Messages

Indeed for me my Problem was solved through removing a manual outbound NAT Rule:

Code Select Expand

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN any * ! Private_Networks  * WAN address * YES

Maybe, if the rule is needed in future setups, one should restrict ports from 1024 beginning to not NAT 67/68 546/547 DHCP Ports.
port 1024:65535

SOLVED:

Indeed for me my Problem was solved through removing a manual outbound NAT Rule:

Code Select Expand

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN any * ! Private_Networks  * WAN address * YES

Maybe, if the rule is needed in future setups, one should restrict ports from 1024 beginning to not NAT 67/68 546/547 DHCP Ports.
port 1024:65535

Indeed for me my Problem was solved through removing a manual outbound NAT Rule:

Code Select Expand

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN any * ! Private_Networks  * WAN address * YES

Maybe, if the rule is needed in future setups, one should restrict ports from 1024 beginning to not NAT 67/68 546/547 DHCP Ports.
port 1024:65535

SOLVED:

I've had a manual Outbound NAT Rule:

Code Select Expand

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN any * ! Private_Networks  * WAN address * YES

That Rule made no Problems until 24.7.10, with and after that Release Errors started "dhcp6c   transmit failed: Permission denied"

Jesus Christ....

The Reason for that Rule was (in my Imagination) that I wanted in outbound NAT static Ports for IPv4 because opnsense otherwise randomly addresses ports. That caused Problems on at least one Multiplayer game because they seem to pick the clients outgoing port and put in the payload, telling the other side that port. But opnsense you choose another outgoing port so the other side failed.

In my great Wiseness when adding the IPv4 NAT Rule I also copied it for IPv6 for future purpose, not knowing that this could cause problems 6 years later.

Got the same Issue, dhcp6c transmit failed: permission denied

My Setup is PPPoE Interface on WAN. So opnsense is doing PPPoE, I have dual Stack. Provider enforces reconnect every 24 Hours.

There is a auto generated rule under WAN allowing dhcpv6

Code Select Expand

IPv6 UDP * * fe80::/10 546 * * allow dhcpv6 client in WAN
IPv6 UDP fe80::/10 546 fe80::/10, ff02::/16 547 * * allow dhcpv6 client out WAN


I put dhcp6c on debug level logging.
Updated to: 24.7.12_4

What I can see is an Permission Error which repeats.

2025-09-22T14:59:20   Notice   dhcp6c   reset a timer on pppoe0, state=SOLICIT, timeo=6, retrans=67758   
2025-09-22T14:59:20   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T14:59:20   Notice   dhcp6c   set IA_PD   
2025-09-22T14:59:20   Notice   dhcp6c   set option request (len 4)   
2025-09-22T14:59:20   Notice   dhcp6c   set elapsed time (len 2)   
2025-09-22T14:59:20   Notice   dhcp6c   set identity association   
2025-09-22T14:59:20   Notice   dhcp6c   set client ID (len 14)   
2025-09-22T14:59:20   Notice   dhcp6c   Sending Solicit   
2025-09-22T14:59:07   Notice   dhcp6c   reset a timer on pppoe0, state=SOLICIT, timeo=6, retrans=67278   
2025-09-22T14:59:07   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T14:59:07   Notice   dhcp6c   set IA_PD   
2025-09-22T14:59:07   Notice   dhcp6c   set option request (len 4)   
2025-09-22T14:59:07   Notice   dhcp6c   set elapsed time (len 2)   
2025-09-22T14:59:07   Notice   dhcp6c   set identity association   
2025-09-22T14:59:07   Notice   dhcp6c   set client ID (len 14)   
2025-09-22T14:59:07   Notice   dhcp6c   Sending Solicit   
2025-09-22T14:58:47   Notice   dhcp6c   reset a timer on pppoe0, state=SOLICIT, timeo=5, retrans=33641   
2025-09-22T14:58:47   Error   dhcp6c   transmit failed: Permission denied

The ppp device seems to get an IPv6 addy:

2025-09-22T14:57:58   Notice   ppp   ppp-linkup: executing on pppoe0 for inet6   
2025-09-22T14:57:58   Informational   ppp   [wan] f45e:23ff:xxx:0480 -> 4688:16ff:xxx:3119   
2025-09-22T14:57:58   Informational   ppp   [wan] IPV6CP: LayerUp   
2025-09-22T14:57:58   Informational   ppp   [wan] IPV6CP: state change Ack-Sent --> Opened   
2025-09-22T14:57:58   Informational   ppp   [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent)   
2025-09-22T14:57:58   Informational   ppp   [wan_link0] rec'd unexpected protocol IPv6   
2025-09-22T14:57:58   Informational   ppp   [wan_link0] rec'd unexpected protocol IPv6   
2025-09-22T14:57:58   Informational   ppp   [wan] IFACE: Rename interface ng0 to pppoe0   
2025-09-22T14:57:58   Informational   ppp   [wan] IFACE: Up event   
2025-09-22T14:57:58   Notice   ppp   ppp-linkup: executing on pppoe0 for inet   
2025-09-22T14:57:58   Informational   ppp   [wan] 31.29.34.167 -> 84.46.104.53   
2025-09-22T14:57:58   Informational   ppp   [wan] IPCP: LayerUp   
2025-09-22T14:57:58   Informational   ppp   [wan] IPCP: state change Ack-Sent --> Opened   
2025-09-22T14:57:58   Informational   ppp   [wan] IPADDR 31.29.34.xxx   
2025-09-22T14:57:58   Informational   ppp   [wan] IPCP: rec'd Configure Ack #3 (Ack-Sent)   
2025-09-22T14:57:58   Informational   ppp   [wan] IPADDR 31.29.34.xxx   
2025-09-22T14:57:58   Informational   ppp   [wan] IPCP: SendConfigReq #3   
2025-09-22T14:57:58   Informational   ppp   [wan] 31.29.34.xxx is OK   
2025-09-22T14:57:58   Informational   ppp   [wan] IPADDR 31.29.34.xxx   
2025-09-22T14:57:58   Informational   ppp   [wan] IPCP: rec'd Configure Nak #2 (Ack-Sent)


Interesting, so PPPoE receives IPv6 address but dhcp6c is not able to bind it on interface...

Reinstalling dhcp6c package does not have any effect.


Chatp GPT gave me hint that DUID could be new after upgrade so I checked, but DUID for dhcp6c stays the same.

Show goes on:

2025-09-22T15:43:49   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:43:10   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:41:35   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:41:09   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:40:29   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:40:10   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:39:57   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:39:40   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:39:39   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:39:32   Error   dhcp6c   transmit failed: Permission denied


Update to 25.1:

2025-09-22T15:55:03   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:55:01   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:55:00   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:54:59   Notice   dhcp6c   RTSOLD script - Sending SIGHUP to dhcp6c   
2025-09-22T15:54:53   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:54:49   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:54:47   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:54:46   Error   dhcp6c   transmit failed: Permission denied   
2025-09-22T15:54:45   Notice   dhcp6c   RTSOLD script - Sending SIGHUP to dhcp6c


I noticed that in 25.1 the Point-to-Point Devices Logfile seems to have moved, but I don't where to??

OK so then I need some Ideas how to debug my Problem as I have actually the IPv4 Box checked now in 24.7.9_1 but as soon as I go one Patch or Release further (where IPv4 Conenctivity should be the new Default) I do NOT get any IP anymore.

Who can I debug whats changed in behavior?

tl;dr:
using dhcpv6 client config with box checked "use ipv4 connection" in 24.7.9_1
From >24.7.9_1 that should be default, so box was removed. But since then no IPv6 Address is assigned anymore on PPPoE WAN.
question: why? how to debug?

Hi there, I found this thread going in my problem direction. The Option "Use IPv4 conenctivity" in die dhcpv6 client config was removed a while ago. It took some time for me to notice that. So I'am Stuck on 24.7.9_1 and EVERY Release after that causes my dhcpv6 config to fail and not getting an IPv6 address nor a prefix on my PPPoE WAN Interface.

My Provider seems to need that IPv4 connectivity Hack.

Where can I open up a ticket on opnsense to report that problem? I think my provider won't update his whole infrastructure just for me.

Or does anyone have an idea how to get the function back?

Hi,

unfortunately I cannot find any SOlution. Every Release after 24.7.9_1 causes that I get no IPv6 IP on the WAN Interface anymore. So all Version are unusable for me because I want to have a working dual stack.

I was hoping that anyone would try helping to debug as I can't see any obvious failures in the regular logs.

Hello,

I just upgraded from 24.7.9_1 to 24.7.11_2 and after that I am not getting an IPv6 WAN Address nor a delegated prefix over my PPPoE Connection. With 24.7.9_1 everything works fine.

Setting:
PPPoE Adapter, default settings
WAN Interface: ipv4: pppoe; ipv6: DHCPv6; Use IPv4 connectivity; Basic; delegation size 56; rest is all default
Tunable: net.inet6.ip6.dad_count = 0
fixed a dpinger problem long ago (https://github.com/opnsense/core/issues/6913)

After Update I can see a logfile which made me curious:
Error dhcp6c transmit failed: Permission denied
/usr/local/etc/rc.newwanipv6 also got some error messages.

The System runs virtualized so I did a Snapshot Rollback but currently 24.7.11_2 seems unusable for me.

What I tried:
Request prefix on only on/off
Send prefix hint on/off
combination of both

DHCPv6 to PPPoEv6 and back
PPPoE Compression on/off

Nothing made a difference :-(

OK hat zufällig jemand noch eine Idee wie man den neuen os-ddclient konfiguriert, wenn man Update URLs ansprechen muss in denen man die IP als Variable mitgibt?

Das ist eine recht verbreitete Methode und ich fände es seltsam würde os-ddclient das nicht unterstützen.

ich brauche es aber leider

Hi,

das ist nicht mein Problem. Mein Problem ist, dass wenn ich zwei Custom Profile einrichte, eines für IPv6 und eines für IPv4, ich im DDNSS Account nie beide IPs drin habe.
Er speichert immer nur die zuletzt geupdatete leider.

Wenn ich also Save & Force Update auf IPv6 Profil drücke, dann hat mein DDNSS Record NUR die IPv6 Adresse, drücke ich Save & Force Update im IPv4 Profil, dann setzt er NUR die IPv4 Adresse und die AAAA ist wieder weg.

Sprich, das jeweils letzte Update überschreibt den jeweils anderen Stack. Und opnsense supportet ja nicht, wie zB die FritzBox, in einem URL Aufruf beide IPs für beide Stacks mitzugeben. Ich muss ja je Request entweder v4 oder v6 machen.

Vermutlich muss ich mich damit beschäftigen eigene Crons anzulegen, die ich dann als Action in der Cron UI verweden kann ... Müll. Alles Müll!

Im Prinzip ist die Frage, was ich wo eintragen muss.

Wie überführe ich:

DynDyns Legacy:
http://ip4.ddnss.de/upd.php?key=abcdefg&host=%HOST%&ip=%IP%

DDNSS Doku:
Dual-Stack und IP4 oder IP6 Only

für IPv4

https://ip4.ddnss.de/upd.php?key=abcdef&host=xxx.ddnss.de&ip=%IP%

für IPv6

https://ip6.ddnss.de/upd.php?upd.php?key=abcdef&host=xxx.ddnss.de&ip6=%IP%

In diese UI:
siehe Anhänge.

Außerdem habe ich bereits jetzt mit dem Legacy weg das Problem, dass wenn ich zwei Profile anlege, eines für ip6 und eines für ip4 er immer nur die dann geupdatete Adresse in den DNS Eintrag übernimmt. wenn ich force and save drücke bei v6 steht im DNS Namen nur meine ip6 Adresse, drücke ich force update bei v4 steht wieder nur v4 drin, nie beide.

bei Fritzbox zB wo in einem Aufruf beide IPs mitgeteilt werden geht das wunderbar!
https://www.ddnss.de/upd.php?user=<username>&pwd=<pass>&host=<domain>&ip=<ipaddr>&ip6=<ip6addr>

Das funktioniert bei meinem meiner VPN peers 1A mit DDNSS. Und ja, ich habe überall Dual-Stack angeklickt bei DDNSS.

Hi,

ich suche Hilfe. Ich nutzte bisher den os-dyndns client, ich habe zwei verschiedene anbieter, die beiden nicht in den default listen sind.

Das Schema ist im Prinzip, dass ich eine URL aufgrufen, den API Key mitgebe und per parameter auch meine IP mitgebe.
Das hat für ipv4 bisher super geklappt, mit ipv6 habe ich es in keinem aller fälle hinbekommen leider...

ein anbieter ist ddnss.de, der andere ist ne IONOS API.

der neue os-ddclient hat ja nicht ansatzweise die möglichkeit ne update URL aufzurufen und die IP als Parameter mizugeben.
bisher war ja Platzhalter dafür %IP aber das gibts da ja auch nicht.

Ich scheue mich jetzt auf die 23.7 zu gehen weil mir dyndns super wichtig ist.

Kann da jemand unterstützen? Vllt bin ich ja nur zu unwissend. Vllt kann os.ddclient ja auch in 23.7 wieder mehr als in 23.1.11