DS-Lite on 23.7.6+ (23.7.10_1)

[franco]

Great, all feedback welcome. Maybe just as a reminder it needs a reboot to make use of the newer dhcp6c or you have to kill the previous one and then apply the interface configuration again.

# killall dhcp6c


Cheers,
Franco

[jbourne]

Great, all feedback welcome. Maybe just as a reminder it needs a reboot to make use of the newer dhcp6c or you have to kill the previous one and then apply the interface configuration again.

# killall dhcp6c


Cheers,
Franco

Anything I should change about the GIF tunnel etc? I'm assuming I should undo the static config I put into 10-wanip but anything else I should change?

[franco]

Entirely unsure. I cannot test this easily. Sorry.


Cheers,
Franco

[jbourne]

Entirely unsure. I cannot test this easily. Sorry.


Cheers,
Franco

Hahaha no worries, I will revert back!

[jbourne]

Did this break for anyone with the 24.7 update? It was working perfectly up till yesterday when I wanted to install tailscale, and was told that 24.1 is too old - so I ran the upgrade and everything broke. Now the GIF tunnel no longer auto starts and I have to go back to my manual hack solution.  Did anything change?

[franco]

The GIF integration was moved to MVC which also entailed a few changes in the backend code. I'm not sure what it could be. There is the likelihood of a gif-related error in the system log?


Cheers,
Franco

[Agricolovo]

Hello everyone,
sorry for hijacking the post.

I'm trying to setup DS-Lite and even following all the guides and forums I found
I can't get it working.
As a background, I live in Japan and I'm using Excite Mec Hikari as a provider,
so DS-Lite is necessary.
I already have a Yamaha router, which I was able to setup without problems,
but since I want to learn OPNSense I decided to set it up as well.
Still an extreme noob tho, so please forgive me in advance.

So, looking at guides and here I did the followings:

Note: OPNSense is running on Proxmox, where I configured a bridge for the WAN and another one for the LAN

1. Created a GIF (gif0) with
[Local Address = WAN] ,
[Remote Address = 2404:8e01::feed:101],
[Tunnel Local Address = 192.0.0.2] ,
[Tunnel Remote Address = 192.0.0.1] and
[Disable Ingress filtering = ON]

2. Assigned gif0 to a new interface [DSLite1].
[Block private networks = ON] and
[Block bogon networks = ON] ,
the rest at default

3. On [WAN] interface, I set
[IPv4 Configuration Type = DHCP] and
[IPv6 Configuration Type = DHCPv6],
[Prefix Delegation Size = 64 (Default)]
the rest at default

4. On [DNS], I set
[8.8.8.8] with [Use gateway = None]
[2001:4860:4860::8888] with [Use gateway = None]

5. On [Gateways] I have the following
- DSLITE1_TUNNELV4
  [Interface = DSLite1]
  [Address Family = IPv4]
  [IP Address = dynamic]
  [Upstream Gateway = ON]
  [Disable Gateway Monitoring = ON]
  All else at default

- WAN_DHCP6
  [Interface = WAN]
  [Address Family = IPv6]
  [IP Address = empty]
  [Upstream Gateway = OFF]
  [Disable Gateway Monitoring = ON]
  All else at default

- WAN_GW
   [Interface = WAN]
  [Address Family = IPv4]
  [IP Address = empty]
  [Upstream Gateway = ON]
  [Disable Gateway Monitoring = ON]
  All else at default

No Firewall rules set up yet.

For the settings that's it.
From the console I see that the WAN gets an IPv6 address,
and if I try to ping google.com I get a reply, but if I try to ping 8.8.8.8
I get nothing, only 100% packet loss.
So from what I understand OPNSense gets an IPv6 from my provider, but fails to translate it to IPv4?

I tried to redo a checking all the settings, but I cannot understand where the issue could lie.
Is there something else I should do or check to solve it?

Thank you in advance for help!

[meciu]

@Agricolovo

I am still looking to configure DS-Lite via GUI for my German cable provider but no luck.

For now I have created a script which runs on opnsense start and it works fine.

to test it - connect via ssh to opnsense, enter shell and enter following commands:

ifconfig gif0 create

ifconfig gif0 inet6 tunnel <<LOCAL IPv6 ADDRESS>> <<AFTR ADDRESS>> mtu 1460 -accept_rtadv ifdisabled

ifconfig gif0 inet 192.0.0.2 192.0.0.1 netmask 255.255.255.248

route add default -interface gif0

[Antioch]

Did this break for anyone with the 24.7 update? It was working perfectly up till yesterday when I wanted to install tailscale, and was told that 24.1 is too old - so I ran the upgrade and everything broke. Now the GIF tunnel no longer auto starts and I have to go back to my manual hack solution.  Did anything change?

I'm new to the party. I also have a DS Lite IPv6 ISP and am trying to get OPNsense working, and am new to IPv6 networking to boot.

However, in my testing I don't think that this "broke" between 24.1 and 24.7 -- I have setup both in VMs on PVE and both have the same auto start issue. Specifically, I have one VM fully updated to 24.1.10_8 and the other sitting with a plain 24.7.0 install (am hesitant to update until 24.7.3 is released as I've seen there is still some trouble with IPv6).

This is what I'm experiencing:

I have GIF tunnel configured as an interface, and a gateway configured to use the GIF tunnel for IPv4 connections alongside a generic WAN IPv6 gateway which gets configured by my ISP via DHCP. When I first boot opnsense the GIF gateway is marked as defunct and IPv4 routing does not work (the WAN IPv6 gateway and routing works fine). In order to get GIF/IPv4 working I must change the GIF interface's (Interface:Other:Gif:Edit) "parent interface" (I believe this label changed in 24.7) from LAN to WAN and back to LAN before the GIF gateway comes up. At this point IPv4 routing works.

When I reboot I have to do this all over again.

The initial "parent interface" setting change from LAN to WAN is enough to get the interface to be marked as up in Interface:Overview, however it is necessary to change it back to LAN in order for the GIF gateway to function. I'm not sure why it must be set to LAN in order to function as I believe that WAN is the correct setting, however this behavior is the same in 24.1 and 24.7 and necessary to get GIF/IPv4 working.

The GIF integration was moved to MVC which also entailed a few changes in the backend code. I'm not sure what it could be. There is the likelihood of a gif-related error in the system log?


Cheers,
Franco

Franco, I do see the following issue in the logs during bootup on both VMs:

Code Select Expand

Warning config /interfaces_gif_edit.php: ROUTING: refusing to set interface route on addressless opt1(gif0)
Notice config /interfaces_gif_edit.php: ROUTING: entering configure using 'opt1'
Notice config /interfaces_gif_edit.php: Device gif0 missing required local address, skipping now.

I've also noticed during bootup that the GIF interface gets configured before the LAN and WAN interfaces. I don't know if this is the problem, but if the GIF interface needs to inherit an IP from the WAN interface then perhaps the order needs to be changed so that GIF comes after WAN? Just an idea from a newbie.

I should also note that the WAN interface takes quite some time to configure in my case - a good 20 to 30 seconds.

Please let me know what additional information I can provide or tests I can run are. I'm happy to do all that I can to contribute and get this issue resolved because from my observation across several threads on various forums, this issue is affecting multiple people, not only me.

Do you think this is the same issue described here: https://github.com/opnsense/core/issues/7713, or shall I open a new bug?

Thank you.

Edit: the above was for my 24.1 VM. I have gone back to the 24.7 VM and noticed that the WAN configuration is much faster, and that the order of operations for switching the GIF interface's "parent interface" ("local address" in 24.7) and disabling/reenabling the interface seems indeterministic. Though the GIF gateway was reported as up, I had to toggle things a few times before I could actually ping an external IPv4 address from opnsense shell.

Perhaps it would be better to open a thread in the 24.7 subforum and focus on 24.7 behavior? I simply didn't want to fork this thread so kept my response here for now.