'm having the same problem with my UK ISP, Andrews and Arnold (A&A).
Because A&A provide static routing I'm not requesting a prefix at all - just a non-temporary address, and options 23 and 24.
I've got a virtualized router, so I've rolled back to 24.1.8 for now.
/var/etc/dhcp6c.conf looks like this:-
I'm running this command on the console to capture the DHCP negotiations:-
tcpdump -w dhcp.pcap -i pppoe0 udp portrange 546-547
I've also sent a HUP to dhcp6c to release and re-request the address.
Tomorrow I'll repeat the exercise on 24.1.9 and look for obvious changes.
I'm not looking at logging yet, but I thought a report of what's going on on-the-wire might be useful.
Because A&A provide static routing I'm not requesting a prefix at all - just a non-temporary address, and options 23 and 24.
I've got a virtualized router, so I've rolled back to 24.1.8 for now.
/var/etc/dhcp6c.conf looks like this:-
Code Select
interface pppoe0 {
send ia-na 0; # request stateful address
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };I'm running this command on the console to capture the DHCP negotiations:-
tcpdump -w dhcp.pcap -i pppoe0 udp portrange 546-547
I've also sent a HUP to dhcp6c to release and re-request the address.
Tomorrow I'll repeat the exercise on 24.1.9 and look for obvious changes.
I'm not looking at logging yet, but I thought a report of what's going on on-the-wire might be useful.
#8
21.7 Legacy Series / Re: IPv6 & zen.co.uk
August 27, 2021, 06:00:51 PM
I'm using Zen. Unlike your config I've got the WAN set up for DHCP (rather than going fully static). I've upgraded this system a couple of times, so when I set it up I was using the old instructions.
In my case, the gateway appears under System/Gateways/Single. Are you able to set up your static gateway under there?
In my case, the gateway appears under System/Gateways/Single. Are you able to set up your static gateway under there?
Pages1
