[SOLVED] HE.NET GIF tunnel never comes up.

Started by 5SpeedFun, February 02, 2022, 05:01:01 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5
User actions
March 21, 2022, 12:58:02 PM #45
Hey Franco,

Thanks for the fix.  I disabled this and ping still works ok.  I think I had set this way back when trying to figure out how to policy-route my he.net tunnel (for my servers) and my local ipv6 (for my non-static clients like xbox).

After disabling the reply-to in 21.7.8, ping still works, so I will try the upgrade tonight and see how it goes.
March 21, 2022, 01:56:29 PM #46
Super, thanks. I'm unsure we were looking at the right problem.

This might be of more relevance as indicated by another thread: https://github.com/opnsense/core/commit/61500f6790


Cheers,
Franco
March 22, 2022, 04:29:42 AM #47
Quote from: franco on March 10, 2022, 10:54:28 AM
Hi,

I was away with the family for a couple of days. I got your mail to be processed when I have crawled through all open mails and forum posts from the last week. :)

So with 22.1.2(_1) I prepared a backport for 22.1.3 and tested it a few times:

https://github.com/opnsense/core/commit/429b60c26

That should be the gist of your issue taken care of and you can easily try it out after upgrading to the 22.1.2 release (not development) and issuing:

# opnsense-patch 429b60c26

If you think that works we will go ahead and include it in 22.1.3 and the bonus is the unbound changes are not in 22.1.x yet so it keep working until we fix that one in another feature update or maybe 22.7 itself. Not sure yet.


Cheers,
Franco

Hi Franco,

I re-cloned my 21.7.8 again and started a fresh upgrade -> 22.1 -> 22.1.3.  Af far as I understand, 429b60c26 is already included.  Everything seems to start up just fine, including my he.net tunnel, however radvd isn't giving out any router advertisements, so I never get an ipv6 address (I use slaac).  ipv4/nat seems to work OK, just no ipv6 due to no radvd advertisements.  I've tried restarting the service but that didn't help either.

Using my main lan (sfxge0_vlan100) interface, for example, I believe
Code Select
tcpdump -n -i sfxge0_vlan100 icmp6 and 'ip6[40] = 134' should get ras, but it never captures any, even after several minutes or after restarting radvd.

I did find a bunch of these in /var/log/routing/latest.log

<27>1 2022-03-21T22:22:09-05:00 edge01.mydomain.net rtsold 76016 - [meta sequenceId="372"] <call_script> write to child failed: Broken pipe

I also do see radvd running:
Code Select
root@edge01:/var/log/routing # ps aux | grep radvd
root     7566   0.0  0.0  12724  2332  -  Ss   22:13    0:00.03 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog


Restarting radvd gives the following in /var/log/routing/latest.log
Code Select
<28>1 2022-03-21T22:27:21-05:00 edge01.mydomain.net radvd 87550 - [meta sequenceId="441"] exiting, 1 sigterm(s) received
<30>1 2022-03-21T22:27:21-05:00 edge01.mydomain.net radvd 87550 - [meta sequenceId="442"] sending stop adverts
<30>1 2022-03-21T22:27:21-05:00 edge01.mydomain.net radvd 87550 - [meta sequenceId="443"] removing /var/run/radvd.pid
<30>1 2022-03-21T22:27:21-05:00 edge01.mydomain.net radvd 87550 - [meta sequenceId="444"] returning from radvd main
<30>1 2022-03-21T22:27:21-05:00 edge01.mydomain.net radvd 28834 - [meta sequenceId="445"] version 2.19 started
<27>1 2022-03-21T22:27:24-05:00 edge01.mydomain.net rtsold 76016 - [meta sequenceId="446"] <call_script> write to child failed: Broken pipe


Let me know where else I should look.

Thanks!

5SF
March 22, 2022, 08:38:18 AM #48
Hi 5SF,

No, 429b60c26 is not included in 22.1.3 but it will be in 22.1.4 as others confirmed this fixes an issue with disappearing address on the tunnel. Maybe that's already the issue here as radvd would need it maybe...


Cheers,
Franco
March 22, 2022, 12:42:59 PM #49 Last Edit: March 22, 2022, 01:05:22 PM by 5SpeedFun
Ok, so then after 22.1.3 upgrade I should do
Code Select
opnsense-patch 429b60c26 and see if that fixes the radvd issue?

Edit:  Tried this, and it said a reverse or previously applied patch was detected.  Didn't fix the issue.  I'm going to do a little more troubleshooting tonight when I have more time.

Edit 2:  I think radvd will still send out ras even if the tunnel is down, as I have the lan interface ip/vip statically set. Even if the tunnel was down, I have ULA on the lan interface & I'm not getting RAs for that either.
March 22, 2022, 01:31:29 PM #50
Argh, sorry I meant 61500f6790 as originally posted, see my comment above. I thought you were referring to this, but you meant the actual feature included in 22.1.3... yes, but 61500f6790 as a fix for it has not been added. Can you try it?

# opnsense-patch 61500f6790


Thanks,
Franco
March 22, 2022, 01:37:51 PM #51
I will try this & report back :)
March 23, 2022, 01:27:28 PM #52
Hey @franco,

Still same issue after & logs after that patch.  Not getting an ip address.  I still think it's related to radvd.  Is there a better place to see more detailed logs from radvd than /var/logs/router/latest ?   
March 24, 2022, 01:17:11 PM #53
hmmm, what's the contents of /var/etc/radvd.conf when it works and when it doesn't?


Cheers,
Franco
March 29, 2022, 05:32:41 AM #54 Last Edit: March 29, 2022, 05:45:51 AM by 5SpeedFun
Hey Franco,

So I pulled radvd.conf from my (working) 21.7.8 and compared it to radvd.conf of 22.1.4 and sfxge0_vlan100 (my lan vlan) is entirely missing from radvd.conf.  Outside of that it looks idential (i'm comparing using Meld on Linux).

I have no idea why.

Here is the config that is missing:
Code Select

interface sfxge0_vlan100 {
AdvSendAdvert on;
MinRtrAdvInterval 200;
MaxRtrAdvInterval 600;
AdvLinkMTU 1500;
AdvDefaultPreference medium;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix xxxx:yyy:zzzz:a0::/64 {
DeprecatePrefix off;
AdvOnLink on;
AdvAutonomous on;
};
prefix fd4a:ea50:349f:a0::/64 {
DeprecatePrefix off;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS xxxx:yyy:zzzz:a93c::53 {
};
DNSSL mydomain.net {
};
};
# Generated for DHCPv6 server opt2

Note: Replaced some real ips with xxxx:yyy:zzzz and mydomain.net to replace my real domain.

If something doesn't stick out on this, I can see exactly when my config disspears between 21.7.8 and 22.1.4 by pulling the config after upgrading to each version.

Let me know if you want me to do that.

5SF
March 29, 2022, 01:18:24 PM #55
Can you try this diagnostics patch to see which error case we are dealing with?

https://github.com/opnsense/core/commit/8e444c3b32bc

The resulting radvd.conf will indicate why it excluded the interface from the config.


Thanks,
Franco
March 29, 2022, 02:36:28 PM #56 Last Edit: March 29, 2022, 02:45:05 PM by 5SpeedFun
I sure can!  Do I apply this against 22.1.4 ?

Is the radvd generated from the interface configs?  Edit2:  it looks like the code will write a commend in the config if it's excluded..
I'll try this out tonight & post results.
March 29, 2022, 03:30:14 PM #57
Yes, 22.1.4 and, yes, the comment ends up in radvd.conf


Cheers,
Franco
March 30, 2022, 06:20:56 AM #58
Code Select
# Skipping addressless interface lan

Lan has a static v6 address as well as a VIP assigned to it.

March 30, 2022, 08:52:31 AM #59
Ok, almost there...

# grep rainterface /conf/config.xml

Trying to make sure we can resolve whatever is configured. I don't think it refuses to see the static IPv6 because the "source address" setting may be set instead and is not correct (it can only be a link local CARP or alias address).


Cheers,
Franco
Print
Go Up Pages 1 2 3 4 5
User actions