HE Tunnel Broker broke after 22.1.3 upgrade (gateway stopped working)

Started by gromit, March 18, 2022, 07:34:59 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
March 18, 2022, 07:34:59 PM
I just upgraded to 22.1.3 from 22.1.2_1 and upon rebooting into the new version noticed my Hurricane Electric Tunnel Broker was not working properly.  The gateway was no longer listed in the "Gateways" widget on the dashboard.  Looking further in System: Gateways: Single I saw that the HE gateway was greyed out with a status of "Pending" and a priority of "defunct (upstream)".

I deleted my HE tunnel and recreated it, but it still did not work.

The change log for this release leads off with this statement:

QuoteThis update includes groundwork for interface handling improvements making the boot more flexible in complex interface assignment scenarios involving GIF, GRE and bridge devices.

Could my HE Tunnel Broker problems be related to this?

I had a recollection that my gif0 previously had the HE tunnel IPv6 endpoints defined on it and this was no longer the case after upgrading.  I manually applied these to gif0 (as per HE's FreeBSD instructions) and manually defined an IPv6 default route and that has at least got IPv6 going again for me.

Is there a change in the way HE Tunnel Broker needs to be set up under 22.1.3??

March 18, 2022, 08:08:05 PM #1
In this particular case we did not alter config.xml contents for the GIF/GRE/bridge changes so I'm not sure about what happened there. It could still be related for other reasons. Do you have a system log of the boot sequence you can share? It should give a clearer picture of what could be wrong.


Cheers,
Franco
March 18, 2022, 09:13:11 PM #2
I couldn't see any complaints in the boot sequence, and I do remember that IPv6 was initially working after boot when I tested via the serial console.  It was only when looking at the WebGUI I noticed the HE tunnel missing from the "Gateways" widget and so I went looking about to troubleshoot.

It could be that in the "troubleshooting" I broke things further.  :(

Anyway, I just recreated the IPv6 gateway again and this time it appears to be working.  :)

I'll give it another reboot to see if it stays put this time...
March 18, 2022, 09:38:59 PM #3
Alas, after the reboot there are still problems with the gateway.  :(

This time around, I noticed this in the boot sequence:

Code Select
Reconfiguring IPv4 on em0
>>> Invoking start script 'freebsd'
gif0: link state changed to DOWN
in6_purgeaddr: err=65, destination address delete failed
gif0: link state changed to UP
in6_purgeaddr: err=65, destination address delete failed


(em0 is my WAN link.)

The resultant tunnel has only IPv4 endpoints defined:

Code Select
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
description: HE
options=80000<LINKSTATE>
tunnel inet 73.99.XXX.XXX --> 216.YYY.YYY.2
inet6 fe80::2eb:caff:fec0:5c4%gif0 prefixlen 64 scopeid 0x18
groups: gif
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


When I manually add the IPv6 endpoints to gif0 then the gateway works again.
March 19, 2022, 11:54:55 AM #4
Just want to confirm that I have the same problem. so @gromit you are not alone.
Though I also did not find a solution yet
March 20, 2022, 11:22:29 PM #5
Same here. I'm unable to bring HE tunnel up unless I manually put the IPv6 addresses manually and also manually add a route afterwards.

I recreated the interface and gif and it's not working. I only see the gif0 with ipv4 only configs.

My tunnel was working in 22.1.2. Seems like HE (gif) is broken in 22.1.3
March 21, 2022, 07:13:15 AM #6
How do you "manually put the IPv6 addresses" ?

When I set "IPv6 Configuration Type" to "Static IPv6" on the Tunnel-Interface then the UI complains "Cannot assign an IP configuration type to a tunnel interface"
March 21, 2022, 07:14:03 AM #7
Can cofirm that the HE Tunnel (Gateway) is broken  :(. Strangely enough, I still have an external IP v6 address....
March 21, 2022, 07:52:07 AM #8
Any system log from the boot process? This is strange but doesn't seem to indicate what could be wrong.

in6_purgeaddr: err=65, destination address delete failed

And where is the "missing IPv6" configured?


Cheers,
Franco
March 21, 2022, 09:38:22 AM #9
Ok, I could reproduce this and can report that the problem was previously fixed in the code by running device configuration twice to bring it to a working state. How about we don't do that and use the following instead?

https://github.com/opnsense/core/commit/61500f6790

# opnsense-patch 61500f6790


Cheers,
Franco
March 21, 2022, 02:11:07 PM #10
Thanks for the patch. I was able to bring the HE tunnel up and the gateway was there too after patching and save/apply on the interface and gif (i think had to save gif as well for it to work).

I'll do a reboot test later on tonight and make sure other interfaces are not negatively affected by this patch and that HE automatically gets back up after reboot too.
March 21, 2022, 02:48:39 PM #11
> save/apply on the interface

Should be good then after reboot too as this executes the same code. :)


Cheers,
Franco
March 21, 2022, 05:17:31 PM #12 Last Edit: March 21, 2022, 05:22:11 PM by kurthw
Thank you franco for the quick solution. I can confirm that the patch works.

Under System > Gateways > Single the disabled entry still had to be re-enabled and ipv6-test.com reports a connection via HE.net.

In the meantime I have rebooted 2 times and the setting remains active again as with 22.1.2. However WITHOUT setting "Upstream Gateway" as it can be found in the manual https://docs.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html#step-2-configure-the-gif-tunnel-as-a-new-interface.


March 21, 2022, 07:49:27 PM #13
kurthw Thanks for confirming. :)

"Upstream gateway" is required when you want to use it as a default route. If there is only one (IPv6) gateway it will automatically promote itself to default anyway (see "active" annotation in the list).


Cheers,
Franco
March 21, 2022, 11:10:42 PM #14
Thx, patch works for me, too.  8)
Print
Go Up Pages1 2
User actions