Updated to OPNsense 20.7.b_156-amd64, dhcpd6 not starting

[marjohn56]

Not on my test unit. It's showing the link-local addres.

[franco]

If there are no router advertisements that rtsold can pick up (the main cause for the former send SOLICIT option) you do not get a router address notification.

We removed send SOLICIT because we use a hybrid mode now that has no averse affects on users of the former option.


Cheers,
Franco

[bimmerdriver]

I used wireshark to capture DHCPv6 and ICMPv6 messages.

When OPNsense starts, the following sequence of messages are exchanged:

send ICMPv6 router solicitation
send DHCPv6 solicit
receive DHCPv6 advertise
receive ICMPv6 router advertisement
send DHCPv6 request
receive DHCPv6 reply

After that, the link is up and the gateway periodically sends router advertisement messages, at random intervals usually not longer than 30 minutes. The router advertisements come from the gateway always using the same link-local address which is used in the default route.

Later on,

Send DHCPv6 renew
Receive DHCPv6 reply

The router advertisements continued after the renew / reply.

[marjohn56]

That's perfectly normal.


Under the original pfSense, and this is where Opnsense was forked from so it suffered from the same problem, with certain ISPs you needed to send a dhcp6 solicit before router advertisements or should I says you had to send both independently. Now, the problem was that pfSense would wait for a advertisement response before it launched dhcp6c, thus no advertisement response, no dhcp6c. Now, my original fix on pfSense was to to give the option to launch dhcpc6 regardless of the state of the advertisements, but the option was also added to turn that on and off.


Franco and co did some research and found that it causes no issues with ISPs that don't require it and works fine with those that do - so now the option to disable it has been removed and you could say it's permanently on, in fact they both run pretty much simultaneously.

[bimmerdriver]

That's perfectly normal.


Under the original pfSense, and this is where Opnsense was forked from so it suffered from the same problem, with certain ISPs you needed to send a dhcp6 solicit before router advertisements or should I says you had to send both independently. Now, the problem was that pfSense would wait for a advertisement response before it launched dhcp6c, thus no advertisement response, no dhcp6c. Now, my original fix on pfSense was to to give the option to launch dhcpc6 regardless of the state of the advertisements, but the option was also added to turn that on and off.


Franco and co did some research and found that it causes no issues with ISPs that don't require it and works fine with those that do - so now the option to disable it has been removed and you could say it's permanently on, in fact they both run pretty much simultaneously.

Understood. OPNsense is receiving RA messages, so I'm not clear why the gateway status on the dashboard reports the address as ~ rather than the actual address.

[marjohn56]

Hmm.. I think I might know why.  If you look at system->gateways->single, is that showing an entry?

[marjohn56]

Can you send me the output of netstat -6rW please.

[bimmerdriver]

Hmm.. I think I might know why.  If you look at system->gateways->single, is that showing an entry?

System / Gateways / Single shows both the IPv4 and IPv6 gateways.

[bimmerdriver]

Can you send me the output of netstat -6rW please.

Here you go:

Code Select Expand

root@OPNsense:~ # netstat -6rW
Routing tables

Internet6:
Destination        Gateway            Flags       Use    Mtu    Netif Expire
default            fe80::ea4:2ff:fe29:5001%hn0 UG     9025   1500      hn0
localhost          link#1             UH            0  16384      lo0
node-1w7jr9ql8gh2x5hajvvh1dr7k.ipv6.telus.net link#6 U          2894   1500      hn1
OPNsense           link#6             UHS           0  16384      lo0
fe80::%lo0/64      link#1             U             0  16384      lo0
fe80::1%lo0        link#1             UHS           0  16384      lo0
fe80::%hn0/64      link#5             U         83596   1500      hn0
fe80::215:5dff:fe67:5b19%hn0 link#5   UHS           0  16384      lo0
fe80::%hn1/64      link#6             U        128314   1500      hn1
fe80::215:5dff:fe67:5b1a%hn1 link#6   UHS           0  16384      lo0
root@OPNsense:~ #


[marjohn56]

Hmm.. I think I might know why.  If you look at system->gateways->single, is that showing an entry?

System / Gateways / Single shows both the IPv4 and IPv6 gateways.

So it it's only the lobby widget that's missing the IPv6 gateway then?

[bimmerdriver]

Hmm.. I think I might know why.  If you look at system->gateways->single, is that showing an entry?

System / Gateways / Single shows both the IPv4 and IPv6 gateways.

So it it's only the lobby widget that's missing the IPv6 gateway then?

The lobby widget is reporting the IPv6 gateway address as ~ and there is no reported IPv6 gateway address in Interfaces / Overview / Wan. It's not blank or ~. There isn't a line for the address.

[marjohn56]

In the main gateways page the address is under 'Gateway'. Are you saying there's no entry for your WAN dhcp6 in gateways at all?

[bimmerdriver]

In the main gateways page the address is under 'Gateway'. Are you saying there's no entry for your WAN dhcp6 in gateways at all?

No, that's not what I meant. System: Gateways: Single shows both gateways. Interfaces: Overview WAN shows information about both gateways, but it does not report an address for the IPv6 gateway. The address isn't blank or ~, there is not even a line for it.

[marjohn56]

now I'm confused. don't worry about interfaces, is the gateways page showing a gateway address for v4 and v6.

[marjohn56]

ok, re-Read the message.  that's pretty odd... can you email me an image of the gateways single page.