HE Tunnel Broker broke after 22.1.3 upgrade (gateway stopped working)

[Napsterbater]

Even with "opnsense-patch 61500f6790" my HE GIF Tunnel is completely broken.

Seems an address is not getting assigned per the INTERFACES -> OVERVIEW screen.

[franco]

More details please.

[Napsterbater]

Tell me what details do you need. What specific log outputs do you need. Because nothing I found in the web UI logs. Tell me anything useful.

All I know is the IP addresses are not being assigned to the interface. That's the gateway can't be created. This all started on 22.1.3
I have applied the patch, I've deleted the GIF interface I've deleted interface assignment. I've tried to recreate the gateway. Nothing works. System reboots don't work either.
I have a DHCP WAN with a Static Virtual IP that the GIF is attached to.

[franco]

It's really the same issue you describe and you said you applied the patch, but maybe you applied it twice which removes it again or a local modification (opnsense-patch run) conflicted with it. Can you post the actual opnsense-patch output?


Cheers,
Franco

[Napsterbater]

Code Select Expand

Napsterbater@car1:~ % sudo opnsense-patch
Napsterbater@car1:~ %

Code Select Expand

Napsterbater@car1:~ % sudo opnsense-patch 61500f6790
Found local copy of 61500f6790, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 61500f6790969ba1c426c27322ba8879dd96bd5a Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Mon, 21 Mar 2022 09:24:09 +0100
|Subject: [PATCH] interfaces: suspicious code is suspicious
|
|I'm not sure why interface_bring_down() is needed when both
|IPv4 and IPV6 are empty.  It sort of means "handle this the
|hard way when doing tunnel configurations" althoug the code
|disagrees about the historic comment and the code that was
|introduced... "set to none" vs. "ipaddr <> none" and later
|"empty(ipaddr)" to match the comment.  In the grand scheme of
|things this does not matter at all...
|
|So in 22.1.3 we removed the inline configuration of GIF and GRE
|which causes interface configuration to strip the addresses
|added by device configuration instead of refixing it on the
|fly (executing code twice all the time).  The code flow was
|always correct but in practice tripping over itself so now try
|a more sensible approach by stripping addresses when we have
|assignments going on individually for IPv4 and IPv6.
|
|PR: https://forum.opnsense.org/index.php?topic=27553.0
|---
| src/etc/inc/interfaces.inc | 14 ++++++--------
| 1 file changed, 6 insertions(+), 8 deletions(-)
|
|diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
|index 4ab49d680a..79876b1ba3 100644
|--- a/src/etc/inc/interfaces.inc
|+++ b/src/etc/inc/interfaces.inc
--------------------------
Patching file etc/inc/interfaces.inc using Plan A...
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 2200 with fuzz 1 (offset 33 lines).
done
All patches have been applied successfully.  Have a nice day.

"Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 2200 with fuzz 1 (offset 33 lines).
done"
So it was installed?

[Napsterbater]

After re applying the patch due to removal when posting previous output. And rebooting again. It does seem to be back to working.

No idea why it didn't the first time.

[gromit]

Any system log from the boot process? This is strange but doesn't seem to indicate what could be wrong.

in6_purgeaddr: err=65, destination address delete failed

And where is the "missing IPv6" configured?


Cheers,
Franco

Sorry for having spaced on replying to this thread.  In my case, I believe what might have been causing the issue was that, after setting up the HE Tunnel, I also (for reasons too lengthy to go into here) defined a static IPv6 address on my WAN link (em0).  I didn't have any IPv6 gateway defined for this, but I think this was messing up configuration of gif0 during boot.

My "fix" was to set "IPv6 Configuration Type" to "None" on the WAN interface.  Boot-up configuration of the HE Tunnel worked after that.