Show Posts

24.7 Production Series / IPv6 router advertisements problems in 24.7/24.1.x

« on: November 21, 2024, 09:14:05 pm »

Hi,

After years working with pfsense CE/Plus on bare metal box, I finally migrated to OPNsense on the same bare metal box (with 1 NIC configured with multiple VLANs and connected to a switch).
Migration is successfully but have 1 issue. Router Advertisment (RA) on the OPNsense box....
The box is exact the same I used with pfsense CE/Plus.

In pfsense CE and OPNsense 24.1-amd64 everything works fine.
Yesterday I upgraded from OPNsense 24.1-amd64 to OPNsense 24.1.10
After the upgrade from OPNsense 24.1-amd64 to OPNsense 24.1.10 my LAN and WLAN clients don't receive a IPv6 address with Router Advertisement (on OPNsense box) to my FreeBSD DHCP box.

On my FreeBSD DHCP server I see correct RA message from pfsense CE/OPNsense 24.1 from normal IPv6:
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address 2001:xxxx:yyyy:30::1, peer address fe80::6353:288f:4b6c:e182
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Advertise NA: address 2001:xxxx:yyyy:30:1::13 to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 static
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Added new forward map from sirens.foo.baar to 2001:xxxx:yyyy:30:1::13
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Added reverse map from 3.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.3.0.0.y.y.y.y.x.x.x.x.1.0.0.2.ip6.arpa. to sirens.foo.bar.
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address 2001:xxxx:yyyy:30::1, peer address fe80::6353:288f:4b6c:e182
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Reply NA: address 2001:xxxx:yyyy:30:1::13 to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 static
Nov 20 18:12:10 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 20 18:12:11 <local7.info> apollo dhcpd[79271]: Added new forward map from sirens.foo.bar. to 2001:xxxx:yyyy:30:1::13
Nov 20 18:12:11 <local7.info> apollo dhcpd[79271]: Added reverse map from 3.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.3.0.0.y.y.y.y.x.x.x.x.1.0.0.2.ip6.arpa. to sirens.foo.bar.

On my FreeBSD DHCP server I see incorrect RA message from OPNsense 24.1.10 coming from link-local OPNsense instead of normal IPv6:

Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Sending Relay-reply to 2001:xxxx:yyyy:10::1 port 547
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Relay-forward message from 2001:xxxx:yyyy:10::1 port 547, link address fe80::28c:faff:fed6:f01d, peer address fe80::6353:288f:4b6c:e182
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: [L2 Relay] No link address in relay packet assuming L2 relay and using receiving interface
Nov 21 16:16:09 <local7.debug> apollo dhcpd[79271]: Picking pool address fe80::31dd
Nov 21 16:16:09 <local7.info> apollo dhcpd[79271]: Advertise NA: address fe80::31dd to client with duid 00:01:00:01:2e:7c:34:90:d0:bf:9c:18:43:f3 iaid = 215007132 valid for 43200 seconds

VLANs on NIC on the OPNsense box:

re0_vlan10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: re0_0010_DMZSERVERS (opt1)
options=80000<LINKSTATE>
ether 00:8c:fa:d6:f0:1d
inet 10.0.1.1 netmask 0xfffffff0 broadcast 10.0.1.15
inet6 fe80::28c:faff:fed6:f01d%re0_vlan10 prefixlen 64 scopeid 0x6
inet6 2001:xxxx:yyyy:10::1 prefixlen 64
groups: vlan
vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>

re0_vlan30: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: re0_0030_LANCLIENTS (lan)
options=80000<LINKSTATE>
ether 00:8c:fa:d6:f0:1d
inet 192.168.0.1 netmask 0xffffffe0 broadcast 192.168.0.31
inet6 fe80::28c:faff:fed6:f01d%re0_vlan30 prefixlen 64 scopeid 0xb
inet6 2001:xxxx:yyyy:30::1 prefixlen 64
groups: vlan
vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>

On the router advertisment page on my OPNsense GUI, I see from 24.1.10 a field source address with a drop-down box where Automatic is selected. But in the drop-down box I see only Automatic but no other options.
The field "source address" was not implemented in OPnsense 24.1 (or earlier).

When I change my SSD in the box with the old pfsense or OPNsense 24.1 router advertisement works like a charm.

I think the problem is with the source address on automatic option I see on 24.1.10 (and also in OPNsense 24.7.8/24.7.9).
How can I disable that box so that it works like 24.1 (or erlier)?
Or how can I a more options than only Automatic in the drop down box?

Can somebody help me?

Kind regards,

Himpie

Messages - himpie

24.7 Production Series / Re: IPv6 router advertisements problems in 24.7/24.1.x

24.7 Production Series / IPv6 router advertisements problems in 24.7/24.1.x