Messages

1

24.7 Production Series / IPv6 PD question - getting error "network mask too short prefix6"

« on: November 04, 2024, 03:19:56 pm »

Hi all,

a question for understanding how ISC DHCPv6 configuration is desired to work. What I want is to delegate /57 out of my /56 prefix to a downstream router. I try the following configuration (see screenshot as well):

Code: [Select]

Prefix Delegation Range
from: ::80:0000:0000:0000:0000
to: ::ff:ffff:ffff:ffff:ffff

But, this is not working, I get a "network mask too short prefix6" error message in the log if trying. On the other hand a:

Code: [Select]

Prefix Delegation Range
from: ::80:0000:0000:0000:0000
to: ::80:0000:0000:0000:0000

is accepted.

Has someone experience here and can explain the logic behind to me?

From my understanding, the first config is correct while the last is not.

Thanks and best regards
Robert

2

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: October 02, 2024, 08:32:10 pm »

Hi Robert,

Sorry for the response delay.  It's still true but the package moved to a new rebuild (but holds the same source code as discussed):

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240919_1.pkg

Just update to 24.7.5 and see how that goes as a separate data point. Then install the updated client and reboot again to see if that changes things.

Cheers,
Franco

Hi Franco,

good and bad news.

Did another series of tests to track this down further. Just as a recap, my setup is:
* OPNSense setting vlan7 (necessary for my provider Deutsche Telekom) and doing PPPoE dialing
* Modem directly connected to the OPNSense Box not setting a vlan7

1. installed 24.7.5 -> not working (see attached log)
2. installed patched dhcp6c client on top of 24.7.5 -> not working (see attached log)
3. connected a OpenWRT box in the exact way to the modem as the OPNSense box and let it set vlan 7 -> working
4. reconfigured OPNSense to NOT set the vlan (using the underlying interface directly) and let the modem set the vlan -> working (can provide log if needed, forgot to collect)

Based on this there are three new data points:
* it is no longer sure, that the problem was introduced with 24.x.x (I doubt so). But I reconfigured the vlan thing at the same time (mentioned it in earlier posts already)
* it is no provider side issue
* there is a problem with OPNSense and IPv6 PD when it is based on a vlan instead directly at the physical interface

What do you think how we should go on here, is there anything I can test for you?

I think a bug in the dhcp6 client is not longer likely, more one deeper in the network stack?

Best regards
Robert

3

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 28, 2024, 08:39:38 am »

Robert,

As per my earlier comments I wrote this patch to try https://github.com/opnsense/dhcp6c/commit/d2e5fb474f

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240907_3.pkg

Reboot to see if it helps.

Thanks,
Franco

Hi Franco,

is this still true for 24.7.5 or will things break if I apply the patch/install the package? Or in the other direction, needa the patch/package a adaption for 24.7.5 before trying it?

And should I install one by one and check the effect or both together?

Can do this now, my box has not that much critical traffic this weekend.

Best regards
Robert

4

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 20, 2024, 09:06:52 pm »

Hi Franco,

Do you have "Request only a prefix" unset? It would be better to set this option if that's the case. If it's already set we need to try and ignore this zero lifetime NA that doesn't even provide an address.

Yes, this was unchecked. Never checked this the years before and it always worked. Nevertheless, gave it a try but without success (see attached log).

To me it looks like a server quirk to be honest.

If we follow this theory, then something must have triggered this server problem on the OPNsense side since 24.7.x. Before I always had IPv6 in use and no problems.

For mit it looks like all is fine, but it just isn't working and getting a prefix. Weird.

One small thing I changed with the migration to 24.7.x is, that OPNsense is now setting the Vlan ID (7) instead of the modem internally (that was the case before). But I cannot imagine how this can lead to the problem, IPv4 is working fine and I even get a IPv6 address for the "wan interface", just the prefix is not delegated.

Best regards
Robert

5

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 18, 2024, 01:50:41 pm »

PS: The version you tested is going to be tomorrow's release version in 24.7.4 anyway.

Hi Franco,

tried again with 24.7.4. Unfortunately I still get no prefix delegated on my "wan" interface. I send a /56 prefix hint and use the IPv4 connectivity on the interface tagged with vlan 7. As all the years before.

I've attached the log again. Still no specialist in that topic, but I think the pattern of the log changed somewhat since 24.7.3. It repeats steps and contains multiple times a clear

Code: [Select]

create a prefix 2003:c3:xxxx:xxxx::/56
But later stopping with it and then a

Code: [Select]

advertise contains no address/prefix
Do you have another idea what to check?

Thanks and best regards
Robert

6

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 11, 2024, 08:41:07 am »

Can I apply this with opnsense-patch somehow

Nah. You can apply it with the command already posted:

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240907.pkg

Hi all,

how can I revert this to the production version? Is a

Code: [Select]

opnsense-revert dhcp6c
enough to do so?

Sorry, havn't that much experience in that direction and it is a quite productive system.:-)

Best regards
Robert

7

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 09, 2024, 06:53:02 pm »

Hi Franco,

This is only the default value, but in all honestly it's a historic artefact and not even used anymore. The interface name is always passed.

This is purely a interpreted languange without compiling or poat processing build steps to check method calls against the existing signatures, right? So no chance to just remove the default without risk of breaking stuff.

I think we figured out the mix of commits that caused dhcp6c to regress the way it did in 24.7.2:

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240907.pkg

This will be in 24.7.4. Worth a test, but needs a reboot to activate.

Can I apply this with opnsense-patch somehow and is this different from the previous opnsense-patch 6b28dae2 82ea39b04c?

Or makes it just sense to wait for 24.7.4?

Thanks again and best regards
Robert

8

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 06, 2024, 08:11:57 pm »

Hi Franco,

really stupid question and asked if at another point this thread already, but all I try to do should work with a which is not the original wan (mine is a custom created new interface, not ootb wan), right?

Just asking because I scrolled a little bit through the changed files in your commit and e.g. here:
https://github.com/opnsense/core/blob/6b28dae26cbadb9d25708685f590ee9af0506678/src/etc/inc/interfaces.inc#L2238

is a hard coded reference to "wan" and later this is used via "$wancfg".

But really didn't looked trough the whole code flow but stumbled over it and the question came up again for me.

Best regards
Robert

9

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 06, 2024, 11:46:18 am »

> Do you have a idea or at least a speculation what causes this? I mean, as written in the OP, ISP is the same and it worked before. As well with PPPoE and IPv6 together.

Most of this revolves around timing issues: PPP being a bit less reliable due to extra software in between (mpd5), dhcp6c code changes causing IPv4 and IPv6 sequence mismatches, additional use of Netmap (suricata and zenarmor) or modem interaction on the plugged WAN link.

6b28dae2 tries to address some of these issues by moving IPv6 setup to PPP linkup time, not generic IPv4 renewal time (which is called much more often).

6b28dae2 should be safe enough, you can run the patch command again and it will be removed. the patch is also cached so it's easy to recover from no connectivity due to patches. But this patch has been extensively tested so I don't think it would be worse than before.


Cheers,
Franco

Hi Franco,

unfortunatley a "opnsense-patch 6b28dae2" did not fix the problem. See attached dhcp6c log.

Not sure if it is worth mentioning, but my "wan" interface is getting a IPv6 address, just the PD part is broken.

Best regards
Robert

10

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 05, 2024, 09:51:36 pm »

As I see it it's asking multiple times, also interrupted due to SIGHUP reconnect, getting multiple answers but eventually refusing to give out another prefix and that's where it stops as expected.

Do you have a idea or at least a speculation what causes this? I mean, as written in the OP, ISP is the same and it worked before. As well with PPPoE and IPv6 together.

Maybe really some hidden magic which is bound to the interface name "wan"? Thats the only config change I've done as far as I can see.

Seeing that PPPoE is involved I'd like to ask you to try the following:

Ok, will check tomorrow if this is applicable.

A simple "opnsense-patch 6b28dae2" should be enough?

How likely is this to break stuff or being irreversible?

Best regards
Robert

11

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 05, 2024, 09:26:25 pm »

What's odd here is the claim that 24.7.1 is the bad version, when in reality only 24.7.2 changed dhcp6c and there is something weird going on there (see other thread). Sure, 24.7.1 introduced other problems, but the triage here just doesn't feel consistent.

As far as packet captures go that's pretty useless since we need to know what dhcp6c does. Enable debug under System: Interfaces: Settings and reboot. The dhcp6c logs tell us about all the communication that is being done (and why) and in most cases where a prefix is missing the server will likely not have sent it in the first place.


Cheers,
Franco

Hi Franco,

please find the requested log attached. As far as I can see there is a /56 prefix (I removed some parts of it, wasn't sure about privacy) occurring in the log, but later it says contains no prefix. Weird.

Do you have an idea how to go on?

Thanks and best regards
Robert

12

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 04, 2024, 07:38:15 pm »

Hi all,

has someone maybe a good source or (simple) documentation for for the packets involved in which order when a prefix delegation is done between DHCP client and server?

To bring things forward, I want to try to capture packets on my "WAN" interface and have a look where things stop. But I need a reference what is the "correct" flow

Thanks and best regards
Robert

13

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 02, 2024, 08:44:53 pm »

I must be missing all the wonderful use cases,  using such boring tactics like having one track interface and setting up all the rest to be static.

Just to keep topic of this thread focussed and for clarification:

• my problem starts already with the delegation of the prefix from my ISP to my "wan" (it is a custom one, not the on existing by default) interface
• I have one interface configured as tracking one, but since the prefix of the ISP is not delegated correctly, this is also no longer working
• my config and ISP has not changed since before 24.7.1
• since 24.7.1 my "wan" interface is not consuming a prefix from my ISP anymore
• reverting dhcp6c to pre 24.7 version is not fixing the problem
• if I get requirements how to I will help to track this down

Best regards
Robert

14

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: September 02, 2024, 05:36:53 pm »

That said, I'd disable it altogether and never look at that checkbox again.

Ok. Will do. As you said, the rules created automatically look good and this should not happen logically.

2 delegated prefixes. IPv6 connectivity (LAN and WAN) works as well. OP’s issue might be related to his configuration or ISP. My setup isn’t fancy at all. It’s a standard configuration.

As mentioned in my first post the config is equal to before the upgrad and working since years with the same ISP. This is definitly no ISP problem and related to the update.

Here is the ultimate revert kernel

https://github.com/opnsense/src/issues/218#issuecomment-2321096627

to test your theory. Otherwise this is a configuration issue perhaps.

Cheers,
Franco

Was this comment targeting my problem? How can I test / help tracking down the problem further (reverting dhcp6c didn't work).

On small difference in my configuration to standard: I am not using the default WAN interface but a custom created one (vlan) and it's parent (physical) interface is not assigned.

May there be hard coded things IPv6 related things nailed to the name "WAN" somewhere?

Best regards
Robert

15

24.7 Production Series / Re: IPv6 prefix delegation not working with 24.7.1-.3

« on: August 30, 2024, 02:05:13 pm »

Tried to get a screenshot of the blocked DHCPv6 traffic, looks like the attached one.

Further, but I think not directly related and maybe a timing issue, I saw DHCPv6 traffic being blocked when bogon network blocking is enabled. See the other screenshots.