IPS mode destroying IPv6

Started by sunmast, March 03, 2022, 09:54:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 03, 2022, 09:54:08 PM
Does anyone have problems with IPS + IPv6?

When everything else is running fine including IDS, as soon as IPS mode is enabled, the ISP assigned IPv6 is gone from the WAN interface, and then the WAN interface keeps up and down forever. I need to disable IPS and issue a reboot to recover.

Attached the screenshot on the console. igb1 is the WAN interface. It seems some IPv6 forwarding isn't working properly when IPS is enabled.

I've only enabled OPNsense-* rule-sets in the Intrusion Detection service.
Dell Inspiron 3472 Motherboard
Intel Pentium Silver J5005 + 8G RAM + 120G SSD
Debian 11 as VM host + NAS server
Intel I225-T2 in VM via PCI-Passthrough
Xfinity Gigabit Extra
March 14, 2022, 09:49:53 PM #1
This is 100% repro... Anyone using IPv6 here?
Dell Inspiron 3472 Motherboard
Intel Pentium Silver J5005 + 8G RAM + 120G SSD
Debian 11 as VM host + NAS server
Intel I225-T2 in VM via PCI-Passthrough
Xfinity Gigabit Extra
March 15, 2022, 07:57:37 AM #2
Unfortunately FreeBSD 13 seems to react differently to IPS use in intrusion detection. We have adjusted the code a little on IPv6 to not listen to detach events caused by enabling IPS mode (even the one late at boot):

https://github.com/opnsense/core/commit/c6a8090de

This patch will be part of 22.1.3 and you can help test it now on 22.1.2 via:

# opnsense-patch c6a8090de


Cheers,
Franco
March 17, 2022, 12:15:45 AM #3 Last Edit: March 17, 2022, 12:23:11 AM by agh1701
do you have realtek nic's? never mind I see now what you don't.
March 18, 2022, 09:12:44 PM #4
Hi Franco, thanks for the quick fix, but the issue is still there :(

Yesterday I upgraded it to 22.1.3 and enabled IPS mode again. The improvement is the IPv6 keeps running for a while (maybe 15 minutes) and then the WAN interface keeps up and down again.

I'm not sure if this is only happening to me. I'm passing through an I340 adapter into a Hyper-V VM via DDA. There isn't anything else special in my setup.

Do you want me to collect some logs for debugging? Thanks!

Quote from: franco on March 15, 2022, 07:57:37 AM
Unfortunately FreeBSD 13 seems to react differently to IPS use in intrusion detection. We have adjusted the code a little on IPv6 to not listen to detach events caused by enabling IPS mode (even the one late at boot):

https://github.com/opnsense/core/commit/c6a8090de

This patch will be part of 22.1.3 and you can help test it now on 22.1.2 via:

# opnsense-patch c6a8090de


Cheers,
Franco
Dell Inspiron 3472 Motherboard
Intel Pentium Silver J5005 + 8G RAM + 120G SSD
Debian 11 as VM host + NAS server
Intel I225-T2 in VM via PCI-Passthrough
Xfinity Gigabit Extra
March 23, 2022, 07:21:37 AM #5 Last Edit: March 23, 2022, 10:21:45 PM by sunmast
After extensive research I realized I'm hitting the same issue here: https://forum.opnsense.org/index.php?topic=27299.0

Disabled MAC spoofing and now it's mostly working.

However, I still can't enable it on the LAN interface where an IPv6 address is assigned (causing same interface up/down issue). Still investigating...
Dell Inspiron 3472 Motherboard
Intel Pentium Silver J5005 + 8G RAM + 120G SSD
Debian 11 as VM host + NAS server
Intel I225-T2 in VM via PCI-Passthrough
Xfinity Gigabit Extra
August 10, 2022, 08:16:26 AM #6
Hi Sunmast,

I'm wondering if you ever found a solution. I'm still experiencing the same problem. I used to use IPS on my LAN interface (with vlan's) but this broke when upgraded. I switched off IPS, since I did not have the time to troubleshoot at the time. As soon as I turn it on the interface switches off. I also hardware offloading disabled and selected the physical interface. Hopefully you managed to solve this! :) 
August 19, 2022, 12:15:45 PM #7
Anyone else that still has issues? Hopefully someone has been able to fix it.
Print
Go Up Pages1
User actions