Show posts

#1

General Discussion / Re: No IPv6 address is received from ISP

November 29, 2024, 02:22:55 PM

It makes sense what you say.

#2

General Discussion / Re: No IPv6 address is received from ISP

November 29, 2024, 01:18:34 PM

I wonder the exact same thing

#3

General Discussion / Re: No IPv6 address is received from ISP

November 28, 2024, 12:57:21 PM

Quote from: franco on November 28, 2024, 11:14:36 AM
And don't forget to adjust HOME_NET in advanced Suricata settings if you have a different "privat" range.

Right, but what about IPv6?

#4

General Discussion / Re: No IPv6 address is received from ISP

November 28, 2024, 10:05:37 AM

Ok, thanks for the information. I've put suricata on the LAN and VLAN interfaces

#5

General Discussion / Re: No IPv6 address is received from ISP

November 28, 2024, 09:35:37 AM

Oh my... well i don't know what i should say... All my ideas on what could be the issue were negated in the end. Perhaps you can view the diffs/changes of your configs and find something that did change? Are you using a different ISP? I think i also once had the wrong prefix configured, which certainly also caused issues.

#6

General Discussion / Re: No IPv6 address is received from ISP

November 27, 2024, 11:18:47 AM

I was under the impression an intrusion detection on WAN makes the most sense. I guess i am wrong here? Shouldn't packets be blocked as early as possible? But sure, LAN also sends packets which can be defined as bad and thus need to be blocked.

#7

General Discussion / Re: No IPv6 address is received from ISP

November 27, 2024, 10:56:52 AM

The bug truly was just a suricata issue. I needed to disable rule:

2030387 ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read

this rule blocked my ipv6 dhcp packages it seems.

#8

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 12:52:56 PM

I found this thread: https://forum.opnsense.org/index.php?topic=7666.30

It has the exact same symptoms from 2018. Has the bug been reanimated?

#9

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 12:45:38 PM

Ok, so i think i found the issue. After disabling suricata everything was fine. With suricata enabled, after a while i got a

Code Select

<6>ix1: link state changed to DOWN

Then

Code Select

dhcp6c 32939 - [meta sequenceId="94"] Sending Solicit

never got an answer. As soon as i disabled suricata again, everything was fine...

There must be some bug with suricata and ipv6.

#10

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 11:54:24 AM

So i found something in the logs. After a boot all is fine, but then suddenly i get a disconnect and then the connection is lost, but only for ipv6, everything else works as expected:

Code Select


<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="24"] <118>*** OPNsense.lan: OPNsense 24.7.9_1 (amd64) ***
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="25"] <118>
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="26"] <118> GUEST (vlan0.900) -> v4: XX.XXX.XXX.1/24
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="27"] <118> IOT (vlan0.800) -> v4: XX.XXX.XXX.1/24
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="28"] <118> LAN (ix0)       -> v4: XX.XXX.XXX.1/24
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="29"] <118>                    v6/t6: 2a02:XXXXXXXX/64
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="30"] <118> TV7 (igb0)      -> v4: XX.XXX.XXX.1/24
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="31"] <118> WAN (ix1)       -> v4/DHCP4: XX.XX.XX.XX/25
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="32"] <118>                    v6/DHCP6: 2a02:XXXXXXXX/64
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="33"] <118> WG1 (wg1)       -> v4: XX.XXX.XXX.1/24
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="34"] <118>
<11>1 2024-11-26T11:46:50+01:00 OPNsense.lan flowd_aggregate.py 2561 - [meta sequenceId="35"] flowd aggregate died with message Traceback (most recent call last):   File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run     aggregate_flowd(self.config, do_vacuum)   File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 80, in aggregate_flowd     stream_agg_object.add(copy.copy(flow_record))   File "/usr/local/opnsense/scripts/netflow/lib/aggregates/source.py", line 117, in add     super(FlowSourceAddrDetails, self).add(flow)   File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 185, in add     self._update_cur.execute(self._update_stmt, flow) sqlite3.DatabaseError: database disk image is malformed 
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="36"] <118> HTTPS: sha256 XXXXXXXX
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="37"] <118>               XXXXXXXX
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="38"] <118> SSH:   SHA256 XXXXXXXX (ECDSA)
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="39"] <118> SSH:   SHA256 XXXXXXXX (ED25519)
<13>1 2024-11-26T11:46:50+01:00 OPNsense.lan kernel - - [meta sequenceId="40"] <118> SSH:   SHA256 XXXXXXXX (RSA)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="41"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (,wan,lan,inet6)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="42"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : ipsec_configure_do(,wan,lan))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="43"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : openvpn_configure_do(,wan,lan))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="44"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : wireguard_configure_do())
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="45"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,wan)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="46"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,wan)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="47"] /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,lan)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="48"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,lan)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="49"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (,wan,lan,inet6)
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="50"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : dhcrelay_configure_if(,wan,lan,inet6))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="51"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : dnsmasq_configure_do())
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="52"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : igmpproxy_configure_do())
<12>1 2024-11-26T11:46:52+01:00 OPNsense.lan igmpproxy 52173 - [meta sequenceId="53"] select() failure; Errno(4): Interrupted system call
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="54"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : ntpd_configure_do())
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="55"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : opendns_configure_do())
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="56"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : openssh_configure_do(,wan,lan))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="57"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : unbound_configure_do(,wan,lan))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="58"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : vxlan_configure_do())
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="59"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : webgui_configure_do(,wan,lan))
<13>1 2024-11-26T11:46:52+01:00 OPNsense.lan opnsense 84713 - [meta sequenceId="60"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : wireguard_sync())
<13>1 2024-11-26T11:47:20+01:00 OPNsense.lan kernel - - [meta sequenceId="62"] 040.089948 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:20+01:00 OPNsense.lan kernel - - [meta sequenceId="63"] 040.089962 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:20+01:00 OPNsense.lan kernel - - [meta sequenceId="64"] 040.089969 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:20+01:00 OPNsense.lan kernel - - [meta sequenceId="65"] 040.119992 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:20+01:00 OPNsense.lan kernel - - [meta sequenceId="66"] <6>ix1: link state changed to DOWN
<13>1 2024-11-26T11:47:21+01:00 OPNsense.lan opnsense 48091 - [meta sequenceId="67"] /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for wan(ix1)
<13>1 2024-11-26T11:47:22+01:00 OPNsense.lan opnsense 48091 - [meta sequenceId="68"] /usr/local/etc/rc.linkup: plugins_configure dhcp (,inet6,[lan])
<13>1 2024-11-26T11:47:22+01:00 OPNsense.lan opnsense 48091 - [meta sequenceId="69"] /usr/local/etc/rc.linkup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6,[lan]))
<13>1 2024-11-26T11:47:23+01:00 OPNsense.lan kernel - - [meta sequenceId="70"] 042.883130 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:23+01:00 OPNsense.lan kernel - - [meta sequenceId="71"] 042.883148 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<13>1 2024-11-26T11:47:23+01:00 OPNsense.lan kernel - - [meta sequenceId="72"] 042.883159 [ 852] iflib_netmap_config       txr 8 rxr 8 txd 2048 rxd 2048 rbufsz 2048
<29>1 2024-11-26T11:47:23+01:00 OPNsense.lan dhcp6c 64385 - [meta sequenceId="73"] restarting
<29>1 2024-11-26T11:47:23+01:00 OPNsense.lan dhcp6c 64385 - [meta sequenceId="74"] Bypassing address release because of -n flag
<29>1 2024-11-26T11:47:23+01:00 OPNsense.lan dhcp6c 64385 - [meta sequenceId="75"] remove an address 2a02:XXXXXXXX/128 on ix1
<29>1 2024-11-26T11:47:23+01:00 OPNsense.lan dhcp6c 64385 - [meta sequenceId="76"] Bypassing address release because of -n flag
<29>1 2024-11-26T11:47:23+01:00 OPNsense.lan dhcp6c 64385 - [meta sequenceId="77"] remove an address 2a02:XXXXXXXX/64 on ix0

#11

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 10:40:10 AM

And now suddenly the routing doesn't work anymore. Really strange

#12

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 10:05:22 AM

Hi Franco

So a reboot actually did manage to solve my issue. I get a prefix now.

Something that i don't understand is that the IPs change after a few minutes after the reboot. See my attached images:

#13

General Discussion / Re: No IPv6 address is received from ISP

November 26, 2024, 09:13:02 AM

I've now communicated with the ISP. They say all is fine on their side and they don't see my router requesting a prefix. They said it the prefix must be /48, which i configured.

How can i check in the logs what the router is doing when fetching a prefix? I can find a lot about IPv4 DHCP, but nothing really about IPv6, except for this:

#14

General Discussion / Re: Init7 and IPV6 doesn't want to work anymore

November 25, 2024, 04:29:10 PM

So i heard back from my ISP, and they say that they checked everything and from their side all should be fine (as expected). They say the router doesn't request a prefix, i.e. DHCPv6-PD (prefix delegation) is not enabled. Which option would that be. My configuration is as follows:

#15

General Discussion / Re: Init7 and IPV6 doesn't want to work anymore

November 25, 2024, 12:49:35 PM

Well, haven't heard back from them yet. So maybe they can help me. Was just trying to find a solution in the meantime, especially since it used to work, and now doesn't, and i've only updated my opnsense a few times, nothing else...

Messages - eitch

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: No IPv6 address is received from ISP

General Discussion / Re: Init7 and IPV6 doesn't want to work anymore

General Discussion / Re: Init7 and IPV6 doesn't want to work anymore