Messages

Hi,

what is your config on the WAN interface for "DHCPv6 client configuration". Which configuration mode are you using? If it is "Advanced" then please switch to "Basic". I had used "Advanced" for the "debug"  switch but it stopped it from working. I switched to "Basic", waited some time and then I had IPv6 running on the LAN interface and the clients behind.

Best regards,

    Jochen

Funny ... I had enabled it because it did not work (for whatever reason) at some point in time and I wanted to enable the debug switch :)

Thanks and best regards,

    Jochen

Now ... I ... am ... puzzled ...

I have an IPv6 on LAN and on my servers ... I am not sure (tried many things). E.g.:

- on Fritzbox I have disabled option "DNSv6-Server auch über Router Advertisement bekanntgeben (RFC 5006)" -- could this have caused the "unknown or unexpected DHCP6 option opt_86"?
- on OPNsense I have enabled shared forwarding:

Code Select Expand

sysctl net.pf.share_forward=1

The only other changes I found was that I disabled "Advanced Mode" and switched the prefix ID back and forth and changed the dhcp6-ia-pd-len.

Could any of these options be related?

Nevertheless: thanks a lot for your support! I really like OPNsense!

Thanks and best regards,

    Jochen

So the real question is some other interface-related code ought to have changed, which would mean we need to look at the OPNsense system log?

Hi Franco,

what infos do you need? Can I send you the logfile somehow?

Thanks and best regards,

    Jochen

Hi br,

I have the following settings active in the FritzBox:

Code Select Expand

- Unique Local Addresses (ULA) zuweisen, solange keine IPv6-Internetverbindung besteht (empfohlen)
- Diese FRITZ!Box stellt den Standard-Internetzugang zur Verfügung
- DNSv6-Server auch über Router Advertisement bekanntgeben (RFC 5006)
- DNS-Server und IPv6-Präfix (IA_PD)zuweisen
- FRITZ!Box als DNS-Server via DHCPv6 bekannt geben. Teile des vom Internetanbieter zugewiesenen IPv6-Netzes an nachgelagerte Router weitergeben.

In OPNsense I have the settings you mentioned + debug but it still does not work.

Thanks for your suggestions and support!

Hi,

I have attached the output of the dhcpd.log (IDs are obfuscated). Do I need to change some settings on the FritzBox maybe?

Code Select Expand

Apr 26 16:36:42 OPNvirt dhcp6c[79517]: get DHCP option opt_86, len 16
Apr 26 16:36:42 OPNvirt dhcp6c[79517]: unknown or unexpected DHCP6 option opt_86, len 16


Thanks for any help and best regards,

   Jochen

And this is from the logfile after changing the "IPv6 Prefix ID"

Code Select Expand

Apr 26 16:35:27 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:35:27 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:35:27 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:35:27 OPNvirt radvd[12988]: sendmsg: Can't assign requested address
Apr 26 16:35:27 OPNvirt radvd[12988]: resuming normal operation
Apr 26 16:35:30 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:35:30 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:35:30 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:35:30 OPNvirt radvd[12988]: resuming normal operation
Apr 26 16:36:42 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:36:42 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:36:42 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:36:42 OPNvirt radvd[12988]: sendmsg: Can't assign requested address
Apr 26 16:36:42 OPNvirt radvd[12988]: resuming normal operation


Best regards,

    Jochen

Hello,

with 17.1.4 and 17.1.5 (at least) I do not have IPv6 working on the LAN interface. IPv6 is set to DHCPv6 on WAN and it get's an IP from my Fritzbox:

Code Select Expand

        inet6 fe80::1111:2222:3333:4444%em1 prefixlen 64 scopeid 0x2
        inet6 2002:aaaa:bbbb:0:1111:2222:3333:4444 prefixlen 64 autoconf


The "Interface List" in the dashboard only shows the fe80-address but not the one assigned by DHCPv6. The LAN interface is set to "Track Interface" but ifconfig still shows

Code Select Expand

        inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1


and the clients on LAN are not able to access external IPv6 systems because they are not assigned any IPv6 ip.

Is this a known issue? Should I open an issue on github?

Thanks a lot and best regards,

    jochen

Looks like a reboot solved this issue ...

Hello,

I had IPsec running some time ago with 16.7 but I wanted to use OpenVPN since I wanted to add several clients / roadwarriors. I have OpenVPN running but the Android client is not as flexible as I would like. So I wanted to switch back to IPsec. I have setup IPsec according to the cookbook (https://docs.opnsense.org/manual/how-tos/ipsec-road.html but I can't get it to run. I get the following messages in logfile:

Code Select Expand

Apr 17 13:08:28 charon: 11[IKE] deleting IKE_SA con1[101] between <wan_ip>[IPsec]...<public_ip>[IPsec]
Apr 17 13:08:28 charon: 11[IKE] received DELETE for IKE_SA con1[101]
Apr 17 13:08:28 charon: 11[ENC] parsed INFORMATIONAL_V1 request 249 [ HASH D ]
Apr 17 13:08:28 charon: 11[NET] received packet: from <public_ip>[55749] to <wan_ip>[4500] (84 bytes)
Apr 17 13:08:28 charon: 08[IKE] received PAYLOAD_MALFORMED error notify
Apr 17 13:08:28 charon: 08[ENC] parsed INFORMATIONAL_V1 request 2559521190 [ HASH N(PLD_MAL) ]
Apr 17 13:08:28 charon: 08[NET] received packet: from <public_ip>[55749] to <wan_ip>[4500] (68 bytes)
Apr 17 13:08:28 charon: 10[NET] sending packet: from <wan_ip>[4500] to <public_ip>[55749] (100 bytes)
Apr 17 13:08:28 charon: 10[ENC] generating TRANSACTION response 960004112 [ HASH CPRP(ADDR SUBNET U_SPLITINC) ]
Apr 17 13:08:28 charon: 10[IKE] assigning virtual IP 10.10.10.2 to peer

I have no idea what setting to change or if this is a problem of 17.1.x series ... I know I had it running with 16.7.

Does anyone have an idea?

Thanks and best regards,

    Jochen

Hi,

if you go to VPN -> OpenVPN -> Servers you see a network listed in column "Tunnel Network". Remember this network.

Then go to Firewall -> Rules - OPENVPN. There should be a rule to let the traffic pass from the OpenVPN network to the destinations  you desire. Make sure that in the column "Source" the network from above is listed.

Best regards,

    Jochen

Hi,

result does not change ... WAN always get's an IPv6 IP, LAN always stays on

Code Select Expand

inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1

Best regards,

   Space

Hi,

that option "Request only a IPv6 Prefix" was ticked in some pfsense documentation ... but the WAN interface does get an IPv6 IP. From OPNsense I am able to reach ipv6.google.com, e.g. ... but not from the LAN systems. And with 17.1 it initially worked with these settings.

Best regards,

    Jochen

Hi,

yes, I remember that it was working when I had switched to 17.1 ... but I can't tell for sure when it stopped ... could very well be that it stopped working with 17.1.2 ...

Thanks and best regards,

    Jochen

Hi,

find attached the settings.