Upgrade to 22.1.4_1 no IPv6 connectivity

[staticznld]

Well with the patch applied my clients AND the OPNsense box are able to connect over IPv6.

Code Select Expand

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.1.4_1 (amd64/OpenSSL) at Tue Mar 29 09:52:34 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=59 time=5.230 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=59 time=5.271 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=59 time=5.811 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=59 time=5.129 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 5.129/5.360/5.811/0.265 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 783 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) 2a02:a450:839:dddd:: --> 2001:1af8:4f00:a005:5::
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=0 hlim=59 time=3.404 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=1 hlim=59 time=3.280 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=2 hlim=59 time=3.301 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=3 hlim=59 time=3.398 ms

--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.280/3.346/3.404/0.056 ms
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 783 packages processed.
All repositories are up to date.
***DONE***

[franco]

The patch really doesn't do much to be honest and is semantically the same except that it tries to clear the router file when rtsold is invoked. What I need to know:

What is the state of /tmp/pppoe0_routerv6 with and without the patch... and if the file exists what is the contents of it? (the name might differ, look for "/tmp/*_routerv6" files on your system.


Cheers,
Franco

[staticznld]

At the moment i am unable to check without the patch installed.
But with the patch installed i see the default link local gateway.

Code Select Expand

root@router:~ # cat /tmp/pppoe0_routerv6
fe80::1251:72ff:fe23:3288
root@router:~ #

Before i installed the update i didn't see the default gateway in the gui.

I will try to lookup the file tonight.

[franco]

Hmm, in any case here is a patch for 22.1.4 that emulates the previous behaviour.

https://github.com/opnsense/core/commit/4b6fa9e556690

However, it suggest that doing "DHCPv6 on a PPPoE that provides IPv6 connectivity" is one of the silliest things the code historically did... does dhcp6c even ever get an address? A prefix maybe at best?


Cheers,
Franco

[staticznld]

Without the patch installed i did see the "IPv6 delegated prefix" xxxx:xxxx:xxxx::/48 in the overview.

[franco]

prefix info is irrelevant. It moved to a different file but it's a read-only value. (It's mentioned in the patch BTW.)


Cheers,
Franco

[staticznld]

Patch removed en reloaded the PPPoE device.

Code Select Expand

root@router:~ # cat /tmp/pppoe0_routerv6
fe80::1251:72ff:fe23:3288

Also the default IPv6 route is gone in the GUI.

Then applied https://github.com/opnsense/core/commit/4b6fa9e556690 and IPv6 is working again!
Also the default route is back in the GUI.

[i81b4u]

Hi,

I decided to investigate my IPv6-problem and it turns out Franco was right  :-[ . The problems I experienced after running patch 1a5dfc932f8 had to do with IPv6 fragments (observed while looking at a packet capture) and had nothing to do with the patch.

After checking (and re-setting) the MTU-size on the WAN-interface (MTU:1512) and the vlan on the WAN-interface (MTU:1508) I got an MTU of 1500 on my PPPoE interface after which I was able to ping using IPv6 again.

Code Select Expand

Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) [opnsense-box_ipv6] --> 2001:1af8:4f00:a005:5::
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=0 hlim=59 time=3.960 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=1 hlim=59 time=3.660 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=2 hlim=59 time=3.657 ms
1508 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=3 hlim=59 time=3.629 ms

Problem solved!Thanks for being so resolute. That made me look into it again and solve my problem  ;) .
Best regards.

[staticznld]

Also investigating your MTU solution, but that isn't working for me.
Some websites aren't available at all!
I have a PPPoE tunnel over VLAN 6.
I have created an unused (only for setting MTU) interface IGB0 with an MTU of 1508, on top of that VLAN6, and on top of that PPPoE.

When looking at https://www.speedguide.net/analyzer.php i can see that I am using an MTU of 1500.

opnsense-patch 4b6fa9e
Did solve the problem for me.

[franco]

Is there ever a nameserver file?

# cat /tmp/pppoe0_nameserverv6

You said there is a prefix assigned. Do you also request and address for WAN IPv6 or just the prefix?

[staticznld]

Nameserver is there

Code Select Expand

root@router:~ # cat /tmp/pppoe0_nameserverv6
2a02:a47f:e000::53
2a02:a47f:e000::54


I only request an prefix.

[franco]

Thanks, I guess this is fixed then (and only relevant for PPPoE before someone else jumps in again).


Cheers,
Franco

[i81b4u]

Hi Franco,

Just to confirm ... this patch will be included in the next update of OPNsense?

Best regards.

[franco]

Yes, but happy about all additional feedback in the meantime.


Cheers,
Franco

[staticznld]

Thanks for the patch!

If there is anything else you would like know, let me know and i take a look.