Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - himpie

Pages1
#1
24.7, 24.10 Legacy Series / Re: IPv6 router advertisements problems in 24.7/24.1.x
November 21, 2024, 09:34:52 PM
Hi,

Why is the link-address changed from the normal IPv6 to the link local in versions after 24.1 in OPNsense?

I think it's not possible in my setup. I work with 1 NIC in my OPNsense box, all link-locals are the same ...

re0_vlan10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: re0_0010_DMZSERVERS (opt1)
        options=80000<LINKSTATE>
        ether 00:8c:fa:d6:f0:1d
        inet 10.0.1.1 netmask 0xfffffff0 broadcast 10.0.1.15
        inet6 fe80::28c:faff:fed6:f01d%re0_vlan10 prefixlen 64 scopeid 0x6

re0_vlan30: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: re0_0030_LANCLIENTS (lan)
        options=80000<LINKSTATE>
        ether 00:8c:fa:d6:f0:1d
        inet 192.168.0.1 netmask 0xffffffe0 broadcast 192.168.0.31
        inet6 fe80::28c:faff:fed6:f01d%re0_vlan30 prefixlen 64 scopeid 0xb

It worked for the last 12 years on pfsense and opnsense before 24.1.x update (on 24.1 it works like in pfsense)
#2
24.7, 24.10 Legacy Series / IPv6 router advertisements problems in 24.7/24.1.x
November 21, 2024, 09:14:05 PM
Hi,

After years working with pfsense CE/Plus on bare metal box, I finally migrated to OPNsense on the same bare metal box (with 1 NIC configured with multiple VLANs and connected to a switch).
Migration is successfully but have 1 issue. Router Advertisment (RA) on the OPNsense box....
The box is exact the same I used with pfsense CE/Plus.


In pfsense CE and OPNsense 24.1-amd64 everything works fine.
Yesterday I upgraded from OPNsense 24.1-amd64 to OPNsense 24.1.10
After the upgrade from OPNsense 24.1-amd64 to OPNsense 24.1.10 my LAN and WLAN clients don't receive a IPv6 address with Router Advertisement (on OPNsense box) to my FreeBSD DHCP box.

On my FreeBSD DHCP server I see correct RA message from pfsense CE/OPNsense 24.1 from normal IPv6:
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address 2001:xxxx:yyyy:30::1, peer address fe80::6353:288f:4b6c:e182
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Advertise NA: address 2001:xxxx:yyyy:30:1::13 to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 static
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Added new forward map from sirens.foo.baar to 2001:xxxx:yyyy:30:1::13
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Added reverse map from 3.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.3.0.0.y.y.y.y.x.x.x.x.1.0.0.2.ip6.arpa. to sirens.foo.bar.
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address 2001:xxxx:yyyy:30::1, peer address fe80::6353:288f:4b6c:e182
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Reply NA: address 2001:xxxx:yyyy:30:1::13 to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 static
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 20 18:12:11 <local7.info> apollo dhcpd[79271]: Added new forward map from sirens.foo.bar. to 2001:xxxx:yyyy:30:1::13
Nov 20 18:12:11 <local7.info> apollo dhcpd[79271]: Added reverse map from 3.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.3.0.0.y.y.y.y.x.x.x.x.1.0.0.2.ip6.arpa. to sirens.foo.bar.



On my FreeBSD DHCP server I see incorrect RA message from OPNsense 24.1.10 coming from link-local OPNsense instead of normal IPv6:


Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds

VLANs on NIC on the OPNsense box:

re0_vlan10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: re0_0010_DMZSERVERS (opt1)
        options=80000<LINKSTATE>
        ether 00:8c:fa:d6:f0:1d
        inet 10.0.1.1 netmask 0xfffffff0 broadcast 10.0.1.15
        inet6 fe80::28c:faff:fed6:f01d%re0_vlan10 prefixlen 64 scopeid 0x6
        inet6 2001:xxxx:yyyy:10::1 prefixlen 64
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>

re0_vlan30: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: re0_0030_LANCLIENTS (lan)
        options=80000<LINKSTATE>
        ether 00:8c:fa:d6:f0:1d
        inet 192.168.0.1 netmask 0xffffffe0 broadcast 192.168.0.31
        inet6 fe80::28c:faff:fed6:f01d%re0_vlan30 prefixlen 64 scopeid 0xb
        inet6 2001:xxxx:yyyy:30::1 prefixlen 64
        groups: vlan
        vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>


On the router advertisment page on my OPNsense GUI, I see from 24.1.10 a field source address with a drop-down box where Automatic is selected. But in the drop-down box I see only Automatic but no other options.
The field "source address" was not implemented in OPnsense 24.1 (or earlier).

When I change my SSD in the box with the old pfsense or OPNsense 24.1 router advertisement works like a charm.

I think the problem is with the source address on automatic option I see on 24.1.10 (and also in OPNsense 24.7.8/24.7.9).
How can I disable that box so that it works like 24.1 (or erlier)?
Or how can I a more options than only Automatic in the drop down box?

Can somebody help me?

Kind regards,

Himpie
Pages1