IPv6 prefix not updated

[mschaeffler]

Hello,

I have two cascaded routers:

• one from my ISP
• and my OpnSense behind

OpnSense gets a /57 IPv6 prefix from the ISP router via DHCPv6.
Sometimes this prefix changes and then the OpnSense updates the IPv6 address on WAN, but not on the several tracked interfaces (LAN, WLAN, ...)
So the delegated prefix is not updated.

Reloading the WAN interface, DHCP or Unbound seems to fix the issue.

[marjohn56]

How is the Opnsense WAN getting it's IPv6, is it dhcp6? If it is then take a look at the logs and filter on dhcp6c. When dhcp6c gets a new address it removes the existing addresses on the WAN and LANs and updates them.

[mschaeffler]

no, not via DHCPv6; it gets its IP via RA/SLAAC

[marjohn56]

Sorry, you may have misunderstood what I meant, what do you have in the WAN interface settings for IPv6?

[mschaeffler]

for my IPv6 configuration see the attachement

[marjohn56]

OK, that's fine. You'll need to do a few things. Firstly, have a look at your logs, and check that dhcp6c updated the prefix, if you don't have sufficient logging data it may be that the debug level needs to be increased for dhcp6c, you can do that in Interfaces->Settings, change it to INFO. Note you'll need to reboot after you change and save. Also, using the console connection, run ifconfig and make sure that the LAN(s) is/are not showing two IPv6 addresses; I've seen an issue where dhcp6c does not remove the old address from the interface and that may be your problem. Finally, if the LAN addresses have changed and the downstream devices have not updated, then you need to check that the LAN services are correct, namely dhcpdv6 and radvd ( router advertisements ).


With dhcpdv6 you are relying on the downstream devices to get a new address when the existing lease times out, on my system I have the default and minimum lease times set to 3600 and 5400 respectively, very short as I want the clients to get a new lease often, thus allowing for the fact that my pd may change. Check also router advertisements, mine is set to Assisted with min max intervals set to 200 and 600 respectively.


If those are all OK AND the LAN interface(s) are showing the updated address then it's possible you are suffering from the FreeBSD ipv6 multicast issue that's been dogging us all along, restarting dhcpdv6 and radvd fixes it - for a while. Hopefully we'll see the back of that problem in FreeBSD 13 when 22.1 is released.

[mschaeffler]

when I restart the internet connection, I get no logs from dhcp6c; not even other relevant logs at all in system_xxx.log.

But I discovered that

sudo killall -HUP dhcp6c

solves the issue without restarting the WAN interface.

What is also strange, that I do not get a IPv6 address via the DHCP server on WAN.

[marjohn56]

Either your logging for dhcp6 is not set to info as I suggested, in which case dhcp6c will give minimal logging or you are not filtering on dhcp6c on the system log. IF dhcp6c was not running your HUP would have done nothing. It's down to the ISP router to give the address to dhcp6c for the WAN, that would be the IA address. Get your logs working, then we can see what's happening.