OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of carbas »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - carbas

Pages: [1] 2
1
24.7 Production Series / Re: [CALL FOR TESTING] PPPoE restructuring and IPv6 improvements
« on: August 22, 2024, 06:00:43 pm »
Quote from: franco on August 22, 2024, 04:17:06 pm
> Not surprising considering none of the work here is included in 24.7.2. ;)
So what's the correct course of action in my case? Which patch should I apply to 24.7.2?

2
24.7 Production Series / Re: [CALL FOR TESTING] PPPoE restructuring and IPv6 improvements
« on: August 22, 2024, 04:06:48 pm »
Hi,

Welcome back after short holidays  8)
As a reminder, Orange Poland ISP provides 2 PPPoE configs: IPv4-only and IPv6-only. Everything on top of VLAN (id 35)
IPv6-only provides link-local address and expects you to get IPv6 prefix via DHCPv6.
I did a clean install of 24.7 yesterday than upgrade to 24.7.2 and here are my observations:
  • When PPPoE is configured for IPv4 I get IPv4 public address, dhcp6c.conf is configured properly (for PPPoE interface) but no prefix is recived - this is expected, no complain here.
  • When PPPoE is configured for IPv6 and "Use IPv4 connection" is checked I get the v6 link-local address (form PPPoE) and no v4 address (as expected) but... no v6 prefix from DHCPv6 - dhcp6c.conf file is now empty.
  • When PPPoE is configured for IPv6 and "Use IPv4 connection" is unchecked I get the v6 link-local address (form PPPoE) and no v4 address (as expected)  no v6 prefix from DHCPv6 - dhcp6c.conf file configured properly except the interface is set now to VLAN interface as it should

For me it looks like without IPv4 address PPPoE is considered "down" and no dhcp6c config is generated?

3
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 08, 2024, 12:41:19 pm »
Quote from: franco on August 08, 2024, 12:19:45 pm
Looks good, thanks. For now we should try to allow this to be exported into the environment and/or add a log message for it with the value. About further integration I'm not sure as this gets way more tricky.

Sure, no hurry. I got around it by manually creating the GIF tunnel. For now i got the AFTR name by intercepting communication between my ONT and CPE i got from ISP :P And AFAIK my ISP does not change the AFTR adresses so I'm good with manual setup (however there are different AFTR's for every region of the country, if you know the address you can make yourself a poor-man's VPN service for IPv4 out of it - ISP does not prevent you from tunneling to other AFTR's  8) )

4
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 08, 2024, 12:16:42 pm »
Quote from: franco on August 08, 2024, 11:42:43 am
Can you create a ticket for me? https://github.com/opnsense/dhcp6c

Sure: https://github.com/opnsense/dhcp6c/issues/38
I hope it's good-enough  :D

5
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 08, 2024, 10:38:02 am »
Hi,

Sorry for going silent yesterday.
I'm happy to report that your changes worked for me flawlessly. I got the prefix from DHCPv6 over PPPoE connection.
After that I was able to setup GIF tunnel with AFTR and make IPv4 traffic going through it.
What I noticed, DHCP6c doesn't support aftr-name (option 64) defined in RFC 6334 and doesn't know what to do with it when recived from server ;)
Thank you, Franco, for all your great work  ;D

6
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 10:37:40 am »
@pataps
Ok, my brain just exploded. HOW???   :o ;D
Which version of OPNsense do you have in your setup? For me it sounds like a bug that just became a feature :P

7
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 10:28:57 am »
@pataps
Which PPPoE username are you using in your setup? The one with "/ipv6" suffix or without one?
If the one without suffix then does the PPPoE connection provide IPV6CP layer to you?

8
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 10:17:42 am »
Quote
But DSlite does give you an IPv4 address. A CGNAT one, but an address.
Not from the router perspective. In DS-lite there is GIF tunnel with IPv6 endpoints and then router encapsulates IPv4 traffic into it. The GIF tunnel has the well-known IPv4 address (usually 192.0.0.2 and 192.0.0.1 on AFTR side) and IPv4 traffic is routed through it from LAN without NAT (AFTR does the NAT ).
At least if I understood correctly RFC6333  ;)

9
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 10:01:49 am »
Quote
Well, unfortunately this is the problem with PPPoE in the mix, because once the IPv4 connectivity is up the rc.newwanip script takes care of starting the DHCPv6 (because it doesn't make sense before PPPoE device is created). Since there is no IPv4 the PPPoE linkup script is not called so rc.newwanip is not called either.

Call this a shortcoming of the code. I'm not sure how to solve this gracefully (i.e. without stuffing new settings that nobody understands into the PPPoE WAN IPv6 mode).

We could add the same start code to IPv6 equivalent rc.newwanipv6 (or the PPPoE linkup script) but I'm entirely unsure what the best approach is to avoid race conditions by doing it which could break IPv6 for a lot of people with PPPoE at the moment.

So in simple words I understand it would require breaking changes in interface configuration logic, something like:
  • "IPv4 Configuration type" set as disabled
  • New option for "IPv6 Configuration type" like "PPPoEv6 + DHCPv6" available if the former one is disabled
Do I understand it correctly?

10
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 09:44:31 am »
No it doesn't and, I guess, it can't work as I do not recive IPv6 prefix at all from DHCPv6 so there is nothing to track for LAN interface.
I don't get anything from DHCPv6 because DHCP6c isn't configured and started for PPPoE interface.
As I understand it happens because IPv4 configuration is not set by PPPoE as this is IPv6-only connection from ISP perspective (I have two separate PPPoE credentials from ISP - one is IPv4-only, second is IPv6-only + DS-lite).

11
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 07, 2024, 09:25:52 am »
Quote
P.S. How did you figure out AFTR?
Its is provided by DHCPv6 server. Option 64.

12
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 06, 2024, 09:52:23 pm »
Quote
# pgrep mpd5

One instance should be running.
It is.
Quote
# grep pppoe.iface /var/etc/mpd_wan.conf

Should find the correct VLAN.
LGTM

Quote
You can check the PPPoE logs:

# opnsense-log ppps
It looks that connection is established, but only IPv6 config recived. This is expected behaviour.

Quote
Then also Orange is a PITA as we know from France where they want very very specific sending options and perhaps even VLAN priority. You need to emulate all of this in order to get full connectivity and my guess is you're not there yet.
Fortunately polish HQ is not as much PITA as french. They don't stack problems for people wanting use own HW.

Here is full PPPoE log for reference. I think the "LCP: protocol IPCP was rejected" is the important one, but still, IMHO this is expected as I we want to establish IPv6-only connection.
Code: [Select]
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="37"] process 53486 started, version 5.9
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="38"] web: web is not running
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="39"] [wan] Bundle: Interface ng0 created
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="40"] [wan_link0] Link: OPEN event
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="41"] [wan_link0] LCP: Open event
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="42"] [wan_link0] LCP: state change Initial --> Starting
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="43"] [wan_link0] LCP: LayerStart
<30>1 2024-08-06T21:37:08+02:00 router.home.local ppp 53486 - [meta sequenceId="44"] [wan_link0] PPPoE: Connecting to ''
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="45"] PPPoE: rec'd ACNAME "wro_bng1_re0"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="46"] [wan_link0] PPPoE: connection successful
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="47"] [wan_link0] Link: UP event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="48"] [wan_link0] LCP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="49"] [wan_link0] LCP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="50"] [wan_link0] LCP: SendConfigReq #1
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="51"] [wan_link0]   PROTOCOMP
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="52"] [wan_link0]   MRU 1492
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="53"] [wan_link0]   MAGICNUM 0x03551bda
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="54"] [wan_link0] LCP: rec'd Configure Request #201 (Req-Sent)
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="55"] [wan_link0]   MRU 1540
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="56"] [wan_link0]   AUTHPROTO CHAP MD5
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="57"] [wan_link0]   MAGICNUM 0x18516f9f
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="58"] [wan_link0] LCP: SendConfigAck #201
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="59"] [wan_link0]   MRU 1540
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="60"] [wan_link0]   AUTHPROTO CHAP MD5
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="61"] [wan_link0]   MAGICNUM 0x18516f9f
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="62"] [wan_link0] LCP: state change Req-Sent --> Ack-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="63"] [wan_link0] LCP: rec'd Configure Ack #1 (Ack-Sent)
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="64"] [wan_link0]   PROTOCOMP
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="65"] [wan_link0]   MRU 1492
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="66"] [wan_link0]   MAGICNUM 0x03551bda
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="67"] [wan_link0] LCP: state change Ack-Sent --> Opened
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="68"] [wan_link0] LCP: auth: peer wants CHAP, I want nothing
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="69"] [wan_link0] LCP: LayerUp
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="70"] [wan_link0] CHAP: rec'd CHALLENGE #162 len: 32
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="71"] [wan_link0]   Name: "JUNOS"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="72"] [wan_link0] CHAP: Using authname "XXXXXXX@neostrada.pl/ipv6"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="73"] [wan_link0] CHAP: sending RESPONSE #162 len: 46
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="74"] [wan_link0] CHAP: rec'd SUCCESS #162 len: 49
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="75"] [wan_link0]   MESG: session created in USS with key in new format
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="76"] [wan_link0] LCP: authorization successful
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="77"] [wan_link0] Link: Matched action 'bundle "wan" ""'
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="78"] [wan_link0] Link: Join bundle "wan"
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="79"] [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="80"] [wan] IPCP: Open event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="81"] [wan] IPCP: state change Initial --> Starting
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="82"] [wan] IPCP: LayerStart
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="83"] [wan] IPV6CP: Open event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="84"] [wan] IPV6CP: state change Initial --> Starting
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="85"] [wan] IPV6CP: LayerStart
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="86"] [wan] IPCP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="87"] [wan] IPCP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="88"] [wan] IPCP: SendConfigReq #1
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="89"] [wan]   IPADDR 0.0.0.0
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="90"] [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="91"] [wan] IPV6CP: Up event
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="92"] [wan] IPV6CP: state change Starting --> Req-Sent
<30>1 2024-08-06T21:37:09+02:00 router.home.local ppp 53486 - [meta sequenceId="93"] [wan] IPV6CP: SendConfigReq #1
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="94"] [wan] IPV6CP: rec'd Configure Request #244 (Req-Sent)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="95"] [wan] IPV6CP: SendConfigAck #244
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="96"] [wan] IPV6CP: state change Req-Sent --> Ack-Sent
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="97"] [wan_link0] LCP: rec'd Protocol Reject #202 (Opened)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="98"] [wan_link0] LCP: protocol IPCP was rejected
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="99"] [wan] IPCP: protocol was rejected by peer
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="100"] [wan] IPCP: state change Req-Sent --> Stopped
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="101"] [wan] IPCP: LayerFinish
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="102"] [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent)
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="103"] [wan] IPV6CP: state change Ack-Sent --> Opened
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="104"] [wan] IPV6CP: LayerUp
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="105"] [wan]   5a9c:fcff:fe00:0c17 -> 2a8a:1cff:fea1:dfc3
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="106"] [wan] IFACE: Up event
<30>1 2024-08-06T21:37:10+02:00 router.home.local ppp 53486 - [meta sequenceId="107"] [wan] IFACE: Rename interface ng0 to pppoe0

13
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 06, 2024, 06:00:09 pm »
Update:
I've been wrong about /var/etc/dhcp6c.conf content. The file is empty when the "Use IPv4 connectivity" is checked. And then there is no trace of dhcp6c in syslog.

If the "Use IPv4 connectivity" is unchecked then the content changes to:
Code: [Select]
interface vlan01 {
  send ia-pd 6; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 6 {
  prefix ::/56 infinity;
  prefix-interface bridge0 {
    sla-id 0;
    sla-len 8;
  };
};and in syslog it spits:
Code: [Select]
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="97"] Sending Solicit
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="98"] set client ID (len 14)
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="99"] set elapsed time (len 2)
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="100"] set option request (len 4)
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="101"] set IA_PD prefix
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="102"] set IA_PD
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="103"] send solicit to ff02::1:2%vlan01
<29>1 2024-08-06T17:53:03+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="104"] reset a timer on vlan01, state=SOLICIT, timeo=1, retrans=2083
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="105"] Sending Solicit
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="106"] set client ID (len 14)
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="107"] set elapsed time (len 2)
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="108"] set option request (len 4)
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="109"] set IA_PD prefix
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="110"] set IA_PD
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="111"] send solicit to ff02::1:2%vlan01
<29>1 2024-08-06T17:53:05+02:00 router.home.local dhcp6c 17117 - [meta sequenceId="112"] reset a timer on vlan01, state=SOLICIT, timeo=2, retrans=3982

14
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 06, 2024, 05:38:01 pm »
Yes, of course.

15
24.7 Production Series / Re: IPv6 with DHCP6 on top of PPPoE and VLAN
« on: August 06, 2024, 05:01:21 pm »
This is my config, maybe someone can spot something...



Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2