Zenarmor & IPv6: Bad Combo (At least on ATT Fiber/US)

Started by lrosenman, January 10, 2022, 03:43:07 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 14, 2022, 12:15:54 AM #15
@SunnyValley: Is this now a dead ticket, and I need to cancel my subscription and remove the software? 
January 14, 2022, 01:13:05 PM #16
Have you upgraded to 22.1.r1? Maybe it behaves differently.
OPNsense HW:

Minisforum Venus series UN100C, 16 GB RAM, 512 GB SSD
T-bao N9N Pro, 16 GB RAM, 512 GB SSD
January 14, 2022, 04:14:11 PM #17
IIRC 22.1 is NOT ready for SunnyValley, so no.
January 14, 2022, 06:06:31 PM #18
Hi,

22.1 repo is published.
January 14, 2022, 06:10:09 PM #19
Are there changes in 22.1 (Either OPNSense or Zenarmor) that would possibly affect this issue?

January 14, 2022, 10:12:12 PM #20
per private email, it was worth a try, and:

SUCCESS

it's working, modulo the fact that pkg update doesn't like to talk to the IPv6 repos.
(Other IPv6 works fine).

I wonder if there's a way to force pkg -4 for the OPNSense / SunnyValley stuff?

January 15, 2022, 02:39:01 AM #21
another user suggested setting the IPv4 preferred over IPv6 and running the updates, which DID upgrade more code.

Now that it's on:
OPNsense 22.1.r1-amd64

and removing the 4 over 6 preference it's still working, and my IPv6 issue is GONE.

November 03, 2022, 10:27:40 AM #22
Quote from: sy on January 11, 2022, 06:57:04 PM
Hi,

The reason for the loss of connectivity is that when Zenarmor packet engine opens the interface in the netmap mode, netmap re-initializes that interface, causing a DOWN/UP link event.
Seeing an interface DOWN/UP event, OPNsense fires IPv4/IPv6 address re-configuration. For IPv4, this takes milliseconds, bur for IPv6, due to auto-configuration, WAN tracking etc, this process might take about 15-60 seconds during which time you might lose WAN connectivity.
After this, everything should be back to normal.
We're aware of this issue, however the solution involves working with 3rd parties (netmap team, OPNsense team etc).
For the final solution, several options are on the table and we're working on them.
I hope this helps clarify the situation


So happy to read this explanation.  :)
I thought that I'd a missconfiguration in my OPNsense due to the long "outages" during IFs down/up.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
January 15, 2023, 12:31:09 AM #23
If you can, get a static ipv6 and set opnsense to use static ipv6 and setup dhcpv6 and router assists, this will allow ipv6 to continue working.

i had this similar issue with a uk based isp and if set dhcpv6 to track ipv4 and wan i lost ipv6 when zenarmour was activated. i raised this with zenarmour around apr-may 2022.
Print
Go Up Pages 1 2
User actions