OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Gromhelm »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Gromhelm

Pages: [1]
1
23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error
« on: July 31, 2023, 08:49:12 am »
@Patrick M. Hausen, @franco - many thanks for the explanation! Indeed, I expected I was _wrong_, was just looking for this piece of information. Maybe discussions like these help at some point make the gui or docs more self-explanatory. Of course, nothing helps against ignorant users (I hope I am not one of them).

2
General Discussion / Re: How to add a dns-provider for letsencrypt
« on: July 31, 2023, 06:27:13 am »
You can create your own script to push/update using a custom DNS API. I've added an example (Cloudflare) here:
https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/#dns-setup

(because the Cloudflare implementation available through OPNsense plugins did not work)

3
General Discussion / Re: [Solved] IPv6 - radvd:prefix length should be 64
« on: July 30, 2023, 01:55:15 pm »
Thanks for the clarification. There were a lot of changes and bug fixes to IPv6 recently and it is difficult to find the correct answers, as everybody seems to have different issues.

4
General Discussion / Re: IPv6 - radvd:prefix length should be 64
« on: July 30, 2023, 10:15:06 am »
Yes! That was it - I had to set the Prefix to /56, as Telekom apparently hands out 56 Prefixes:
https://www.heise.de/news/Details-zu-IPv6-ueber-Telekom-DSL-1762367.html

I used the standard ID 0 for my LAN subnet and it works! Note that I had to completely restart my OPNsense.

Thank you very much, @bartjsmit

5
General Discussion / [Solved] IPv6 - radvd:prefix length should be 64
« on: July 29, 2023, 07:32:55 pm »
I have continuing problems with IPv6 setup in OPNsense. It works for 1-2 days after a restart, but then stops working.

Today I found the following logs under:
/ui/diagnostics/log/core/routing

> Warning   radvd   prefix length should be 64 for igb3
> Warning   radvd   prefix length should be 64 for igb1
> radvd   sendmsg: Network is down
> Warning   radvd   prefix length should be 64 for igb3
> Warning   radvd   prefix length should be 64 for igb1
> radvd   sendmsg: Network is down
> ...

Since I use "Track WAN" for IPv6 on both, and WAN is setup with /64, this does not make sense to me.

Under /status_interfaces.php, I see the following values:
igb1:
IPv4 address   192.168.100.1/24
IPv4 gateway   auto-detected: 192.168.100.1
IPv6 link-local   fe80::2e0:67ff:fe2a:72e4/64
IPv6 address   2003:e7:1f0c:8e00:2e1:37ff:fe2a:72e4/56

igb1 (lan) is configured with:
IPv6 Configuration Type - Track Interface
IPv6 Interface - WAN

wan:
DHCP           DHCPv6 up 
PPPoE                up
MTU                    1492
IPv6 link-local   fe80::2e0:67ff:fe2a:72e3/64
IPv6 address   2003:e7:1fff:d24:2e1:37ff:fe2a:72e3/64
IPv6 prefix   2003:e7:1f0c:8e00::/56
IPv6 gateway   auto-detected: fe80::224e:71ff:fe11:2cfe

My IPv6 configuration for WAN follows the DHCPv6 instructions in the docs:
IPv6 Configuration Type - DHCPv6
Request only an IPv6 prefix - yes
Prefix delegation size - 64
Send IPv6 prefix hint - yes
Use IPv4 connectivity - yes
Use VLAN priority - Disabled

How can I go further to debug this? Why does my LAN (igb1) has a /56 IPv6 address, when WAN has a /64 IPv6 address?

The same is reported here on Reddit, for the exact same ISP (Telekom).

6
23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error
« on: June 30, 2023, 05:59:11 am »
Ok, I removed "LAN" from listen interfaces and went back to default "All (recommended)". It makes no sense to me why the GUI would need to listen on the WAN side.

7
23.1 Legacy Series / Re: IPv6 is broken after Update to 23.1.4 + 503 Service unavailable error
« on: June 29, 2023, 08:01:26 pm »
I had the same issue, since updating yesterday to the latest version.

I just saw the 503 service unavailable and restarted the webgui service, it is working for now but the errors are still popping up in logs.

8
23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« on: June 02, 2023, 06:52:57 am »
Just updated to 23.1.9 and Yes! All green lights on https://test-ipv6.com/ !

Quote
Your readiness score 10/10   for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

Nothing changed in the configuration. I did see an error regarding IPv6 prefix update in the logs after update, and Unbound failed to start automatically, but everything was fine after manually starting unbound (see my description of this on GH).

9
23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« on: May 27, 2023, 06:28:47 am »
For me, too: I could solve my problems described above, everything is green in OPNsense for IPv6, but https://test-ipv6.com/ returns Zero connectivity for IPv6. It was all green before 23.1.8.

10
General Discussion / Re: How to best execute shell command once, after OPNsense have reboot?
« on: May 07, 2023, 07:36:58 am »
Was the bug report ever posted? I had the same problem today, where my Cloudflare DynDNS script with @reboot was removed from crontab with the OPNsense upgrade.

11
23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« on: April 01, 2023, 06:13:33 am »
Fixed my issue - it was a missing default gateway set under System > General > DNS. Described here, with a Pull Request attached:
https://github.com/opnsense/core/issues/6435#issuecomment-1492616278

12
23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« on: March 29, 2023, 06:07:32 am »
I run
Code: [Select]
/usr/local/etc/rc.configure_interface wan, without success. After the command, some errors popped up in the log, but I think they are mostly meaningless:
Code: [Select]
/usr/local/etc/rc.newwanipv6:
The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb1 igb3' returned exit code '1',
the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Warning: subnet 2003:e7:1f11:300::/32 overlaps subnet 2003:e7:1f11:300::/32
Config file: /etc/dhcpdv6.conf
Database file: /var/db/dhcpd6.leases
PID file: /var/run/dhcpdv6.pid
There's already a DHCP server running.
If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

I tried to check
Code: [Select]
/etc/dhcpdv6.conf, but it doesn't exist.

[edit]

Perhaps I am seeing these log entries because both my IPSEC Gateways are IPv4 only?
Only my default WAN gateway is Dualstack (IPv4 + IPv6).

13
23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« on: March 28, 2023, 06:43:44 pm »
Came here after having IPv6 problems since the last update. Before the update, https://internet.nl/connection/ showed all green checks. Now I had problems with IPv6 not being available, three checks somehow disappeared in the WAN configuration:
  • Request only an IPv6 prefix
  • Send IPv6 prefix hint
  • Use IPv4 connectivity

After checking these again and restarting, IPv6 works again, but my General System Log is spammed with these entries:
Code: [Select]
2023-03-28T18:23:28 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
2023-03-28T18:23:28 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:23:28 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:13:26 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
2023-03-28T18:13:25 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:13:25 Warning opnsense /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''
2023-03-28T18:03:23 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]

The period is every 10 Minutes - what could cause that?

I am on DHCPv6 with a delegated 64 prefix and a LAN that is set to track IPv6 WAN, according to the standard setup from the docs.

Under Gateway, my DHCPv6 gateway shows online and does have a link-local IP (fe80::224e:71ff:fe11:2cfe).

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2