Messages

applied the patch with deutsche telekom (non business) with the checkbox request only prefix turned off and it seems to work normally.
the device came up normally after reboot and connection is established and working as usual.

for me ipv6 breaks if i select only prefix.
suddenly link local addresses is all i have.
no more prefix on lan or wan.
basically a downgrade to ipv4 only :)

i just tried.

yup ipv6 broke, when i didnt use ipv4 connectivity. reenabled that.

Don't enable "use IPv4 connectivity".

If it is a business line, why don't you configure LAN statically? Enable Router Advertisments, done.

its not business. its a completely normal home vdsl with changing prefixes.
nothing to configure statically there.
and any guide i have ever found anywhere says you have to use "use ipv4 connectivity" to get a prefix.
if you dont, you dont get one.

but i can try that, no problem. give me a few minutes

and another screenshot

I'am using Deutsche Telekom, too. On WAN side, you have to choose DHCPv6 with IPv6 Prefix Delegation 56. On LAN-Interfaces you should use Track Interface with an Prefix-ID.

this is the case.
see attached screenshots.

latest update for me.
the firewall didnt have any issues forwarding ipv6 in the morning after setting the intervals to 3/4 in the evening before.
when set to 200/600 it had issues in the morning.

i am still not sure why or how this is and why noone else is seeing this.

Perhaps there are scripts that also restart other components depending on the radvd restart?

that would be interesting to know.
would make sense because as far as my limited understanding goes radvd does basically nothing but advertise things.
maybe someone with deeper knowledge of opnsense could comment on this.
is there anything that gets restarted whenever you restart radvd that might explain why ipv6 forwarding resumes immediately when radvd is restarted?

for now i am going to test if the intervals make a difference.
last night i had them at default 200/600, tonight i will leave them at 3/4 and see how the firewall behaves tomorrow morning.

i had a cronjob configured that did a periodic interface reset at 03:00 at night, but i have disable that some time ago.

i compared a RA in wireshark before the restart and after the restart of the RA service and they are identical.
it seems to be advertising correctly even before restart, but for some reason traffic just doesnt pass.

i have attached 2 screenshots of the packets in wireshark. im not able to make out any differences

this morning the same issue is present again.
clients get ipv6 addresses, but no forwarding.
wireshark sees the RA only from opnsense again
i had to manually restart router advertisement to get the forwarding to start.
are there any specific logs i can look at to see if/how this part is misbehaving?
the general log in the gui doesnt give me anything useful.

setting the values back to defaults did not bring back the issue.
rebooting the firewall also did not bring back the issue.
ipv6 keeps working for now.
wireshark still doesnt show any RA from anything other than opnsense.

i am at a loss here.
if anyone has any additional ideas what might be the cause of this i would be quite happy to hear them.

i will continue to monitor and we will see if the issue returns tomorrow, just like it returned today after working all afternoon/evening yesterday.

after 20 minutes of running wireshark i havent seen any RA from anything other than opnsense.

so no idea whats wrong.

edit: i have set the intervals back to 200 and 600 to check if i can reproduce/fix this issue at will by changing the values. will report with findings later

different provider but the patch gets applied in the shell (ssh for example) with the command provided by franco in his post further up.

edit: the command is "opnsense-patch 287c13beb"

there does not seem to be any router advertisement besides the ones coming from my opnsense.

i filtered wireshark with icmpv6.type == 134 and see only opnsense advertisements.

I doubt that RA intervals of 3 seconds should be neccessary. It wounds more like you have another source of RAs sent to your network which interfere with your OpnSense RAs. It would explain why sending RAs at a smaller interval helps...

Are you sure that there is no other instance running? You already wrote that your OpnSense is a VM.

there is only one device which i have added to the network lately and thats an netgear orbi wifi mesh system in AP mode (other option would be router mode, which i dont want).
the ipv6 functionality is turned off in ap-mode and cant be turned on (greyed out).

i have no virtual machines or devices on my network that would act as a router otherwise.
but i will run a wireshark trace to see if there are any weird router advertisements coming in.