Updated to OPNsense 20.7.b_156-amd64, dhcpd6 not starting

[bimmerdriver]

I updated my test system and after it restarted, dhcpd6 was not running and would not start. It was a while since I last updated it, so I bootstrapped to a previous version which does not have the problem, then updated to see if the problem returned.

After bootstrapping, here is the version:

OPNsense 20.1.6-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020

This version works properly.

After updating from the GUI, here is the version:

OPNsense 20.7.b_97-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020

This version works properly.

After updating from the command line (opnsense-update, opnsense-code core, make upgrade), here is the version:

OPNsense 20.7.b_156-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020

With this version, dhcpd6 will not start and the Windows 10 client cannot get an IPv6 address.

The only related message in the log is this:

Code: [Select]

opnsense-devel: /usr/local/etc/rc.bootup: Warning! dhcpd_dhcp6_configure() found no suitable IPv6 address on lan
My ISP requires the use of the "Directly send SOLICIT" setting, which appears to be missing.

[bimmerdriver]

I started up another VM running the latest development version:

OPNsense 20.7.b_97-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020

It's working properly, but it also doesn't have the Directly send SOLICIT setting.

I started up another VM running the latest release version:

OPNsense 20.1.6-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020

It's also working properly, but it also doesn't have the Directly send SOLICIT setting.

This is strange. Perhaps the setting disappeared from the GUI, but it's still in the configuration?

[marjohn56]

Can you grab your dhcpd6.conf and post the contents, obfuscate any GUAs, same goes for dhcp6c.conf, post the contents.

[marjohn56]

You might need the new dhcp6c, in fact I'm pretty sure you will, so do a ps -auxw | grep dhcp6c and see if it's running.

[marjohn56]

Directly send solicit does not exist anymore, and hasn't since 20.1.1 or even earlier.

[marjohn56]

Do this, from the shell.


# cd /usr
# git clone https://github.com/opnsense/dhcp6c.git
# cd dhcp6c
# ./configure
# make
# killall -TERM dhcp6c
# make install


Now reboot.

[marjohn56]

You'll find the dhcp6c debug and no-release options are now in interfaces->settings.

[bimmerdriver]

Can you grab your dhcpd6.conf and post the contents, obfuscate any GUAs, same goes for dhcp6c.conf, post the contents.

Thank you for your reply.

dhcpd6.conf

Code: [Select]

# Server configuration file example for DHCPv6
# From the file used for TAHI tests - addresses chosen
# to match TAHI rather than example block.

# IPv6 address valid lifetime
#  (at the end the address is no longer usable by the client)
#  (set to 30 days, the usual IPv6 default)
default-lease-time 2592000;

# IPv6 address preferred lifetime
#  (at the end the address is deprecated, i.e., the client should use
#   other addresses for new connections)
#  (set to 7 days, the usual IPv6 default)
preferred-lifetime 604800;

# T1, the delay before Renew
#  (default is 1/2 preferred lifetime)
#  (set to 1 hour)
option dhcp-renewal-time 3600;

# T2, the delay before Rebind (if Renews failed)
#  (default is 3/4 preferred lifetime)
#  (set to 2 hours)
option dhcp-rebinding-time 7200;

# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;

# Global definitions for name server address(es) and domain search list
option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
option dhcp6.domain-search "test.example.com","example.com";

# Set preference to 255 (maximum) in order to avoid waiting for
# additional servers when there is only one
##option dhcp6.preference 255;

# Server side command to enable rapid-commit (2 packet exchange)
##option dhcp6.rapid-commit;

# The delay before information-request refresh
#  (minimum is 10 minutes, maximum one day, default is to not refresh)
#  (set to 6 hours)
option dhcp6.info-refresh-time 21600;

# The path of the lease file
dhcpv6-lease-file-name "/var/db/dhcpd6.leases";

# Static definition (must be global)
host myclient {
# The entry is looked up by this
host-identifier option
dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;

# A fixed address
fixed-address6 3ffe:501:ffff:100::1234;

# A fixed prefix
fixed-prefix6 3ffe:501:ffff:101::/64;

# Override of the global definitions,
# works only when a resource (address or prefix) is assigned
option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;

# For debug (to see when the entry statements are executed)
#  (log "sol" when a matching Solicitation is received)
##if packet(0,1) = 1 { log(debug,"sol"); }
}

host otherclient {
        # This host entry is hopefully matched if the client supplies a DUID-LL
        # or DUID-LLT containing this MAC address.
        hardware ethernet 01:00:80:a2:55:67;

        fixed-address6 3ffe:501:ffff:100::4321;
}

# The subnet where the server is attached
#  (i.e., the server has an address in this subnet)
subnet6 3ffe:501:ffff:100::/64 {
# Two addresses available to clients
#  (the third client should get NoAddrsAvail)
range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;

# Use the whole /64 prefix for temporary addresses
#  (i.e., direct application of RFC 4941)
range6 3ffe:501:ffff:100:: temporary;

# Some /64 prefixes available for Prefix Delegation (RFC 3633)
prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
}

# A second subnet behind a relay agent
subnet6 3ffe:501:ffff:101::/64 {
range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;

# Override of the global definitions,
# works only when a resource (address or prefix) is assigned
option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;

}

# A third subnet behind a relay agent chain
subnet6 3ffe:501:ffff:102::/64 {
range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
}

dhcp6c.conf

Code: [Select]

interface hn0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix-interface hn1 {
    sla-id 0;
    sla-len 8;
  };
};


[bimmerdriver]

You might need the new dhcp6c, in fact I'm pretty sure you will, so do a ps -auxw | grep dhcp6c and see if it's running.

dhcp6c isn't running, as you suspected.

[bimmerdriver]

Directly send solicit does not exist anymore, and hasn't since 20.1.1 or even earlier.

I didn't notice that. I guess that's the result of upgrading in place and not paying attention until something doesn't work.

[bimmerdriver]

Do this, from the shell.


# cd /usr
# git clone https://github.com/opnsense/dhcp6c.git
# cd dhcp6c
# ./configure
# make
# killall -TERM dhcp6c
# make install


Now reboot.

Done and it's working.

[bimmerdriver]

You'll find the dhcp6c debug and no-release options are now in interfaces->settings.

Would it be helpful for me to enable debug logging and post the log?

[marjohn56]

No, I think you are fine on that unless you see something is wrong. We did some pretty heavy testing of it during the changes we made to dhcp6c, and I'm pretty sure that dhcp6c and the debug option - as you see now has multiple levels, and no-release should all be fine. The major testing will come as we move forward with multiwan dhcp6. It's halfway there but it needs further work in other areas now.

[marjohn56]

There's something else you should also notice, if you take a look at the interfaces->Overview for your WAN, you'll see the delegated prefix and size that's been assigned by your ISP, this is another new addition to dhcp6c and simplifies a few things around dhcpdv6 as we now don't have to rely on the user getting the prefix size correct.

[bimmerdriver]

A few comments / questions.

In Lobby / Dashboard / Gateways, WAN_DHCP6 shows statistics and status, but the address is ~, rather than the (link-local) address of the gateway.

In Interfaces / Overview / WAN, it shows the link-local address of the IPv6 gateway.