When will IPv6 prefix-delegation on opnsense work again?

Bytechanger · December 30, 2024, 10:45:19 AM

Hi,

I run the OPNSense behind a FritzBox.
The FritzBox delegates ipv6 to OPNSense.
This worked wonderfully up until version 24.7.5_3.

Since then (24.7.11_2) the FritzBox stopped delegating ipv6-networks to the OPNSense!
However, the WAN connection receives an ipv6 address from the FB network.

So after Verson 24.7.5_3 ipv6-Delegation is broken!
So I stuck on Version 24.7.5_3!!

Greets

troplin · December 30, 2024, 10:55:32 AM

I'm also running OPNsense behind a FritzBox and I don't see any problems with PD.
Maybe there's something specific with your config that causes problems?

Bytechanger · December 30, 2024, 11:33:49 AM

What could the problem?
Running under 24.7.5_3 but above not?
When I restore Backup from this version in Proxmox it runs well immediately.

Same config, starting update, then it doesnt work anymore!
Restore Backup from 30 minutes ago, old version, runs well and gets ipv6 pd fast.

@troplin:
Did you get an ipv6 prefix? Wich size?
Mine is 60
(because FritzBox get its own networks for guest automatic).

Bytechanger · January 04, 2025, 10:45:30 AM

Hey,

Does it work for the rest of you?
I have my OPNSense behind the Fritzbox.
It is connected as an exposed host.

In the FritzBox I have -Assign DNS server, prefix (IA_PD) and IPv6 address (IA_NA)- and -Also allow IPv6 prefixes that other IPv6 routers in the home network b- activated.
My ISP send the FritzBox /56 networks for delegation.
In OPNSense I set delegation size to /60.

This works in the old OPNSense version.
At the new versions, I don't get any networks for delegation from the Fritzbox.

I tried different things:
-Request Prefix Hint only ON/OFF, etc.
Are there any logs I could include here?

Need help please

Greets

dseven · January 04, 2025, 11:38:11 AM

Quote from: Bytechanger on January 04, 2025, 10:45:30 AMAre there any logs I could include here?

dhcp6c goes to the system log (System -> Log files -> General). You might want to set Interfaces -> Settings -> IPv6 DHCP -> Log level to at least Info, if not Debug.

Bytechanger · January 26, 2025, 09:49:47 AM

Hi,

so I set IPv6 DHCP loglevel to Debug.

On working version of opnsense 24.7.5_3 its

Code Select

2025-01-16T06:34:06	Notice	kernel	<3>RA with a lower CurHopLimit sent from fe80:5::XXXX:XXXX:fef7:d970 on vtnet4 (current = 255, received = 64). Ignored.	
2025-01-16T06:34:01	Notice	dhcp6c	XID mismatch	
2025-01-16T06:34:01	Notice	dhcp6c	IA_PD prefix: 2a00:XXXX:XXXX:65f0::/60 pltime=3600 vltime=7200	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option IA_PD prefix, len 25	
2025-01-16T06:34:01	Notice	dhcp6c	IA_PD: ID=4, T1=1800, T2=2880	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option IA_PD, len 41	
2025-01-16T06:34:01	Notice	dhcp6c	IA_NA address: 2a00:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:d970 pltime=3600 vltime=7200	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option IA address, len 24	
2025-01-16T06:34:01	Notice	dhcp6c	IA_NA: ID=4, T1=1800, T2=2880	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option identity association, len 40	
2025-01-16T06:34:01	Notice	dhcp6c	unknown or unexpected DHCP6 option opt_86, len 16	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option opt_86, len 16	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option DNS, len 16	
2025-01-16T06:34:01	Notice	dhcp6c	preference: 0	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option preference, len 1	
2025-01-16T06:34:01	Notice	dhcp6c	DUID: 00:XX:00:XX:XX:XX:XX:XX:XX:14	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option server ID, len 10	
2025-01-16T06:34:01	Notice	dhcp6c	DUID: 00:XX:XX:01:XX:XX:XX:XX:00:XX:2e:XX:XX:83	
2025-01-16T06:34:01	Notice	dhcp6c	get DHCP option client ID, len 14	
2025-01-16T06:34:01	Notice	dhcp6c	receive advertise from fe80::XXXX:XXXX:fea4:e514%vtnet4 on vtnet4	
2025-01-16T06:34:01	Notice	dhcp6c	reset a timer on vtnet4, state=SOLICIT, timeo=5, retrans=35289	
2025-01-16T06:34:01	Notice	dhcp6c	send solicit to ff02::1:2%vtnet4	
2025-01-16T06:34:01	Notice	dhcp6c	set IA_PD	
2025-01-16T06:34:01	Notice	dhcp6c	set IA_PD prefix	
2025-01-16T06:34:01	Notice	dhcp6c	set option request (len 4)	
2025-01-16T06:34:01	Notice	dhcp6c	set elapsed time (len 2)	
2025-01-16T06:34:01	Notice	dhcp6c	set identity association	
2025-01-16T06:34:01	Notice	dhcp6c	set client ID (len 14)	
2025-01-16T06:34:01	Notice	dhcp6c	Sending Solicit	
2025-01-16T06:33:50	Notice	kernel	<3>RA with a lower CurHopLimit sent from fe80:5::XXXX:XXXX:fef7:d970 on vtnet4 (current = 255, received = 64). Ignored.	
2025-01-16T06:33:43	Notice	dhcp6c	XID mismatch	
2025-01-16T06:33:43	Notice	dhcp6c	IA_PD prefix: 2a00:6020:4021:65f0::/60 pltime=3600 vltime=7200	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option IA_PD prefix, len 25	
2025-01-16T06:33:43	Notice	dhcp6c	IA_PD: ID=4, T1=1800, T2=2880	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option IA_PD, len 41	
2025-01-16T06:33:43	Notice	dhcp6c	IA_NA address: 2a00:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:d970 pltime=3600 vltime=7200	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option IA address, len 24	
2025-01-16T06:33:43	Notice	dhcp6c	IA_NA: ID=4, T1=1800, T2=2880	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option identity association, len 40	
2025-01-16T06:33:43	Notice	dhcp6c	unknown or unexpected DHCP6 option opt_86, len 16	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option opt_86, len 16	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option DNS, len 16	
2025-01-16T06:33:43	Notice	dhcp6c	preference: 0	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option preference, len 1	
2025-01-16T06:33:43	Notice	dhcp6c	DUID: 00:XX:XX:XX:XX:XX:XX:XX:XX:14	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option server ID, len 10	
2025-01-16T06:33:43	Notice	dhcp6c	DUID: 00:01:00:XX:XX:XX:XX:fc:XX:01:XX:XX:XX:XX	
2025-01-16T06:33:43	Notice	dhcp6c	get DHCP option client ID, len 14	
2025-01-16T06:33:43	Notice	dhcp6c	receive advertise from fe80::XXXX:XXXX:fea4:e514%vtnet4 on vtnet4	
2025-01-16T06:33:43	Notice	dhcp6c	reset a timer on vtnet4, state=SOLICIT, timeo=4, retrans=17867	
2025-01-16T06:33:43	Notice	dhcp6c	send solicit to ff02::1:2%vtnet4	
2025-01-16T06:33:43	Notice	dhcp6c	set IA_PD	
2025-01-16T06:33:43	Notice	dhcp6c	set IA_PD prefix	
2025-01-16T06:33:43	Notice	dhcp6c	set option request (len 4)	
2025-01-16T06:33:43	Notice	dhcp6c	set elapsed time (len 2)	
2025-01-16T06:33:43	Notice	dhcp6c	set identity association	
2025-01-16T06:33:43	Notice	dhcp6c	set client ID (len 14)	
2025-01-16T06:33:43	Notice	dhcp6c	Sending Solicit

When I update (OPNsense 24.7.12_2-amd64) there is NO entry in log for dhcp6c, I wait over an hour!
WAN get´s its ipv6 but no prefix and delegate!
I restart OPNSense and also push Reload on Interface-Overview-WAN Interface. No change.

Greets

Bytechanger · January 26, 2025, 10:42:35 AM

When I check
sudo ps uxawww | grep dhcp6c
Andreas 31169 0.0 0.0 12720 2296 0 S+ 10:41 0:00.00 grep dhcp6c

there is no dhcp6c process running?!
How can I start it??

Greets

Ben S · January 26, 2025, 12:38:08 PM

In the absence of any better ideas, you could try:

Code Select

sh -x /var/etc/rtsold_script.sh em0
(replace em0 with WAN interface)

If I kill dhcp6c and run that the expected output is something like

Code Select

+ [ -z em0 ]
+ grep -q '^interface em0 ' /var/etc/radvd.conf
+ [ -n '' ]
+ [ -f /var/run/dhcp6c.pid ]
+ [ -f /var/run/dhcp6c.pid ]
+ /usr/bin/logger -t dhcp6c 'RTSOLD script - Starting dhcp6c daemon'
+ /usr/local/sbin/dhcp6c -c /var/etc/dhcp6c.conf -p /var/run/dhcp6c.pid -D

If that works, and you see dhcp6c running, the question is why isn't it starting automatically. If that doesn't work then you might have to look through logs to see if there are any errors logged. Perhaps somehow there is something invalid in the dhcp6c config file for example.

Bytechanger · January 26, 2025, 01:01:33 PM

Hi,

I will test it.
But I think, dhcp6c doesn´t start, because it didn´t get an prefix?

Code Select

2025-01-26T12:58:20	Warning	opnsense	/usr/local/sbin/pluginctl: dhcpd_dhcp6_configure() found no suitable IPv6 address on opt1(vtnet3)	
2025-01-26T12:58:20	Warning	opnsense	/usr/local/sbin/pluginctl: dhcpd_dhcp6_configure() found no suitable IPv6 address on opt2(vtnet2)	
2025-01-26T12:58:20	Warning	opnsense	/usr/local/sbin/pluginctl: dhcpd_dhcp6_configure() found no suitable IPv6 address on lan(vtnet1)

On WAN it gets an ipv6 adress from fritzbox, but it didn´t get an prefix delegated?!

Bytechanger · January 26, 2025, 02:42:23 PM

So,

after I do a fresh installation, it works fine (after restore my config).
But when I recover all plugins, it stops working after a reboot. So I think, a plugin will break prefix delegation?

Greets

When will IPv6 prefix-delegation on opnsense work again?

Bytechanger

December 30, 2024, 10:45:19 AM Last Edit: December 30, 2024, 10:49:06 AM by Bytechanger

troplin

December 30, 2024, 10:55:32 AM #1

Bytechanger

December 30, 2024, 11:33:49 AM #2 Last Edit: December 30, 2024, 11:36:19 AM by Bytechanger

Bytechanger

January 04, 2025, 10:45:30 AM #3

dseven

January 04, 2025, 11:38:11 AM #4 Last Edit: January 04, 2025, 11:44:40 AM by dseven

Bytechanger

January 26, 2025, 09:49:47 AM #5 Last Edit: January 26, 2025, 09:53:11 AM by Bytechanger

Bytechanger

January 26, 2025, 10:42:35 AM #6

Ben S

January 26, 2025, 12:38:08 PM #7

Bytechanger

January 26, 2025, 01:01:33 PM #8

Bytechanger

January 26, 2025, 02:42:23 PM #9