IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

Started by cayenne, February 02, 2023, 12:00:00 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 5
User actions
February 02, 2023, 12:00:00 PM Last Edit: February 15, 2023, 01:10:58 PM by cayenne
Hello,
Yesterday, I updated OPNSense from 22.7.11->23.1_6.

Since the upgrade to version 23.1_6, the IPv6 default route disappears



My configuration did not change after the update



My configuration IPv6 is the prefix delegation for the OPNSense LAN.
The WAN interface is configured by SLAAC.
The LAN interface is configured to static IPv6.
Radvd advertises the /64 prefix.



After the upgrade, IPv6 does not work. The default route disappears after 3-5 minutes (the time for the IPv6 default route to disappear is random).

When the default route disappears, I have a line in log files : General :
2023-02-02T11:14:58   Notice   opnsense   /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]


When I disable/enable the IPv6 gateway, IPv6 is OK but not more than 3-5 minutes with the same message in the logs :
2023-02-02T11:14:58   Notice   opnsense   /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]

I have the default route disappearing at the same time.



Here is an IPv6 network diagram


Here is IPv6 PD on the Freebox (Router)




additional information added on 12/02/2023 :
I have just tried to analyse what is happening with a network analyser.

As soon as OPNSense receives an ICMPv6 type 134 (RA: Router Advertisement) from the Freebox, OPNSense removes the IPv6 default route

The IPv6 default route comes back when I disable/reactivate the IPv6 gateway in web interface system_gateways.php.
February 02, 2023, 01:29:27 PM #1
SLAAC does not offer a prefix, so no prefix delegation takes place. I'm not sure what you had on 22.7 but indeed SLAAC behaved a bit differently there, but I think it was worse before...


Cheers,
Franco
February 02, 2023, 01:36:22 PM #2
Quote from: franco on February 02, 2023, 01:29:27 PM
SLAAC does not offer a prefix, so no prefix delegation takes place. I'm not sure what you had on 22.7 but indeed SLAAC behaved a bit differently there, but I think it was worse before...


Cheers,
Franco

I may have misspoken but what I mean is, I have IPv6 routing through the Prefix Delegation provided by the Freebox

I'm looking for the problem that makes IPv6 not work on version 23.1. apart from disabling/enabling the IPv6 gateway in OPNSence every 5 minutes
February 02, 2023, 01:39:40 PM #3
These "no IP change" messages are the RAs from your provider or upstream router. They are used to pass on SLAAC connectivity information. It doesn't disable/enable a gateway...

Perhaps if you can better describe how 22.7 and 23.1 behave differently in log messages and ifconfig and ping behaviour i can help.


Cheers,
Franco
February 02, 2023, 02:54:38 PM #4
Quote from: franco on February 02, 2023, 01:39:40 PM
These "no IP change" messages are the RAs from your provider or upstream router. They are used to pass on SLAAC connectivity information. It doesn't disable/enable a gateway...

Perhaps if you can better describe how 22.7 and 23.1 behave differently in log messages and ifconfig and ping behaviour i can help.


Cheers,
Franco

I don't know what I had as a message before version 23.1 as I wasn't looking at the logs as I had no problems.

In any case, the default IPv6 route disappears at the same time as the "no IP change" log appears.
After the disappearance of the IPv6 default route, The hosts "Unable to reach the destination network."

In fact, it is as soon as I do "Apply changes" without having changed anything that IPv6 comes back for a while and the IPv6 default route is added in OPNSense.
February 02, 2023, 03:04:42 PM #5
# ls /tmp/opt2_*v6

What files do you have and what contents do they have when it works vs. when it doesn't?


Cheers,
Franco
February 02, 2023, 03:24:21 PM #6
Quote from: franco on February 02, 2023, 03:04:42 PM
# ls /tmp/opt2_*v6

What files do you have and what contents do they have when it works vs. when it doesn't?


Cheers,
Franco

"ls /tmp/vtnet2_*v6" rather than "ls /tmp/opt2_*v6" ?

When it works :
Code Select
# ls /tmp/opt2_*v6
ls: No match.


Code Select
# ls /tmp/vtnet2_*v6
/tmp/vtnet2_oldipv6



Code Select
# ls /tmp/
.interfaces.apply               filter_update_tables.lock       opnsense_menu_cache.xml         php-fastcgi.socket-1            rules.debug                     template_sample                 unbound-download_blocklists.tmp vtnet2_oldipv6
configdmodelfield.data          gateway_list.json               pfctl_si_out                    pkg_update.out                  rules.debug.old                 tmpHOSTS                        unbound_start.lock
ddb.conf                        lighttpdcompress                pfctl_ss_out                    pkg_upgrade.json                rules.limits                    unbound-blocklists.conf         vtnet2:slaac_nameserverv6
filter.lock                     opnsense_acl_cache.json         php-fastcgi.socket-0            pkg_upgrade.progress            syslog_applications.json        unbound-blocklists.conf.cache   vtnet2:slaac_routerv6


Content /tmp/vtnet2_oldipv6 :
2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx

it's IPv6 WAN_FTTH_Freebox interface (opt2, vtnet2)





When it not works :
Code Select
# ls /tmp/opt2_*v6
ls: No match.


Code Select
# ls /tmp/vtnet2_*v6
/tmp/vtnet2_oldipv6


Code Select
# ls /tmp/
.interfaces.apply               filter_update_tables.lock       opnsense_menu_cache.xml         php-fastcgi.socket-1            rules.debug                     template_sample                 unbound-download_blocklists.tmp vtnet2_oldipv6
configdmodelfield.data          gateway_list.json               pfctl_si_out                    pkg_update.out                  rules.debug.old                 tmpHOSTS                        unbound_start.lock
ddb.conf                        lighttpdcompress                pfctl_ss_out                    pkg_upgrade.json                rules.limits                    unbound-blocklists.conf         vtnet2:slaac_nameserverv6
filter.lock                     opnsense_acl_cache.json         php-fastcgi.socket-0            pkg_upgrade.progress            syslog_applications.json        unbound-blocklists.conf.cache   vtnet2:slaac_routerv6




Content /tmp/vtnet2_oldipv6 :
2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx

it's IPv6 WAN_FTTH_Freebox interface (opt2, vtnet2)


no difference
February 02, 2023, 03:35:53 PM #7
Sorry, vtnet2 it is indeed.

So.... you don't have a primary router IP but you say it works?

/tmp/vtnet2:slaac_routerv6 is created as a fallback but that apparently doesn't work.

Can you try the following?

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

Still not working? Try:

# rm /tmp/vtnet2_oldip /tmp/vtnet2:slaac_routerv6
# /usr/local/etc/rc.newwanipv6 vtnet2


Cheers,
Franco
February 02, 2023, 03:48:48 PM #8
Quote from: franco on February 02, 2023, 03:35:53 PM
Sorry, vtnet2 it is indeed.

So.... you don't have a primary router IP but you say it works?

/tmp/vtnet2:slaac_routerv6 is created as a fallback but that apparently doesn't work.

Can you try the following?

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

Still not working? Try:

# rm /tmp/vtnet2_oldip /tmp/vtnet2:slaac_routerv6
# /usr/local/etc/rc.newwanipv6 vtnet2


Cheers,
Franco

"So.... you don't have a primary router IP but you say it works?" :
This is the IPv6 of the OPNSense router and not that of the Freebox.
It only works for a certain time after applying any configuration

# rm /tmp/vtnet2_oldip
# /usr/local/etc/rc.newwanipv6 vtnet2

it is rather  "rm /tmp/vtnet2_oldip6" ?

Code Select
# rm /tmp/vtnet2_oldip6
# /usr/local/etc/rc.newwanipv6 vtnet2

it worked for a few minutes and "Unable to reach the destination network" as usual what no change.

Code Select

# rm /tmp/vtnet2_oldip6 /tmp/vtnet2:slaac_routerv6
rm: /tmp/vtnet2_oldip6: No such file or directory
# /usr/local/etc/rc.newwanipv6 vtnet2


it doesn't work, IPv6 didn't come back at all after the 2 commands
February 02, 2023, 03:54:42 PM #9
Quote from: cayenne on February 02, 2023, 02:54:38 PM

In fact, it is as soon as I do "Apply changes" without having changed anything that IPv6 comes back for a while and the IPv6 default route is added in OPNSense.

now, as soon as "Apply changes" without having changed anything, IPv6 does not work at all
February 02, 2023, 04:35:02 PM #10
It's starting to make less and less sense. It's difficult to work with "when I do this complex operation nothing works anymore" and I've tried to break it down, perhaps on the wrong end but if you have trouble just reboot to rule out any local timing issues.

This can't be a huge deal in code even if it the implications look gloomy.


Cheers,
Franco
February 02, 2023, 05:12:31 PM #11
After restarting OPNSense, IPv6 was good for less than 5 minutes~ and I could browse the internet in IPv6.
after 5 minutes~, the IPv6 default route disappeared from "System: Routes: Status"

February 02, 2023, 05:25:22 PM #12
Here are the Warn/erreor/critical logs after restarting the OPNSense:

Code Select


2023-02-02T16:58:45 Warning opnsense /usr/local/etc/rc.routing_configure: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:43 Error dhcp6c transmit failed: Can't assign requested address
2023-02-02T16:58:43 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:04 Critical reboot rebooted by root


The IPv6 default route has disappeared as of 17:02:22.
February 02, 2023, 05:29:33 PM #13
System: Log Files: General on debug mode as of reboot
Code Select

2023-02-02T17:20:44 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:15:25 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:09:16 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:05:43 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T17:02:22 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : webgui_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : vxlan_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : unbound_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : openssh_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : opendns_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : ntpd_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dyndns_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dnsmasq_configure_do())
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt2)
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : openvpn_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : ipsec_configure_do(,opt2))
2023-02-02T16:59:04 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt2)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_FTTH_FREEBOX_SLAAC))
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,WAN_FTTH_FREEBOX_SLAAC)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,Gateway_FTTH_Freebox))
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,Gateway_FTTH_Freebox)
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::8e97:eaff:fe37:xxxx%vtnet2'
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e97:eaff:fe37:xxxx
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:59:03 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'opt2'
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2023-02-02T16:58:47 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renwal starting (new: 2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx, old: , interface: WAN_FTTH_Freebox[opt2], device: vtnet2)
2023-02-02T16:58:46 Notice syslog-ng Configuration reload finished;
2023-02-02T16:58:46 Notice syslog-ng Configuration reload request received, reloading configuration;
2023-02-02T16:58:45 Warning opnsense /usr/local/etc/rc.routing_configure: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: plugins_configure monitor (execute task : dpinger_configure_do(1,))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: plugins_configure monitor (1,)
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway 'fe80::8e97:eaff:fe37:xxxx%vtnet2'
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: setting IPv6 default route to fe80::8e97:eaff:fe37:xxx
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : unbound_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : opendns_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : ntpd_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: miniupnpd: Starting service on interface: lan
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : miniupnpd_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : dyndns_configure_do(1))
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure bootup (1)
2023-02-02T16:58:45 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (execute task : openvpn_configure_do(1))
2023-02-02T16:58:43 Error dhcp6c transmit failed: Can't assign requested address
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (execute task : ipsec_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure vpn (1)
2023-02-02T16:58:43 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_FTTH_FREEBOX_SLAAC IPv6 interface address could not be found, skipping.
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure monitor (execute task : dpinger_configure_do(1,,1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure monitor (1,,1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (execute task : unbound_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (execute task : dnsmasq_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dns (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcrelay (execute task : dhcpd_dhcrelay_configure(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcrelay (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (1)
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: skipping IPv6 default route
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv6 default gateway set to opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv4 default gateway set to opt2
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: entering configure using defaults
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : unbound_cache_flush(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : openssh_configure_do(1))
2023-02-02T16:58:43 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (1)
2023-02-02T16:58:42 Notice dhcp6c RTSOLD script - Starting dhcp6 client
2023-02-02T16:58:42 Notice syslog-ng syslog-ng starting up; version='3.38.1'
2023-02-02T16:58:04 Notice dhcp6c dhcp6c EXIT on vtnet2 - running newipv6
2023-02-02T16:58:04 Notice syslog-ng syslog-ng shutting down; version='3.38.1'
2023-02-02T16:58:04 Critical reboot rebooted by root
February 03, 2023, 09:18:52 AM #14
Let's try this patch to diagnose... https://github.com/opnsense/core/commit/930685e7d6

# opnsense-patch 930685e7d6

Does it keep working after reboot?


Cheers,
Franco
Print
Go Up Pages1 2 3 ... 5
User actions