23.1.7_3 - IPv6 prefix routed on lo0

Started by Dragon, May 13, 2023, 05:11:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 13, 2023, 05:11:55 PM
I do get an IPv6 address from my provider (Spectrum residential) on the WAN interface
I do successfully receive a delegated /64 prefix.
My LAN interface does get the expected IP from the delegated /64 assigned to it.

The problem is that the routing entry to the delegated /64 is not via the LAN interface, but via lo0 and has the blackhole flag on it.
route -6 del 2001:db8:dead:beef::/64
route -6 add 2001:db8:dead:beef::/64 -iface vmx1

fixes "everything".

I'm not blaming 23.1.7_3 - I think it started earlier, but it didn't fix it, either.

It may have started when I added a pfSync interface for HA to the VM (running on ESXi), but I can't say for sure.

ipv6 config type is "track interface", for the "lan" interface, the tracked interface is the "wan" interface

The current auto-generated radvd.conf is (and yes, I'm running my own DNS servers for the lan):
# Automatically generated, do not edit
# Generated for DHCPv6 server lan
interface vmx1 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvLinkMTU 1500;
        AdvDefaultPreference medium;
        prefix 2001:db8:dead:beef::/64 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
        };
        RDNSS 2001:db8:dead:beef::30 2001:db8:dead:beef::31 {
        };
        DNSSL dragonskeep.org {
        };
};


Any ideas would be appreciated!
May 14, 2023, 09:25:32 PM #1
I guess this feature request is the issue... https://github.com/opnsense/core/issues/3304

A /64 does pose an problem as it would overwrite the resulting route wherever it is being used.

One could argue a /64 is not a delegated prefix. ;)

Not sure if we should avoid setting a /64 null route or do something else.


Cheers,
Franco
May 17, 2023, 03:38:03 PM #2
I think this is the issue I ran into:

My WAN_DHCP6 gateway was empty. netstat showed no default ipv6 route. I get a /59 prefix from my ISP and set one /64 for LAN and one /64 for WLAN.

My workaround is looking at the NDP table, taking the gateway's link local IP from WAN and manually adding an IPv6 gateway using that (and disabling the auto created one).
May 17, 2023, 09:24:46 PM #3
@pp this is not really related as this is about a single /64 directly from ISP

@Dragon

Here is a patch: https://github.com/opnsense/core/commit/78940da396ff

# opnsense-patch 78940da396ff


Cheers,
Franco
May 22, 2023, 10:43:59 AM #4
@Franco:

Thanks a ton - things work as expected with your patch!

May 22, 2023, 11:03:58 AM #5
Ok, will add to 23.1.8 release then.


Cheers,
Franco
Print
Go Up Pages1
User actions