IPv6 / SLAAC broken after Hardware migration

Started by init6, November 15, 2023, 03:25:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2023, 03:25:13 PM
Hello everybody,

my ol'reliable opnsense broke a few days ago so I had to replace the Hardware. The process went like this:
1. install opnsense
2. recover backup xml (I selected recover all)
3. reassign some interfaces (e.g. LAN changed from igc to ix)

Interface Setup:
igc0 - WAN Provider 1 (dhcpv4 / dhcpv6)
igc1 - uplink to neighbor / WAN 2 (only dhcpv4)

ix0 - LAN (static v4 / track6)
And then a few vlans on ix0 for IOT, my server, work devices and personal devices.

IPv4 connectivity is running fine on every LAN / VLAN connection.
According to the login page I get when logging in by SSH it looks like all interfaces of the firewall itself get assigned correct addresses, however SLAAC does't work except in vlan06

Code Select

*** OPNsense.lentnernetz.de: OPNsense 23.7.8_1 ***

Gast (vlan04)   -> v4: 192.168.23.1/24
                    v6/t6: 2a00:XXXX:XXXX:d323:62be:b4ff:fe0b:96f2/64
IoT (vlan03)    -> v4: 192.168.22.1/24
LAN (ix0)       -> v4: 192.168.42.1/24
                    v6/t6: 2a00:XXXX:XXXX:d300:62be:b4ff:fe0b:96f2/64
WANDG (igc0)    -> v4/DHCP4: 100.85.86.172/16
                    v6/DHCP6: 2a00:XXXX:XXXX:42::32e3/128
WireGuardTunnel (wg0) -> v4: 192.168.50.0/24
                    v6: 2a00:XXXX:XXXX:d315::/64
arbeit (vlan07) -> v4: 192.168.26.1/24
                    v6/t6: 2a00:XXXX:XXXX:d326:62be:b4ff:fe0b:96f2/64
fritzbox (igc1) -> v4/DHCP4: 192.168.178.23/24
mgmt (vlan02)   -> v4: 192.168.21.1/24
oglinks (vlan06) -> v4: 192.168.25.1/24
                    v6/t6: 2a00:XXXX:XXXX:d325:62be:b4ff:fe0b:96f2/64
ogrechts (vlan05) -> v4: 192.168.24.1/24
                    v6/t6: 2a00:XXXX:XXXX:d324:62be:b4ff:fe0b:96f2/64
server (vlan01) -> v4: 192.168.20.1/24
                    v6/t6: 2a00:XXXX:XXXX:d320:62be:b4ff:fe0b:96f2/64


In the Interface Settings unter "Track IPv6 Interface" I have only selected the Parent Interface and the offset, manual configuration used to be disabled. For testing I have now enabled it and set the router advertisements to "unmanaged" or "stateless". Both did not help.


On ix0 and vlan01 I have also increased the mtu to 9000 as that could help with nfs mounts. Didn't cause issues for v4 connectivity.

In the logfiles I see mosty stuff related to the dhcp6c running on igc0, not sure if that's relevant here. So since I don't know what logs would be helpful here's a snippet from tcpdump when plugging in a client to vlan01:
Code Select

15:23:17.831661 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:18.235277 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:18.619291 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff4d:85ff: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::5054:ff:fe4d:85ff
          unknown option (14), length 8 (1):
          0x0000:  50f7 a080 eb1a
15:23:19.647315 IP6 (hlim 1, next-header Options (0) payload length: 96) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 4 group record(s) [gaddr ff02::1:ff00:0 to_ex, 0 source(s)] [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:19.659267 IP6 (hlim 1, next-header Options (0) payload length: 56) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)]
15:23:19.726654 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:19.976623 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:20.226645 IP6 (flowlabel 0x06d9f, hlim 255, next-header UDP (17) payload length: 41) fe80::5054:ff:fe4d:85ff.5355 > ff02::1:3.5355: [bad udp cksum 0xd362 -> 0x454c!] UDP, length 33
15:23:20.251267 IP6 (hlim 1, next-header Options (0) payload length: 116) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 5 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)] [gaddr ff02::1:ff4d:85ff to_ex, 0 source(s)] [gaddr ff05::2 to_ex, 0 source(s)] [gaddr ff02::2 to_ex, 0 source(s)]
15:23:20.411269 IP6 (hlim 1, next-header Options (0) payload length: 56) fe80::5054:ff:fe4d:85ff > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s) [gaddr ff02::1:3 to_ex, 0 source(s)] [gaddr ff02::1:ff00:0 to_ex, 0 source(s)]
15:23:20.726651 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:24.863938 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:25.907294 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 351) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24ca -> 0x3c3b!] UDP, length 343
15:23:33.432102 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:51.353160 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:23:55.907898 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 400) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24fb -> 0xd81b!] UDP, length 392
15:24:25.813895 IP6 (flowlabel 0xc34b3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe4d:85ff > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): 52:54:00:4d:85:ff
15:24:25.909731 IP6 (flowlabel 0x9e77c, hlim 2, next-header UDP (17) payload length: 342) fe80::8bf3:87b6:b161:60be.50293 > ff02::c.1900: [bad udp cksum 0x24c1 -> 0x7158!] UDP, length 334


Print
Go Up Pages1
User actions