Topics

1

19.7 Production Series / Link-local gateway addresses missing zone index, breaks gateway monitoring

« on: July 18, 2019, 01:32:26 am »

Hi,

After upgrading from 19.1 to 19.7, OPNsense has issues dealing with gateways which have an IPv6 link-local address:

I have two gateways with a statically configured link-local address (fe80::42%hn1, fe80::42%hn2). After the upgrade, the IP addresses were completely gone for both gateways. Re-entering the addresses was not possible: After clicking "save", the address is gone again. Only after entering the addresses without the zone index was I able to save them. But without the zone index gateway monitoring doesn't work.

Similar issue with the WAN_DHCP6 gateway (where the gateway IP address is assigned automatically via RAs from the ISP): The zone index is missing so gateway monitoring doesn't work.

This might be the same issue, although the description is a bit vague:
https://forum.opnsense.org/index.php?topic=13506.0

[Edit]
The following PHP error seems to be related to this:
PHP Warning:  vsprintf(): Too few arguments in /usr/local/etc/inc/util.inc on line 986
[/Edit]

Cheers

Maurice

2

19.1 Legacy Series / IPv6 Dual WAN / Policy Based Routing issue

« on: March 10, 2019, 03:53:44 pm »

Hi all,

I'm trying to get a simple Dual WAN / Dual LAN setup running:
Two WAN interfaces (DHCPv6), two LAN interfaces (LAN1 tracks WAN1, LAN2 tracks WAN2). The WAN1 gateway (WAN1_DHCP6) is the default one. To get traffic originating from LAN2 being routed via WAN2, the gateway is set to WAN2_DHCP6 in the allow-all firewall rule for LAN2 (Policy Based Routing).

No success. LAN1 works just fine, but there is no Internet access from LAN2. This is not a DNS issue (DNS servers are set to external public servers in Router Advertisements). A traceroute from a host in LAN2 to a public IPv6 address doesn't get further than the first hop (router). As expected, switching the default gateway to WAN2_DHCP6 gets LAN2 working and breaks LAN1 Internet connectivity.

Ideas? This should be pretty straight forward, but maybe I am missing something.

Cheers

Maurice

3

18.1 Legacy Series / IPv6 Prefix Delegation: routes missing

« on: March 25, 2018, 08:34:13 pm »

This is not about requesting a prefix from an upstream router / ISP, but about delegating prefixes to downstream routers in the LAN.

I have a static /48 from my ISP. OPNsense is used as a distribution router and should delegate /56 prefixes to other routers connected to its LAN interface.

Prefix Delegation Range and Prefix Delegation Size are properly configured in Services / DHCPv6 / LAN and downstream routers successfully request prefixes (visible in Services / DHCPv6 / Leases / Delegated Prefixes).
However, OPNsense doesn't seem to add routes for the delegated prefixes to its routing table. So clients connected to the downstream routers can't access the Internet.

Is this working for someone? If so, am I missing something? Or could this be a bug?

4

17.7 Legacy Series / [SOLVED] Stateless DHCPv6 support missing?

« on: November 20, 2017, 01:03:53 am »

Hello all,

This is my first post! I'm currently virtualizing a router by migrating from an old embedded Linux box to a fresh install of OPNsense 17.7.7_1 in a Hyper-V VM. Pretty straightforward so far, but now I'm stuck at setting up stateless DHCPv6 for the LANs.

In the existing setup, clients use SLAAC for address autoconfiguration. Clients which don't support the RDNSS / DNSSL options in RAs (like older Windows versions) use stateless DHCPv6 for DNS server and domain information.

In OPNsense, the Router Advertisement "Assisted" mode seems to be the only one which sets the required A and O flags in RAs. But it also sets the M flag which indicates stateful DHCPv6. There seems to be no "A + O flag only" mode. Also, the DHCPv6 server can not be enabled unless you specify an address range.

I've never used an IPv6 router which doesn't support this, so I'm not sure whether this is really missing or I just can't figure out how to configure it (these are my first steps with OPNsense).

Thanks

Maurice