WAN IPv6 address not renewing after initial dhcp request

[tokade]

Since nobody had any other suggestions, I did
pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/dhcp6c-20240607_1.pkg and rebooted
==> nothing changed

# opnsense-revert -r 24.1.8 dhcp6c
==> nothing changed

# opnsense-revert -r 24.1.8 opnsense
==> I got IPv6 back working

So I will stay on 24.1.8 till there is a solution for that problem.

[opnfwb]

For the extended dhcp6c logging, you can enable that under Interfaces/Settings/IPv6 DHCP and select "debug" level logging from the dropdown menu. You can also set a DHCPv6 UID there, which can be handy for some ISPs.

The next step would be to verify the settings that worked for years. I presume you're using WAN DHCPv6 and LAN is set to track interface? Do you use any manual LAN DHCPv6 assignments or prefix IDs?

[WhoopWhoop]

Experiencing the same issue everybody mentions here. ISP is Vodafone Cable (Germany, bridge-mode enabled at Vodafone Station).

None of the previous potential fixes worked for me. Did a reinstallation of 24.1 , locked version to 24.1.8, ran the update and imported my config. Its all fine again.

[tokade]

@WhoopWhoop
You run the update to 24.1.9_4 after the new install and then imported your config?

[Taunt9930]

@WhoopWhoop
You run the update to 24.1.9_4 after the new install and then imported your config?

No,
He said he locked it to 24.1.8.

[WhoopWhoop]

@WhoopWhoop
You run the update to 24.1.9_4 after the new install and then imported your config?

No,
He said he locked it to 24.1.8.

Correct. Right now im on 24.1.8 and the IPv6 situation is fine.

For the sake of testing, and also to rule out any errors coming from my backed up config, I also tested a clean installation, added some basic WAN configuration and upgraded to 24.1.9. The results were the same: the IPv6 address did not renew.

[Skreabengt]

I have the same problem on routers on two different sites with two different ISP, Telia AB and Obe Networks.

Upgraded from 24.1.8 to 24.1.9_4 last saturday and both routers now lose the WAN IPv6 address a while after first request upon boot. Looking in the log and there seem to be periodic requests from the DHCP6 client to the DHCP6 server after about half lease time, but no IPv6 IP-address show up in the dashboard and the VPN-tunnels fails as expected without peers.

This looks almost epidemic now and maybe it requires a hotfix?

Or is a complete revert back to 24.1.8 best practice?

[Taunt9930]

I have the same problem on routers on two different sites with two different ISP, Telia AB and Obe Networks.

Upgraded from 24.1.8 to 24.1.9_4 last saturday and both routers now lose the WAN IPv6 address a while after first request upon boot. Looking in the log and there seem to be periodic requests from the DHCP6 client to the DHCP6 server after about half lease time, but no IPv6 IP-address show up in the dashboard and the VPN-tunnels fails as expected without peers.

This looks almost epidemic now and maybe it requires a hotfix?

Or is a complete revert back to 24.1.8 best practice?

And the posted fix/ workaround doesn't work?

[Skreabengt]

I have not tried using the commands below yet; I am fairly new with OPNsesnse, but I guess they can''t be used in the GUI, perhaps from SSH, or else you need to hook up screen and keyboard directly to the router and use them in a UNIX shell, right?

# opnsense-revert -r 24.1.8 dhcp6c
# opnsense-revert -r 24.1.8 opnsense

My impression is that none of the hotfixes shown below are for correcting a "WAN IPv6 address not renewing after initial dhcp request", so it won't help. I updated directly to 24.1.9 hotfix 4 from 24.1.8.

"A hotfix release was issued as 24.1.9_1:

o firewall: "natreflection" rule attribute missed in MVC/API migration

A hotfix release was issued as 24.1.9_3:

o firewall: typo in "destination" migration for one-to-one NAT
o firewall: one-to-one NAT default reflection setting was ignored

A hotfix release was issued as 24.1.9_4:

o system: proper HA sync for new one-to-one NAT section"

[matt335672]

I'm having the same problem with my UK ISP, Andrews and Arnold (A&A).

Because A&A provide static routing I'm not requesting a prefix at all - just a non-temporary address, and options 23 and 24.

I've got a virtualized router, so I've rolled back to 24.1.8 for now.

/var/etc/dhcp6c.conf looks like this:-

Code Select Expand

interface pppoe0 {
  send ia-na 0; # request stateful address
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };


I'm running this command on the console to capture the DHCP negotiations:-

tcpdump -w dhcp.pcap -i pppoe0 udp portrange 546-547

I've also sent a HUP to dhcp6c to release and re-request the address.

Tomorrow I'll repeat the exercise on 24.1.9 and look for obvious changes.

I'm not looking at logging yet, but I thought a report of what's going on on-the-wire might be useful.

[matt335672]

Packet capture from DHCPv6 over 4 hours on 24.1.8 following SIGHUP to dhcp6c

There are a few RELEASE messages (packets 1, 5, 7, 8, 9) with an XID of 0x3f4706 which I think are related to the initial HUP I sent dhcp6c. Other than that, it's pretty much as expected.

I've installed 24.1.9 and rebooted. /var/etc/dhcp6c.conf is identical. I've restarted the capture. Currently I have a pingable WAN address.

[Skreabengt]

I reverted all 3 routers back to 24.1.8. I started with just opnsense, which didn't help alone, but after reverting dhcp6c as well, the WAN IPv6 address remains. I used an SSH client and did all three remotely from one site. Both Telia and Obe Network is working now.

# opnsense-revert -r 24.1.8 opnsense
# opnsense-revert -r 24.1.8 dhcp6c

[matt335672]

Attached is my packet capture from 24.1.9

As I write this, system uptime is 2:56, and it's 17:56 BST here. So the capture started at around 15:00 BST. This isn't an exact time. I note 'who -b' doesn't seem to work on my system.

I ran a IPv6 ping test of my WAN address in parallel at a rate of one a minute. The ping test dropped out at 17:03 BST approx.

The initial lease from 15:00 BST (approx.) has a valid lifetime of 7200 secs (packet 6). A renew request is made at 16:00 BST and answered (packets 10 and 11), and another one is made at 17:00 BST (packets 12 and 13). Round about this point the IP address is dropped.

So it looks to me as though the DHCP REPLY packets are not being acted on, or when they are received the valid lifetime is not being updated.

I really hope this is of use. I'm happy to reproduce this if required to get more information, (e.g. logging), or to try something else, but I'll wait to be guided by someone who knows more about this than I do! I'm going to roll back to 24.1.8 here for now.

[Kull IT]

Since nobody had any other suggestions, I did
pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/dhcp6c-20240607_1.pkg and rebooted
==> nothing changed

# opnsense-revert -r 24.1.8 dhcp6c
==> nothing changed

# opnsense-revert -r 24.1.8 opnsense
==> I got IPv6 back working

So I will stay on 24.1.8 till there is a solution for that problem.

I can confirm this workaround to be successful for Vodafone Cable Germany!
Thank you for putting it in the respective order.

[kryptonian]

Something to note on the opensense-revert command is that if somehow you got unreacheable v6 default as a result of not having working WAN IPv6 address due to the dhcp6c issue, you may be unable to also revert.

The Github issue I made is this one for this: https://github.com/opnsense/core/issues/7595

I had to do the following:

• Disable IPv6 on WAN
• Run the revert
• Reboot
• See that it did not fix it so another revert, this time to 24.1.0
• Reboot
• Re-enable IPv6
• Use the pkg install that's in this thread.
• Now I have working IPv6 WAN dhcp6 again

Code Select Expand


opnsense-revert -r 24.1.8 dhcp6c


Code Select Expand


pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/dhcp6c-20240607_1.pkg