OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of init6 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - init6

Pages: [1]
1
23.7 Legacy Series / IPv6 / SLAAC broken after Hardware migration
« on: November 15, 2023, 03:25:13 pm »
Hello everybody,

my ol'reliable opnsense broke a few days ago so I had to replace the Hardware. The process went like this:
1. install opnsense
2. recover backup xml (I selected recover all)
3. reassign some interfaces (e.g. LAN changed from igc to ix)

Interface Setup:
igc0 - WAN Provider 1 (dhcpv4 / dhcpv6)
igc1 - uplink to neighbor / WAN 2 (only dhcpv4)

 ix0 - LAN (static v4 / track6)
And then a few vlans on ix0 for IOT, my server, work devices and personal devices.

IPv4 connectivity is running fine on every LAN / VLAN connection.
According to the login page I get when logging in by SSH it looks like all interfaces of the firewall itself get assigned correct addresses, however SLAAC does't work except in vlan06

Code: [Select]
*** OPNsense.lentnernetz.de: OPNsense 23.7.8_1 ***

 Gast (vlan04)   -> v4: 192.168.23.1/24
                    v6/t6: 2a00:XXXX:XXXX:d323:62be:b4ff:fe0b:96f2/64
 IoT (vlan03)    -> v4: 192.168.22.1/24
 LAN (ix0)       -> v4: 192.168.42.1/24
                    v6/t6: 2a00:XXXX:XXXX:d300:62be:b4ff:fe0b:96f2/64
 WANDG (igc0)    -> v4/DHCP4: 100.85.86.172/16
                    v6/DHCP6: 2a00:XXXX:XXXX:42::32e3/128
 WireGuardTunnel (wg0) -> v4: 192.168.50.0/24
                    v6: 2a00:XXXX:XXXX:d315::/64
 arbeit (vlan07) -> v4: 192.168.26.1/24
                    v6/t6: 2a00:XXXX:XXXX:d326:62be:b4ff:fe0b:96f2/64
 fritzbox (igc1) -> v4/DHCP4: 192.168.178.23/24
 mgmt (vlan02)   -> v4: 192.168.21.1/24
 oglinks (vlan06) -> v4: 192.168.25.1/24
                    v6/t6: 2a00:XXXX:XXXX:d325:62be:b4ff:fe0b:96f2/64
 ogrechts (vlan05) -> v4: 192.168.24.1/24
                    v6/t6: 2a00:XXXX:XXXX:d324:62be:b4ff:fe0b:96f2/64
 server (vlan01) -> v4: 192.168.20.1/24
                    v6/t6: 2a00:XXXX:XXXX:d320:62be:b4ff:fe0b:96f2/64

In the Interface Settings unter "Track IPv6 Interface" I have only selected the Parent Interface and the offset, manual configuration used to be disabled. For testing I have now enabled it and set the router advertisements to "unmanaged" or "stateless". Both did not help.


On ix0 and vlan01 I have also increased the mtu to 9000 as that could help with nfs mounts. Didn't cause issues for v4 connectivity.

In the logfiles I see mosty stuff related to the dhcp6c running on igc0, not sure if that's relevant here. So since I don't know what logs would be helpful here's a snippet from tcpdump when plugging in a client to vlan01:
Code: [Select]
15:23:17.831661 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:18.235277 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:18.619291 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff4d:85ff: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::5054:ff:fe4d:85ff
          unknown option (14), length 8 (1):
          0x0000:  50f7 a080 eb1a
15:23:19.647315 IP6 (hlim 1, next-header Options (0) payload length: 96) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 4 group record(s) [gaddr ff02::1:ff00:0 to_ex, 0 source(s)] [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:19.659267 IP6 (hlim 1, next-header Options (0) payload length: 56) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)]
15:23:19.726654 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:19.976623 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:20.226645 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:20.251267 IP6 (hlim 1, next-header Options (0) payload length: 116) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 5 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)] [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:20.411269 IP6 (hlim 1, next-header Options (0) payload length: 56) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)]
15:23:20.726651 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:24.863938 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:25.907294 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 351) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24ca -> 0x3c3b!] UDP, length 343
15:23:33.432102 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:51.353160 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:55.907898 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 400) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24fb -> 0xd81b!] UDP, length 392
15:24:25.813895 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:24:25.909731 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 342) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24c1 -> 0x7158!] UDP, length 334


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2