IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

Started by cayenne, February 02, 2023, 12:00:00 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5
User actions
February 03, 2023, 04:48:01 PM #15 Last Edit: February 03, 2023, 04:51:45 PM by cayenne
Quote from: franco on February 03, 2023, 09:18:52 AM
Let's try this patch to diagnose... https://github.com/opnsense/core/commit/930685e7d6

# opnsense-patch 930685e7d6

Does it keep working after reboot?


Cheers,
Franco

Hello,

I just tested and it's not good.
I just tested commenting out lines 65 and 69 in the "/usr/local/opnsense/scripts/interfaces/rtsold_resolvconf.sh" file.
I then restarted the OPNSense.

It doesn't change the behaviour. The default IPv6 route would disappear after 5 minutes~ (it's random time).



February 03, 2023, 04:50:30 PM #16
System: Log Files: General :
Code Select

2023-02-03T16:47:16 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-03T16:38:51 Notice opnsense /usr/local/etc/rc.newwanipv6: No IP change detected for WAN_FTTH_Freebox[opt2]
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : webgui_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : vxlan_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : unbound_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : openssh_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : opendns_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : ntpd_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dyndns_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dnsmasq_configure_do())
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt2)
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : openvpn_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : ipsec_configure_do(,opt2))
2023-02-03T16:36:16 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt2)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_FTTH_FREEBOX_SLAAC))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,WAN_FTTH_FREEBOX_SLAAC)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: Gateway currently empty for 2001:4860:4860::8888 on opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,Gateway_FTTH_Freebox))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,Gateway_FTTH_Freebox)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: skipping IPv6 default route
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.220.254'
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to opt2
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'opt2'
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2023-02-03T16:36:15 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renwal starting (new: 2a01:e0a:1fc:4xx0:xxxx:xxxx:xxxx:xxxx, old: , interface: WAN_FTTH_Freebox[opt2], device: vtnet2)
2023-02-03T16:36:11 Error dhcp6c transmit failed: Can't assign requested address
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure dhcp (1)
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: skipping IPv6 default route
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv6 default gateway set to opt2
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 192.168.220.254
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: IPv4 default gateway set to opt2
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: ROUTING: entering configure using defaults
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : unbound_cache_flush(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (execute task : openssh_configure_do(1))
2023-02-03T16:36:11 Notice opnsense /usr/local/etc/rc.bootup: plugins_configure early (1)
2023-02-03T16:36:10 Notice dhcp6c RTSOLD script - Starting dhcp6 client
2023-02-03T16:36:10 Notice syslog-ng syslog-ng starting up; version='3.38.1'
2023-02-03T16:35:32 Notice dhcp6c dhcp6c EXIT on vtnet2 - running newipv6
2023-02-03T16:35:32 Notice syslog-ng syslog-ng shutting down; version='3.38.1'
February 12, 2023, 11:55:02 AM #17
I have just tried to analyse what is happening with a network analyser.

As soon as OPNSense receives an ICMPv6 type 134 (RA: Router Advertisement) from the Freebox, OPNSense removes the IPv6 default route

The IPv6 default route comes back when I disable/reactivate the IPv6 gateway in web interface system_gateways.php.
February 15, 2023, 01:07:08 PM #18
Hello,
I have just updated OPNSense to version 23.1.1

The bug is not solved.
@franco
February 15, 2023, 01:46:15 PM #19
Franky I'm unsure what causes this. My attempts to help find a clue ended in "still doesn't work" and I don't have any other ideas or a mistake has been made.


Cheers,
Franco
February 22, 2023, 03:52:17 PM #20
I'm having this same issue: IPv6 works initially then stops. Worked fine on 22.7. Stopped working properly upon upgrading to 23.1.

Setup

AT&T Fiber, IPv6 prefix delegation.
WAN set to DHCPv4 and DHCPv6.
LAN set to static IPv4 and IPv6 set to Track Interface (WAN).

Serves out IPv6 addresses just fine, works for a while, then stops routing IPv6. Seems to be a bug. If I go to LAN interface and save, it starts routing again for a while abut then stops.

OPNsense 24.7.7  - QEMU/KVM (Ubuntu), i9-9900K 16 core @ 5ghz, 16GB RAM, 64GB SSD, 2 dedicated SFP+ NICs
February 22, 2023, 04:27:00 PM #21
Can you try this patch?

https://github.com/opnsense/core/commit/9eaff5c21907d

# opnsense-patch 9eaff5c21907d


Cheers,
Franco
February 22, 2023, 05:08:40 PM #22
I came here because I was having the same problem, also with AT&T Fiber. The opnsense-patch 9eaff5c21907d command has fixed my issue - my IPv6 is now working again.
February 22, 2023, 08:22:39 PM #23
Wasn't expecting feedback so fast but that's promising, thanks!


Cheers,
Franco
February 22, 2023, 09:06:24 PM #24
Quote from: franco on February 22, 2023, 04:27:00 PM
Can you try this patch?

https://github.com/opnsense/core/commit/9eaff5c21907d

# opnsense-patch 9eaff5c21907d


Cheers,
Franco
Hello,

I have just tested the patch:
# opnsense-patch 9eaff5c21907d

it's not good.

As soon as Opnsense receives a router advertisement packet, the default gateway disappears in IPv6
February 22, 2023, 09:30:08 PM #25
I tried the patch as well. Even rebooted firewall. Same thing. Stops routing after 30-45 minutes or so. I have a log output in debug for dhcpv6 when the event occurred:

Code Select

2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:10-06:00 Notice dhcp6c IA_NA address: XXXX:XXXX:XXXX:XXXX::30 pltime=5400 vltime=7500
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option IA address, len 24
2023-02-22T14:15:10-06:00 Notice dhcp6c IA_NA: ID=0, T1=2700, T2=4320
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option identity association, len 40
2023-02-22T14:15:10-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:10-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:10-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:10-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:05-06:00 Notice dhcp6c got an expected reply, sleeping.
2023-02-22T14:15:05-06:00 Notice dhcp6c removing an event on vtnet0, state=REQUEST
2023-02-22T14:15:05-06:00 Notice dhcp6c script "/var/etc/dhcp6c_wan_script.sh" terminated
2023-02-22T14:15:05-06:00 Notice dhcp6c dhcp6c REQUEST on vtnet0 - running newipv6
2023-02-22T14:15:05-06:00 Notice dhcp6c dhcp6c REQUEST on vtnet0
2023-02-22T14:15:05-06:00 Notice dhcp6c executes /var/etc/dhcp6c_wan_script.sh
2023-02-22T14:15:05-06:00 Notice dhcp6c update an address XXXX:XXXX:XXXX:XXXX::30 pltime=5400, vltime=140733193395532
2023-02-22T14:15:05-06:00 Notice dhcp6c update an IA: NA-0
2023-02-22T14:15:05-06:00 Notice dhcp6c nameserver[0] XXXX:XXXX:XXXX:XXXX::1
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:05-06:00 Notice dhcp6c IA_NA address: XXXX:XXXX:XXXX:XXXX::30 pltime=5400 vltime=7500
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option IA address, len 24
2023-02-22T14:15:05-06:00 Notice dhcp6c IA_NA: ID=0, T1=2700, T2=4320
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option identity association, len 40
2023-02-22T14:15:05-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:05-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:05-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:05-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:04-06:00 Notice dhcp6c reset a timer on vtnet0, state=REQUEST, timeo=1, retrans=1902
2023-02-22T14:15:04-06:00 Notice dhcp6c send request to ff02::1:2%vtnet0
2023-02-22T14:15:04-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:04-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:04-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:04-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:04-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:04-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c got an expected reply, sleeping.
2023-02-22T14:15:03-06:00 Notice dhcp6c removing an event on vtnet0, state=RENEW
2023-02-22T14:15:03-06:00 Notice dhcp6c script "/var/etc/dhcp6c_wan_script.sh" terminated
2023-02-22T14:15:03-06:00 Notice dhcp6c dhcp6c RENEW on vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c executes /var/etc/dhcp6c_wan_script.sh
2023-02-22T14:15:03-06:00 Notice dhcp6c send request to ff02::1:2%vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:03-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:03-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:03-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:03-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:03-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c a new XID (928448) is generated
2023-02-22T14:15:03-06:00 Notice dhcp6c reset a timer on vtnet0, state=REQUEST, timeo=0, retrans=938
2023-02-22T14:15:03-06:00 Notice dhcp6c re-establishing IA: NA-0
2023-02-22T14:15:03-06:00 Notice dhcp6c update an IA: NA-0
2023-02-22T14:15:03-06:00 Notice dhcp6c nameserver[0] XXXX:XXXX:XXXX:XXXX::1
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option DNS, len 16
2023-02-22T14:15:03-06:00 Notice dhcp6c status code: no binding
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option status code, len 2
2023-02-22T14:15:03-06:00 Notice dhcp6c IA_NA: ID=0, T1=0, T2=0
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option identity association, len 18
2023-02-22T14:15:03-06:00 Notice dhcp6c DUID: 00:03:00:01:e0:22:04:5b:71:41
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option server ID, len 10
2023-02-22T14:15:03-06:00 Notice dhcp6c DUID: 00:01:00:01:29:a1:b6:d0:52:54:00:6e:2e:01
2023-02-22T14:15:03-06:00 Notice dhcp6c get DHCP option client ID, len 14
2023-02-22T14:15:03-06:00 Notice dhcp6c receive reply from fe80::e222:4ff:fe5b:7141%vtnet0 on vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c send renew to ff02::1:2%vtnet0
2023-02-22T14:15:03-06:00 Notice dhcp6c set option request (len 4)
2023-02-22T14:15:03-06:00 Notice dhcp6c set elapsed time (len 2)
2023-02-22T14:15:03-06:00 Notice dhcp6c set identity association
2023-02-22T14:15:03-06:00 Notice dhcp6c set IA address
2023-02-22T14:15:03-06:00 Notice dhcp6c set server ID (len 10)
2023-02-22T14:15:03-06:00 Notice dhcp6c set client ID (len 14)
2023-02-22T14:15:03-06:00 Notice dhcp6c a new XID (c0425b) is generated
2023-02-22T14:15:03-06:00 Notice dhcp6c reset a timer on vtnet0, state=RENEW, timeo=0, retrans=9913
2023-02-22T14:15:03-06:00 Notice dhcp6c IA timeout for NA-0, state=ACTIVE
OPNsense 24.7.7  - QEMU/KVM (Ubuntu), i9-9900K 16 core @ 5ghz, 16GB RAM, 64GB SSD, 2 dedicated SFP+ NICs
February 23, 2023, 12:42:05 AM #26
Well for now, I gave up on the track interface config, changed to static addresses on the interfaces, setup routing advertisement for the network using my chosen prefix, and turned on managed DHCPv6. So far it's still up.
OPNsense 24.7.7  - QEMU/KVM (Ubuntu), i9-9900K 16 core @ 5ghz, 16GB RAM, 64GB SSD, 2 dedicated SFP+ NICs
February 23, 2023, 12:55:14 AM #27
Even that doesn't work. Definitely the routing advertisement service. :\
OPNsense 24.7.7  - QEMU/KVM (Ubuntu), i9-9900K 16 core @ 5ghz, 16GB RAM, 64GB SSD, 2 dedicated SFP+ NICs
February 23, 2023, 08:12:34 AM #28
Different issue perhaps. Sounds like it could also be configuration related.


Cheers,
Franco
February 23, 2023, 03:10:57 PM #29
So as not to be that person who got their answer and vanished -

My firewall is still running great after applying the patch.

I have AT&T Fiber, 1Gbps up/down, running through their BGW320 gateway set to IP passthrough mode.

Configuration wise, I'm on 23.1.1_2 + that patch on a Protectli box.
LAN interface is static for IPv4 and track interface for IPv6.
WAN interface is DHCP4 + DHCPv6 with DHCPv6-PD. I'm sending a hint for a /64 prefix.
RADVD is running in stateless mode so it can push DNS servers.
I have Zenarmor (paid) running.

Just about everything else is defaults. Very simple config.

The only oddity in the system logs is that dhclient reports unknown dhcp option value 0x7d with some regularity; that does not seem to impact anything.

It sounds like the others must be having another issue, or perhaps an additional one. I'm happy that the patch fixed me - my wife was complaining of things acting strangely, which makes sense knowing that IPv6 was broken. Android seems to not handle that case well, while my iPhone is running through iCloud private relay so I never noticed.
Print
Go Up Pages 1 2 3 4 5
User actions