Messages

1

23.7 Legacy Series / Re: radvd not starting

« on: December 17, 2023, 04:45:08 pm »

Great, thank you for the confirmation!

I think this was new, which is why radvd not starting caught my eye and got me worried.

2

23.7 Legacy Series / Re: radvd not starting

« on: December 17, 2023, 03:47:10 pm »

Thank you. So this means this is normal and should be expected, when IPv6 is disabled?

3

23.7 Legacy Series / [SOLVED] radvd not starting

« on: December 17, 2023, 08:15:24 am »

Since the last update, my radvd is not starting. It looks like playing with IPv6 (and finally disabling it again), I have  recurring problems with the DHCPv6 and radvd service.

Tried to reset everything following https://forum.opnsense.org/index.php?topic=34584.0 this did not solve my issue. radvd still not starting, even if clicked manually. There is also no error in logs.

When following the above guide, I got:

Code: [Select]


2023-12-17T08:06:34 Error opnsense /interfaces.php: The command '/sbin/ifconfig 'igb3'
inet6 '::1' prefixlen '128' no_dad' returned exit code '1', the output was 'ifconfig:
ioctl (SIOCDIFADDR): Invalid argument'
2023-12-17T08:06:31 Error opnsense /interfaces.php: The command '/sbin/ifconfig 'igb2'
inet6 '::1' prefixlen '128' no_dad' returned exit code '1', the output was 'ifconfig:
ioctl (SIOCDIFADDR): Invalid argument'
2023-12-17T08:06:27 Error opnsense /interfaces.php: The command '/sbin/ifconfig 'igb1'
inet6 '::1' prefixlen '128' no_dad' returned exit code '1', the output was 'ifconfig:
ioctl (SIOCDIFADDR): Invalid argument'

But I cannot assign this to any specific action.

Where would I start debugging starting of radvd?

4

23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error

« on: July 31, 2023, 08:49:12 am »

@Patrick M. Hausen, @franco - many thanks for the explanation! Indeed, I expected I was _wrong_, was just looking for this piece of information. Maybe discussions like these help at some point make the gui or docs more self-explanatory. Of course, nothing helps against ignorant users (I hope I am not one of them).

5

General Discussion / Re: How to add a dns-provider for letsencrypt

« on: July 31, 2023, 06:27:13 am »

You can create your own script to push/update using a custom DNS API. I've added an example (Cloudflare) here:
https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/#dns-setup

(because the Cloudflare implementation available through OPNsense plugins did not work)

6

General Discussion / Re: [Solved] IPv6 - radvd:prefix length should be 64

« on: July 30, 2023, 01:55:15 pm »

Thanks for the clarification. There were a lot of changes and bug fixes to IPv6 recently and it is difficult to find the correct answers, as everybody seems to have different issues.

7

General Discussion / Re: IPv6 - radvd:prefix length should be 64

« on: July 30, 2023, 10:15:06 am »

Yes! That was it - I had to set the Prefix to /56, as Telekom apparently hands out 56 Prefixes:
https://www.heise.de/news/Details-zu-IPv6-ueber-Telekom-DSL-1762367.html

I used the standard ID 0 for my LAN subnet and it works! Note that I had to completely restart my OPNsense.

Thank you very much, @bartjsmit

8

General Discussion / [Solved] IPv6 - radvd:prefix length should be 64

« on: July 29, 2023, 07:32:55 pm »

I have continuing problems with IPv6 setup in OPNsense. It works for 1-2 days after a restart, but then stops working.

Today I found the following logs under:
/ui/diagnostics/log/core/routing

> Warning   radvd   prefix length should be 64 for igb3
> Warning   radvd   prefix length should be 64 for igb1
> radvd   sendmsg: Network is down
> Warning   radvd   prefix length should be 64 for igb3
> Warning   radvd   prefix length should be 64 for igb1
> radvd   sendmsg: Network is down
> ...

Since I use "Track WAN" for IPv6 on both, and WAN is setup with /64, this does not make sense to me.

Under /status_interfaces.php, I see the following values:
igb1:
IPv4 address   192.168.100.1/24
IPv4 gateway   auto-detected: 192.168.100.1
IPv6 link-local   fe80::2e0:67ff:fe2a:72e4/64
IPv6 address   2003:e7:1f0c:8e00:2e1:37ff:fe2a:72e4/56

igb1 (lan) is configured with:
IPv6 Configuration Type - Track Interface
IPv6 Interface - WAN

wan:
DHCP           DHCPv6 up 
PPPoE                up
MTU                    1492
IPv6 link-local   fe80::2e0:67ff:fe2a:72e3/64
IPv6 address   2003:e7:1fff:d24:2e1:37ff:fe2a:72e3/64
IPv6 prefix   2003:e7:1f0c:8e00::/56
IPv6 gateway   auto-detected: fe80::224e:71ff:fe11:2cfe

My IPv6 configuration for WAN follows the DHCPv6 instructions in the docs:
IPv6 Configuration Type - DHCPv6
Request only an IPv6 prefix - yes
Prefix delegation size - 64
Send IPv6 prefix hint - yes
Use IPv4 connectivity - yes
Use VLAN priority - Disabled

How can I go further to debug this? Why does my LAN (igb1) has a /56 IPv6 address, when WAN has a /64 IPv6 address?

The same is reported here on Reddit, for the exact same ISP (Telekom).

9

23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error

« on: June 30, 2023, 05:59:11 am »

Ok, I removed "LAN" from listen interfaces and went back to default "All (recommended)". It makes no sense to me why the GUI would need to listen on the WAN side.

10

23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error

« on: June 29, 2023, 08:01:26 pm »

I had the same issue, since updating yesterday to the latest version.

I just saw the 503 service unavailable and restarted the webgui service, it is working for now but the errors are still popping up in logs.

11

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: June 02, 2023, 06:52:57 am »

Just updated to 23.1.9 and Yes! All green lights on https://test-ipv6.com/ !

Your readiness score 10/10   for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

Nothing changed in the configuration. I did see an error regarding IPv6 prefix update in the logs after update, and Unbound failed to start automatically, but everything was fine after manually starting unbound (see my description of this on GH).

12

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: May 27, 2023, 06:28:47 am »

For me, too: I could solve my problems described above, everything is green in OPNsense for IPv6, but https://test-ipv6.com/ returns Zero connectivity for IPv6. It was all green before 23.1.8.

13

General Discussion / Re: How to best execute shell command once, after OPNsense have reboot?

« on: May 07, 2023, 07:36:58 am »

Was the bug report ever posted? I had the same problem today, where my Cloudflare DynDNS script with @reboot was removed from crontab with the OPNsense upgrade.

14

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: April 01, 2023, 06:13:33 am »

Fixed my issue - it was a missing default gateway set under System > General > DNS. Described here, with a Pull Request attached:
https://github.com/opnsense/core/issues/6435#issuecomment-1492616278

15

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: March 29, 2023, 06:07:32 am »

I run

Code: [Select]

/usr/local/etc/rc.configure_interface wan, without success. After the command, some errors popped up in the log, but I think they are mostly meaningless:

Code: [Select]

/usr/local/etc/rc.newwanipv6:
The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb1 igb3' returned exit code '1',
the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Warning: subnet 2003:e7:1f11:300::/32 overlaps subnet 2003:e7:1f11:300::/32
Config file: /etc/dhcpdv6.conf
Database file: /var/db/dhcpd6.leases
PID file: /var/run/dhcpdv6.pid
There's already a DHCP server running.
If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

I tried to check

Code: [Select]

/etc/dhcpdv6.conf, but it doesn't exist.

[edit]

Perhaps I am seeing these log entries because both my IPSEC Gateways are IPv4 only?
Only my default WAN gateway is Dualstack (IPv4 + IPv6).