Topics

1

General Discussion / Routing WAN traffic... via the LAN

« on: August 22, 2024, 04:57:49 pm »

My WAN link is down due to a fibre cut.

One of my LAN boxes (a Linux box) is acting as a temporary gateway to the WAN via a WiFi connection and mobile hotspot.

What is the best way to configure OPNSense to route WAN traffic to this particular Linux box, which can forward the traffic to the WIFI interface?

I believe it'll be a gateway configuration, but some specific advice on how to do it would be great. I already lost local connectivity once to opnsense with a misconfiguration (thanks for the ability to restore!).

2

23.1 Legacy Series / Losing ipv6 address on network blip, radvd needs restart

« on: August 14, 2023, 09:09:18 pm »

My router uses "Track Interface" for LAN IPv6 Configuration Type, Manual Configuration checked. DHCPv6 is disabled, and Router Advertisements are "Unmanaged".

I had a network blip of a few seconds and when the network came back up, the router did have a WAN IPv6 address assigned but my LAN clients lost their ipv6 addresses. Restarting the radvd service manually restored IPv6 to LAN clients.

Looking at the logs I see these radv and network related logs when the network goes down:

Code: [Select]

Aug 12 01:37:27 router.home.arpa radvd[44978]: exiting, 1 sigterm(s) received
Aug 12 01:37:27 router.home.arpa radvd[44978]: sending stop adverts
Aug 12 01:37:27 router.home.arpa radvd[44978]: removing /var/run/radvd.pid
Aug 12 01:37:27 router.home.arpa radvd[44978]: returning from radvd main
Aug 12 01:37:28 router.home.arpa dhcp6c[57660]: transmit failed: Network is down
Aug 12 01:37:29 router.home.arpa dhcp6c[57660]: transmit failed: Network is down
Aug 12 01:37:31 router.home.arpa dhcp6c[57660]: transmit failed: Network is down
and then these logs whe the network comes back up a few seconds later:

Code: [Select]

Aug 12 01:37:35 router.home.arpa opnsense[99737]: /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for wan(igb0)
Aug 12 01:37:35 router.home.arpa dhcp6c[15717]: RTSOLD script - Sending SIGHUP to dhcp6c
Aug 12 01:37:35 router.home.arpa opnsense[...]: [...snip bunch of etc/rc.linkup etc/rc.newwanip stuff...]
Aug 12 01:37:36 router.home.arpa opnsense[99737]: /usr/local/etc/rc.linkup: dhcpd_radvd_configure(manual) found no suitable IPv6 address on igb3
Aug 12 01:37:36 router.home.arpa radvd[33395]: version 2.19 started
Aug 12 01:37:36 router.home.arpa dhcp6c[40844]: RTSOLD script - Sending SIGHUP to dhcp6c
Aug 12 01:37:38 router.home.arpa dhcp6c[71649]: dhcp6c_script: REQUEST on igb0 executing
Aug 12 01:37:38 router.home.arpa dhcp6c[73996]: dhcp6c_script: REQUEST on igb0 renewal
Aug 12 01:37:38 router.home.arpa opnsense[74889]: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Aug 12 01:37:35 router.home.arpa opnsense[...]: [...snip bunch of etc/rc.linkup etc/rc.newwanip stuff...]
and then when I fixed things by restarting the radvd service:

Code: [Select]

Aug 12 13:37:17 router.home.arpa dhcp6c[94122]: dhcp6c_script: RENEW on igb0 executing
Aug 12 13:37:17 router.home.arpa dhcp6c[96448]: dhcp6c_script: RENEW on igb0 executing
Aug 12 13:37:17 router.home.arpa opnsense[95010]: /usr/local/etc/rc.newwanipv6: No IP change detected (current: 2001:1970:4000:a2::xxxx, interface: WAN[wan])
Aug 12 13:37:17 router.home.arpa opnsense[177]: /usr/local/etc/rc.newwanipv6: No IP change detected (current: 2001:1970:4000:a2::xxxx, interface: WAN[wan])

I note there are no messages from `etc/rc.newwanipv6` in between the message "Failed to detect IP for WAN[wan] at Aug 12 01:37:38 and the message at Aug 12 13:37:17 "No IP change detected (current: 2001:1970:4000:a2::xxxx, interface: WAN[wan])". This makes me think there is some kind of timing issue or missing event when the WAN ipv6 address is assigned.

3

23.1 Legacy Series / How to find the IPv6 delegated prefix from the command line

« on: April 19, 2023, 06:56:41 am »

The web interface shows the "IPv6 delegated prefix" value in the Interfaces/Overview under the WAN interface. How can I obtain this information from a shell?

The `ifconfig` command shows the delegated prefix under my LAN interface but with the wrong prefix length: /64 instead of /56 which shows on the web interface.

4

23.1 Legacy Series / Automatically generated ICMP rules for IPV6 not passing taffic

« on: April 19, 2023, 01:04:11 am »

The automatically generated ICMP rules for IPV6 include this rule:

IPv6 IPV6-ICMP   fe80::/10   *   fe80::/10,ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)

as well as this rule further down the list:

IPv6 *   <bogonsv6>   *   *   *   *   *      Block bogon IPv6 networks from WAN

However, in my logs I see:

Apr 18 19:01:58 router.home.arpa filterlog[31353]: 71,,,f140a48ddade668b9d6f5259669a1d5c,igb0,match,block,in,6,0xe0,0x00000,1,icmp,1,32,fe80::10,ff02::1:ff00:1,truncated-ip6=32


The traffic is being blocked by the "Block bogon IPV6 networks from WAN" rule, but as far as I can tell from the source `fe80::10` and destination `ff02::1:ff00:1` this traffic should be passed by the "IPv6 RFC4890 requirements (ICMP)" rule. Why isn't it?

I have reset the state table to no effect.