[WORKAROUND] 23.7.8 - IPV6 issues with WG / DHCPv6 / Gateways / RADVD

Started by danderson, November 09, 2023, 04:14:51 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 09, 2023, 04:14:51 PM Last Edit: November 09, 2023, 05:18:14 PM by danderson
Warning   wireguard   /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The required GATEWAY NAME IPv6 interface address could not be found, skipping.

But also, radvd, dhcpv6, and gateway monitor, will all not start.  Previously I had a static entry in the interface, but removed it after the last update so that the WG tunnels would come up/online on boot.  Nothing changed and with ifconfig i do see the ipv6 addresses, but it appears the other services no longer think the int has an IP.

In gateways, when applying the config with 0 changes as before, the warning/error is: The following input errors were detected:

Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.

But clearly the interface has an IP.

wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet6 fd93:xx:xx:xx::6 prefixlen 126
        inet6 fe80::6%wg1 prefixlen 64 scopeid 0x12
        groups: wg wireguard
        nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>
November 09, 2023, 04:22:37 PM #1
This change:

https://github.com/opnsense/core/commit/a40dd50aec6

# opnsense-patch a40dd50aec6

Something needs refinement, but a primary IPv6 is not a ULA...


Cheers,
Franco
November 09, 2023, 04:30:32 PM #2
Franco,

opnsense-patch a40dd50aec6 fixed the issue, so looks like it reversed the commit and I was able to start all services and everything is working as normal.

The site where its running doesnt have GUAs, so its running ULAs with VTI, frr didnt have an issue and was still sending BGP routes, but no RA for clients or DHCP & Gateway, also rule based routing didnt work. But again all working with reverting the commit.

Unknown how to make it work with ULA with the commit going forward.
November 09, 2023, 04:31:44 PM #3
I think I know a way but it needs a bit of tinkering in the lab before posting it.


Cheers,
Franco
November 09, 2023, 04:34:16 PM #4
thanks, hit me up when you want/need testers
November 09, 2023, 04:50:56 PM #5
Will do.

Can you mark this WORKAROUND instead of SOLVED?
November 09, 2023, 05:18:22 PM #6
done
November 09, 2023, 10:57:21 PM #7
I seem to have a similar issue with gateways.  I'm not sure how to trace this one down.

Upon upgrade to 23.7.8 all looked fine from webui.  All services started up, but machines connected the router had sporadic internet.  I noticed DHCPv6 seemed to restart a couple times then stay running but machines behind the gateway where having a hard time connecting to sites.  ie: Some sites worked, some don't.  FW logs looked fine.  Packets didn't appear to be dropped.

The only real clue was DHCP restarting.  I took a look at the logs and saw the same log entries as mentioned here.

Code Select

2023-11-09T14:35:40-07:00 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_6RD IPv6 interface address could not be found, skipping.
2023-11-09T14:35:40-07:00 Warning opnsense /usr/local/etc/rc.bootup: Skipping gateway WAN_6RD due to empty 'gateway' property.


I applied the patch in this thread, restarted, still the same behavior.  I went into gateways and reapplied the same settings and machines behind the router started working properly again on both ipv4 and ipv6.

I can reproduce the problem by restarting the router.  I can go back into gateways and reapply the settings to fix it.

Is there any other information I can gather and provide here?



November 09, 2023, 11:33:22 PM #8
My issue on gateways and the other services were fixed with the patch and works on reboot as well. ULA on the gateways and interfaces.
November 10, 2023, 12:18:05 AM #9
Also same problems here.

Cannot start dhcpd6 and radvd:
Code Select
/usr/local/sbin/pluginctl: dhcpd_dhcp6_configure() found no suitable IPv6 address on lan(igc1)

I am using only ULAs in my LAN and i am using NAT (yes on IPv6) to hide my internal network topology. So the "no suitable IPv6 address" is an ULA within the fd00::/8 block.

Can't try and install the patch right now because it's late in germany ;-)
November 10, 2023, 12:54:50 AM #10
Same problem here.

Updated to the newest version (23.7.8) some hours ago and noticed DHCPv6 and radvd not starting up.
opnsense-log would always say /services_dhcpv6.php: dhcpd_dhcp6_configure() found no suitable IPv6 address on <interface>.
Additionally, the radvd configuration was empty even though radvd was enabled on multiple interfaces.
While debugging, I also noticed that interfaces_primary_address6 would always return empty strings.

Applying (or reverting) the patch worked without problems and both radvd and DHCPv6 would start up again.

I am also using ULAs for my interfaces and then use NAT (though mostly because the WAN-side only gets a /64 prefix).


Thank you for providing this workaround.
November 10, 2023, 12:25:52 PM #11 Last Edit: November 10, 2023, 12:28:37 PM by dMopp
Same here.

I mean, WHY is something like that going live without further testing ?. Patch / Workarround applied and fine so far.
...

And yes, also NAT6 + ULA. + Wireguard with ULA, too
November 10, 2023, 12:37:21 PM #12
> I mean, WHY is something like that going live without further testing ?

It hasn't. It wasn't.

https://github.com/opnsense/core/issues/6939


Cheers,
Franco
November 10, 2023, 01:42:08 PM #13 Last Edit: November 12, 2023, 07:51:27 AM by franco
As promised here is the proposal (v2):

https://github.com/opnsense/core/commit/cd808e3152

On 23.7.8:

# opnsense-revert opnsense && opnsense-patch cd808e3152


Cheers,
Franco
November 10, 2023, 02:27:47 PM #14
Approach seems to work, too. Applied, rebootet and all gateways are there as it should :)
Print
Go Up Pages1 2
User actions