WAN IPv6 address not renewing after initial dhcp request

[v]

Hello good people,

Mandatory disclaimer, english is not my first language, apologies for any mistakes I might make.

After updating to 24.1.9 (and subsequent hotfixes) and rebooting the system, I've been experiencing this bug(?)

On initial reload of the interface, it normally receives an address from the isp dhcpv6 server, but subsequent renew requests do not seem to renew the address on the interface. Prefix delegation from the isp dhcpv6 server works perfectly fine without issues just like before the update.

The isp dhcpv4 server gave me a different ipv4 address after the reboot, but everything regarding that seems to be working as usual. Pointing this out in case it could possibly have something to do with the problem I'm having.

Never had similar issues before, everything has been working perfectly before this. I'm at a loss on how to investigate the issue.

Apologies for not posting logs or other debug information as I'm not sure which would be useful in this  context. Willing to provide any that might help when asked. Thank you for your patience

All help appreciated, thank you beforehand!

[franco]

Hi,

We did incorporate a couple of Debian patches for dhcp6c into 24.1.9's version. One of those are actually supposed to fix this from stopping to work, but maybe you are experiencing the reverse?

https://github.com/opnsense/dhcp6c/commit/2e44fd3051

Maybe that patch is wrong ... or maybe we can start to see if dhcp6c in the older version is better again:

# opnsense-revert -r 24.1.8 dhcp6c

Best to reboot to avoid the newer dhcp6c from remaining the running process binary (it's mostly operated by SIGHUP).


Cheers,
Franco

[v]

Hi,

We did incorporate a couple of Debian patches for dhcp6c into 24.1.9's version. One of those are actually supposed to fix this from stopping to work, but maybe you are experiencing the reverse?

https://github.com/opnsense/dhcp6c/commit/2e44fd3051

Maybe that patch is wrong ... or maybe we can start to see if dhcp6c in the older version is better again:

# opnsense-revert -r 24.1.8 dhcp6c

Best to reboot to avoid the newer dhcp6c from remaining the running process binary (it's mostly operated by SIGHUP).


Cheers,
Franco

I see, very interesting. I wonder if it has something to do with the specific configuration on the isp's end or mine.

I'll try reverting, see if it fixes the issue. Should I report back when I know?

Thank you very much!

[franco]

> I see, very interesting. I wonder if it has something to do with the specific configuration on the isp's end or mine.

Likely with the ISP, but that's just inherent with IPv6 delivery.

> I'll try reverting, see if it fixes the issue. Should I report back when I know?

Yes please in either case. Improving IPv6 is my hobby. ;)


Cheers,
Franco

[v]

> I see, very interesting. I wonder if it has something to do with the specific configuration on the isp's end or mine.

Likely with the ISP, but that's just inherent with IPv6 delivery.

> I'll try reverting, see if it fixes the issue. Should I report back when I know?

Yes please in either case. Improving IPv6 is my hobby. ;)


Cheers,
Franco

Hello again,

Okay, reverting seemed to go through successfully?

Code Select Expand

# opnsense-revert -r 24.1.8 dhcp6c
Fetching dhcp6c.pkg: ... done
Verifying signature with trusted certificate pkg.opnsense.org.20240105... done
dhcp6c-20240607: already unlocked
Installing dhcp6c-20230530...
package dhcp6c is already installed, forced install
Extracting dhcp6c-20230530: 100%

After rebooting, the wan interface receives an address and a prefix normally. However unlike before, I'm getting a different address/prefix on every interface reload. However also other interfaces which are set to track the wan interface are not receiving ipv6 addresses now.

Trying to reload all services from opnsense-shell gets stuck on

Code Select Expand

setup <wan-interface> [egress only]

Interesting turn of events. What to do?

[franco]

Sounds like it is stuck initializing NetFlow on the interface? Maybe turning that off is already better...

You can always revert back to the latest version:

# opnsense-revert dhcp6c

But the problem description and change of problem description isn't very consistent here so something else might interfere.


Cheers,
Franco

[opnfwb]

I'm on 24.1.9_3 and am also seeing this behavior for my WAN IPv6, it loses its IPv6 lease a few hours after a reboot.

The LAN still maintains its IPv6 address and is still handing out working IPv6 leases to my LAN clients. Prior to 24.1.9 I used WAN Track interface and had solid IPv6 for years on my LAN and the WAN interface always had its own IPv6 assigned from the ISP. I'm happy to also provide logs but I'm not sure which ones?

Screenshot attached showing the lack of a WAN IPv6 address but LAN still has it.

[franco]

Same here... enable dhcp6c logging and post the log... it will tell us everything... why it renewed and why it couldn't. Also try the revert.


Cheers,
Franco

[joezeppy]

I'm still a newbie here on 24.1.8, but I haven't upgraded to 24.1.9 yet in fear of this issue.  Can the anyone with this particular DHCP6 symptom reply what their settings are for:

System / Gateways / Configuration / WAN1_DHCP6:

   Upstream Gateway [mine is checked]
   Disable Gateway Monitoring [mine is unchecked]

On 24.1.8, I experienced something similar when the 'Upstream Gateway' was [unchecked] and my LAN was set to tack interface.

[hdholm]

After years of correctly working with Comcast to get a /60 delegation, I can't seem to get delegated addresses to work now.   Dowgrading dhcp6c with opnsense-revert -r 24.1.8 dhcp6c and rebooting both OPNsense and the modem does NOT seem to resolve the issue.

[franco]

If it's not dhcp6c then try to see if it's the core package changes:

# opnsense-revert -r 24.1.8 opnsense


Cheers,
Franco

[v]

Hello,

Back again with some dhcp6c logs.

Initial solicit on boot:

Code Select Expand

Sending Solicit
a new XID (b1ac54) is generated
set client ID (len 14)
set identity association
set elapsed time (len 2)
set option request (len 4)
set IA_PD prefix
set IA_PD
send solicit to ff02::1:2%bge2
reset a timer on bge2, state=SOLICIT, timeo=0, retrans=1009
receive advertise from fe80::bb%bge2 on bge2
get DHCP option server ID, len 10
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8
get DHCP option client ID, len 14
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:e9:88
get DHCP option identity association, len 40
  IA_NA: ID=0, T1=1800, T2=2880
get DHCP option IA address, len 24
  IA_NA address: 2001:db8::1 pltime=3600 vltime=3600
get DHCP option IA_PD, len 41
  IA_PD: ID=0, T1=1800, T2=2880
get DHCP option IA_PD prefix, len 25
  IA_PD prefix: 2001:db8:3::/56 pltime=3600 vltime=34359741968
get DHCP option DNS, len 32
server ID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8, pref=-1
reset timer for bge2 to 0.992103
picked a server (ID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8)
Sending Request
a new XID (216327) is generated
set client ID (len 14)
set server ID (len 10)
set IA address
set identity association
set elapsed time (len 2)
set option request (len 4)
set IA_PD prefix
set IA_PD
send request to ff02::1:2%bge2
reset a timer on bge2, state=REQUEST, timeo=0, retrans=911
receive reply from fe80::bb%bge2 on bge2
get DHCP option server ID, len 10
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8
get DHCP option client ID, len 14
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:e9:88
get DHCP option identity association, len 40
  IA_NA: ID=0, T1=1800, T2=2880
get DHCP option IA address, len 24
  IA_NA address: 2001:db8::1 pltime=3600 vltime=3600
get DHCP option IA_PD, len 41
  IA_PD: ID=0, T1=1800, T2=2880
get DHCP option IA_PD prefix, len 25
  IA_PD prefix: 2001:db8:3::/56 pltime=3600 vltime=34359741968
get DHCP option DNS, len 32
Received REPLY for REQUEST
nameserver[0] 2001:db8::a
nameserver[1] 2001:db8::b
make an IA: PD-0
create a prefix 2001:db8:3::/56 pltime=3600, vltime=3600
add an address 2001:db8:3:1:xxxx:xxxx:xxxx:e10d/64 on bge1
make an IA: NA-0
create an address 2001:db8::1 pltime=3600, vltime=34359741968
add an address 2001:db8::1/128 on bge2
removing an event on bge2, state=REQUEST
removing server (ID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8)
executes /var/etc/dhcp6c_wan_script.sh
dhcp6c_script: REQUEST on bge2 executing
dhcp6c_script: REQUEST on bge2 renewal
script "/var/etc/dhcp6c_wan_script.sh" terminated
got an expected reply, sleeping.

Subsequent renew:

Code Select Expand

IA timeout for NA-0, state=ACTIVE
reset a timer on bge2, state=RENEW, timeo=0, retrans=10256
Sending Renew
a new XID (b4a5d5) is generated
set client ID (len 14)
set server ID (len 10)
set IA address
set identity association
set elapsed time (len 2)
set option request (len 4)
send renew to ff02::1:2%bge2
IA timeout for PD-0, state=ACTIVE
reset a timer on bge2, state=RENEW, timeo=0, retrans=10244
Sending Renew
a new XID (b3a2c0) is generated
set client ID (len 14)
set server ID (len 10)
set elapsed time (len 2)
set option request (len 4)
set IA_PD prefix
set IA_PD
send renew to ff02::1:2%bge2
receive reply from fe80::bb%bge2 on bge2
get DHCP option server ID, len 10
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8
get DHCP option client ID, len 14
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx::e9:88
get DHCP option identity association, len 40
  IA_NA: ID=0, T1=1800, T2=2880
get DHCP option IA address, len 24
  IA_NA address: 2001:db8::1 pltime=3600 vltime=3600
get DHCP option DNS, len 32
Received REPLY for RENEW
nameserver[0] 2001:db8::a
nameserver[1] 2001:db8::b
update an IA: NA-0
update an address 2001:db8::1 pltime=3600, vltime=34359741968
removing an event on bge2, state=RENEW
executes /var/etc/dhcp6c_wan_script.sh
dhcp6c_script: RENEW on bge2 executing
script "/var/etc/dhcp6c_wan_script.sh" terminated
got an expected reply, sleeping.
receive reply from fe80::bb%bge2 on bge2
get DHCP option server ID, len 10
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:23:d8
get DHCP option client ID, len 14
  DUID: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx::e9:88
get DHCP option IA_PD, len 41
  IA_PD: ID=0, T1=1800, T2=2880
get DHCP option IA_PD prefix, len 25
  IA_PD prefix: 2001:db8:3::/56 pltime=3600 vltime=3600
get DHCP option DNS, len 32
Received REPLY for RENEW
nameserver[0] 2001:db8::a
nameserver[1] 2001:db8::b
update an IA: PD-0
update a prefix 2001:db8:3::/56 pltime=3600, vltime=3600
removing an event on bge2, state=RENEW
executes /var/etc/dhcp6c_wan_script.sh
dhcp6c_script: RENEW on bge2 executing
script "/var/etc/dhcp6c_wan_script.sh" terminated
got an expected reply, sleeping.

Hopefully there's some useful information in these logs.

If not, would there be any other way for me to try and provide some useful debug information?

Edit: this is on OPNsense 24.1.9_4-amd64, no reverts

[v]

I'm still a newbie here on 24.1.8, but I haven't upgraded to 24.1.9 yet in fear of this issue.  Can the anyone with this particular DHCP6 symptom reply what their settings are for:

System / Gateways / Configuration / WAN1_DHCP6:

   Upstream Gateway [mine is checked]
   Disable Gateway Monitoring [mine is unchecked]

On 24.1.8, I experienced something similar when the 'Upstream Gateway' was [unchecked] and my LAN was set to tack interface.

Here's mine.

[franco]

This is a bit weird:

vltime=34359741968

Otherwise it looks rather normal. Do you use the "prevent release" option?

[v]

This is a bit weird:

vltime=34359741968

Otherwise it looks rather normal. Do you use the "prevent release" option?

Prevent release is unchecked. I've tried both enabled and disabled, the issue persists.