IPv6 working properly???

Started by opns-sc0, January 30, 2022, 12:12:47 PM

Previous topic - Next topic
I seem to have massive problems since upgrading related to IPv6 and prefix deligation.

It took me a while and I have in the meantime done a clean installation just to be sure.

What I believe to have found is that the system goes crazy whenever I enable "Allow manual adjustment of DHCPv6 and Router Advertisements" checkbox. I want to do some IPv6 DHCP experiments and also have some control of the anounced DNS servers in the RA. That's why I need / want to have some manual control.

However as soon as I enable the checkbox and apply the system starts to renew WAN IPv6 constantly changing the prefix deligation every few moments and causing 100% system load.

Has anybody else similar experience or tips for troubleshooting? I am about to go back to the previous version which has worked ok for me.

Thanks!

after a bit more digging I see that for example a loss of one of the ethernet links is causing the whole wan ip addr to be given up? is there a reason to do that?

log looks like this: <11>1 2022-01-30T16:40:46+01:00 opnsense.xyz.com opnsense 29446 - [meta sequenceId="1"] /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for dynamic opt1(ue0)
<13>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com dhcp6c 39756 - [meta sequenceId="2"] dhcp6c RELEASE on re0 - running newipv6
<13>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com dhcp6c 47634 - [meta sequenceId="3"] dhcp6c RELEASE on re0 - running newipv6
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 44614 - [meta sequenceId="4"] /usr/local/etc/rc.newwanipv6: IPv6 renewal is starting on 're0'
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 44614 - [meta sequenceId="5"] /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: re0).
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 44614 - [meta sequenceId="6"] /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 50824 - [meta sequenceId="7"] /usr/local/etc/rc.newwanipv6: IPv6 renewal is starting on 're0'
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 50824 - [meta sequenceId="8"] /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: re0).
<11>1 2022-01-30T16:40:47+01:00 opnsense.xyz.com opnsense 50824 - [meta sequenceId="9"] /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="10"] /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for dynamic opt1(ue0)
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="11"] /usr/local/etc/rc.linkup: ROUTING: entering configure using 'opt1'
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="12"] /usr/local/etc/rc.linkup: ROUTING: IPv4 default gateway set to wan
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="13"] /usr/local/etc/rc.linkup: ROUTING: skipping IPv4 default route
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="14"] /usr/local/etc/rc.linkup: ROUTING: IPv6 default gateway set to wan
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="15"] /usr/local/etc/rc.linkup: ROUTING: skipping IPv6 default route
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="16"] plugins_configure ipsec (,opt1)
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="17"] plugins_configure ipsec (execute task : ipsec_configure_do(,opt1))
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="18"] plugins_configure dhcp ()
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="19"] plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="20"] /usr/local/etc/rc.linkup: Warning! dhcpd_radvd_configure(auto) found no suitable IPv6 address on ue0
<11>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="21"] /usr/local/etc/rc.linkup: Warning! dhcpd_radvd_configure(auto) found no suitable IPv6 address on re1
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="22"] plugins_configure dns ()
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="23"] plugins_configure dns (execute task : dnsmasq_configure_do())
<13>1 2022-01-30T16:40:48+01:00 opnsense.xyz.com opnsense 74830 - [meta sequenceId="24"] plugins_configure dns (execute task : unbound_configure_do())
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com dhcp6c 26064 - [meta sequenceId="25"] dhcp6c REQUEST on re0 - running newipv6
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="26"] /usr/local/etc/rc.newwanipv6: IPv6 renewal is starting on 're0'
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="27"] /usr/local/etc/rc.newwanipv6: On (IP address: 2a02:xxxx:xxxx::cba) (interface: WAN[wan]) (real interface: re0).
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="28"] plugins_configure dhcp (,inet6)
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="29"] plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="30"] plugins_configure hosts ()
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="31"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="32"] plugins_configure hosts (execute task : unbound_hosts_generate())
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="33"] /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="34"] /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="35"] /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to xxx.xxx.28.1
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="36"] /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'xxx.xxx.28.1'
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="37"] /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="38"] /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::xxxx:xxxx:xxxx:d819
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="39"] /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::xxxx:xxxx:xxxx:d819%re0'
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="40"] plugins_configure monitor ()
<13>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="41"] plugins_configure monitor (execute task : dpinger_configure_do())
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="42"] /usr/local/etc/rc.newwanipv6: The WAN_DHCP6 monitor address is empty, skipping.
<11>1 2022-01-30T16:40:50+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="43"] /usr/local/etc/rc.newwanipv6: The WAN_DHCP monitor address is empty, skipping.
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="44"] plugins_configure vpn (,wan)
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="45"] plugins_configure vpn (execute task : ipsec_configure_do(,wan))
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="46"] plugins_configure vpn (execute task : openvpn_configure_do(,wan))
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="47"] plugins_configure newwanip (,wan)
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="48"] plugins_configure newwanip (execute task : ntpd_configure_do())
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="49"] plugins_configure newwanip (execute task : opendns_configure_do())
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="50"] plugins_configure newwanip (execute task : openssh_configure_do(,wan))
<13>1 2022-01-30T16:40:52+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="51"] plugins_configure newwanip (execute task : unbound_configure_do(,wan))
<13>1 2022-01-30T16:40:53+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="52"] plugins_configure newwanip (execute task : vxlan_configure_interface())
<13>1 2022-01-30T16:40:53+01:00 opnsense.xyz.com opnsense 32366 - [meta sequenceId="53"] plugins_configure newwanip (execute task : webgui_configure_do(,wan))

I have 6rd w/ my ISP and I completely gave up on getting it to work with this release; DHCP6 and RA don't behave as expected and routing with subnets/VLANs seems very broken when enabled.

Hello all,

I am dissappointed as I am facing also issue since the upgrade on IPv6. Not sure why but can t even get to ping ipv6.google.com.

root@OPNsense:~ # ping6 -I vtnet4 2a00:1450:400a:804::2004
PING6(56=40+8+8 bytes) 2a01:e0a:3ba:cb90::2 --> 2a00:1450:400a:804::2004

vtnet4: flags=8a63<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: POP
        options=800a8<VLAN_MTU,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether da:dc:fd:fa:f7:7c
        inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 2a01:e0a:3ba:cb90::2 prefixlen 64
        inet6 fe80::d8dc:fdff:fefa:f77c%vtnet4 prefixlen 64 scopeid 0x5

Routing tables
Internet6:
Destination                       Gateway                       Flags   Nhop#    Mtu    Netif Expire
default                           fe80::72fc:8fff:fe6a:95d%vtnet4 UGS       6   1500   vtnet4
::1                               link#7                        UHS         1  16384      lo0
2000::/3                          fe80::72fc:8fff:fe6a:95d%vtnet4 UGS       7   1500   vtnet4
2a01:e0a:3ba:cb90::/64            link#5                        U           5   1500   vtnet4
2a01:e0a:3ba:cb90::2              link#5                        UHS         4  16384      lo0
fe80::%vtnet4/64                  link#5                        U           5   1500   vtnet4
fe80::d8dc:fdff:fefa:f77c%vtnet4  link#5                        UHS         4  16384      lo0
fe80::%lo0/64                     link#7                        U           3  16384      lo0
fe80::1%lo0                       link#7                        UHS         2  16384      lo0

traceroute6 to 2a00:1450:400a:804::2004 (2a00:1450:400a:804::2004) from 2a01:e0a:3ba:cb90::2, 64 hops max, 28 byte packets
1  2a01:e0a:3ba:cb90::2  3048.035 ms !A  3014.750 ms !A  2999.995 ms !A

2022-01-30T21:14:52   Error   opnsense   /system_gateways.php: ROUTING: setting IPv6 default route to fe80::72fc:8fff:fe6a:95d   
2022-01-30T21:14:52   Error   opnsense   /system_gateways.php: ROUTING: IPv6 default gateway set to opt3

interface FW allow all ipv4 and ipv6 to go out.

Any idea?

Merci

I know this is a free product etc...

But really the IPv6 implementation with PD is completely broken as far as I can tell.

Just had a reboot of my L2 switch behind the OPNsense box and the drama of endless WAN ip address changes for IPv6 started all over again.

Can some of the developers at least acknolege that they are aware and working on it?

Thanks!

> I know this is a free product etc...

Yes.

> But really the IPv6 implementation with PD is completely broken as far as I can tell.

Not generally, no.

The deal is and always was: if you can help to reproduce it can be fixed. Unfortunately drivers and equipment and ISPs needlessly complicate reproducibility from one setup to the next. I'm willing to spend time via SSH on a box if required to look at the issue in action, but I can't spend a week trying to get that fixed.

I've had the pleasure to look at a setup with Orange FR that broke DHCPv4 and DHCPv6. The former was an issue with the setup requirements in 22.1 as per the release notes (MAC spoofing on VLAN is now wrong without at least promiscuous mode in the parent interface which needs to be assigned for it) and the latter one looks like a kernel bug in FreeBSD 13-STABLE, 12-STABLE and 12.3 for good measure. ;)


Cheers,
Franco

i would be happy to share my remote connexion ;)

Send me a mail via franco@opnsense.org and I'll send you a SSH key.


Cheers,
Franco


I can confirm that (on an APU4d4) IPv6 PD/track based advertisements are only working without the option "Allow manual adjustment of DHCPv6 and Router Advertisements" on 22.1 at the moment. When selected, RAs just stop shortly after restarting radvd and dhcpv6 doesn't seem to respond reliably. I have not yet tried to debug the differences in radvd.conf as generated.

There shouldn't be much of a change in either area. At least with opns-sc0 today we learned that running IPS on emulated Netmap interfaces can bring them up/down and cause reconfiguration loops on the WAN side with dhcpv6 because dhcp6c is being poked by the tracking LANs when they go down. We will try to avoid this in the future...

https://github.com/opnsense/core/commit/a7e3d36b0
https://github.com/opnsense/core/commit/f5b2d2024

This is development code so take it with a grain of salt. It's just one issue that it could be.

@rmayr If you can please do try diff /var/etc/radvd.conf and /var/dhcpd/etc/dhcpdv6.conf though keep in mind that manual mode opens up a lot of room for individual settings. Actually it seems assuring that automatic mode has sane defaults.

@XabiX will contact you tomorrow :)


Cheers,
Franco

Thanks again franco for taking a look at the issue yesterday.

After another night of sleep I had a second thought.

Before I upgraded I did use Sensei / Zenamor. I can't really recall if it was the FreeBSD driver or the Realtek driver. After first seeing issues I simply switched to the Realtek drivers. Those are the ones I had running yesterday as well. Do you think it's worth going back to FreeBSD drivers to test if it's any better?

Currently whenever IDS is activated i get netmap_transmit ue0 drop mbuf that needs checksum offload errors on console.

thanks!

February 06, 2022, 11:34:59 AM #12 Last Edit: February 06, 2022, 11:38:51 AM by zneaks
I registered to say the same thing, IPv6 was working before 22.1 upgrade.

VM with PCI Passthrough with Intel I350 NIC passed through.

Currently all my clients are receiving their delegated IPv6 address through Prefix Delegation from the WAN interface, but no IPv6 traffic is working. I see it being passed in the firewall, but just unable to ping any IPv6 addresses from the OPNsense VM itself or from any clients.

Tried ticking and unticking "Allow manual adjustment of DHCPv6 and Router Advertisements" and then changed from Assisted to Managed to Unmanaged RA, but still same results, would get IPv6 address, but unable to communicate to anything.

The only thing I can see in the logs that may hint at what is going on is,

/usr/local/etc/rc.newwanipv6: The command '/sbin/route add -host -'inet6' '2001:4860:4860::8888' 'fe80::d604:ffff:fe2c:2bc1%'' returned exit code '71', the output was 'route: fe80::d604:ffff:fe2c:2bc1%: Name does not resolve'

@zneaks 'fe80::d604:ffff:fe2c:2bc1%' is missing the scope after %. Not sure where this goes wrong. Do you have a static route set for this?

Fixed XabiX's issue by adding a link-local IPv6 static configuration to WAN address. On older FreeBSD kernels IPv6 does not seem to have been disabled as rigidly as it is now on version 13 so it fails when you try to pull the /64 GUA subnet to LAN without setting up at least link-local on WAN.


Cheers,
Franco

February 07, 2022, 02:24:59 PM #14 Last Edit: February 07, 2022, 02:27:51 PM by cardinal
I had problems setting up IPv6, too. The clients did get a IPv6 address but couldnt contact anything at all. RA just didnt want to work, too, so i deactivated everything and started configuring from scratch.

For me the problem was the option "Use the DNS settings of the DHCPv6 server" in RA. It worked like a charm in <v22.1 but it seems that configuring only the DNS-server suffix (i get a dynamic prefix from my ISP) in DHCPv6 wont work anymore. As soon as i changed it to the complete IPv6 address it started working again.

I just wanted to share it with you guys, maybe it helps :)