Help with IPv6

[Space]

Hm, what puzzles me:

Apr 27 12:19:19 bart dhcp6c[82469]: Sending Solicit
Apr 27 12:19:19 bart dhcp6c[27159]: unexpected interface (11)

There are two different PIDs for dhcp6c ... did you try a reboot? Maybe this thread helps ...

https://forum.pfsense.org/index.php?topic=110797.0

Hope it's ok to post these links here :)

Best regards,

   Jochen

[Taomyn]

Rebooted it after making the changes again, no difference, same messages. Have set it back again and rebooted.

[Taomyn]

Oh, the reboot also broke the Let's Encrypt plug-in, but reverting back so I get an IP on WAN after rebooting, LE is fine again.

[Taomyn]

I just noticed that the DHCPv6 Server service is present but stopped - it won't start. Should it be even present if I'm not using it?


I go into the service settings and it states I can't add a server because no interfaces exist with a static IP

[bringha]

Taomyn,

am somewhat confused. Up to your last mail I thought that:
- you are getting connected to your ISP via PPPoE and get from there
    + an Ipv6 address which is then assigned to your WAN interface
    + an IPv6 /56 prefix which is then used by the Opnsense as a base for your SLACC Ipv6 address assignment for your internal network
    + IPv6 DNS servers (RDNSS) which are obtained via DHCP from your ISP also

According to my understanding
    + You have then only an dhcpv6c (Client) running which is used to obtain the information from your ISP (Address, prefix and DNS) on the WAN interface
    + if this information is available, rtsold triggers the start of radvd which serves your internal networks which ipv6 address and RDNS information (including the internal LAN interfaces of the opnsense; note that DNS server distributed via radvd points only to the internal opnsense DNS server (RDNSS model), which then (internally) points to the other configured servers in general setting for next level requests

If my assumption is right, then an dhcpv6 SERVER is NOT running on the opnsense as all required information is distributed via RA and you have dynamic IPv6 addresses on all your interfaces.

I share Space' view that only BASIC settings of IPv6 WAN config is workable. I obtain from some of your earlier logs that you did obviously use extended settings (with key authorization, there was a keyfile not found message in your dhcp.log)

Br br

[Taomyn]

Hi Bringha,


Ok, now I'm confused.


The closest I have gotten to getting IPv6 working on my OPNsense is:

   
• WAN obtaining an IPv6 address via IPv4 from my ISP - when this happens any IPv6 test on the firewall to the Internet appears to work so I have the external connectivity.
• LAN and GUEST_LAN are given fixed IPv6 /64 IPs using the /56 prefix based off the WAN IP
• With the above internal devices all start getting IPv6 addresses allocated
• IPv6 traffic works within each LAN
• IPv6 will not travel between LAN and WAN properly (I mention this way back in this thread), and hence to the Internet

It was then suggested I really should use "Track interface", which I had originally tried when I first decided to play with IPv6, but that has never worked because nothing except the WAN gets an IPv6 address.


I actually think it's an issue with OPNsense and the use of a VLAN'd PPPoE connection, because Suricata won't work either for me (nothing is checked/alerted) and no-one seems capable of fixing that issue either. I'm not complaining, just stating the situation.

[djGrrr]

It was then suggested I really should use "Track interface", which I had originally tried when I first decided to play with IPv6, but that has never worked because nothing except the WAN gets an IPv6 address.

Were you by any chance using Advanced mode for the DHCPv6 client options? Because advanced mode will not work properly, because it doesn't actually write out the config sections for tracked interfaces, if you stick to basic mode, it should work properly while using track interface.

[bringha]

@djGrrr - same opinion ... according to my understanding finding lines like

Code Select Expand


(...)
Apr 27 12:17:45 bart dhcp6c[34719]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Apr 27 12:17:45 bart dhcp6c[34719]: failed initialize control message authentication
Apr 27 12:17:45 bart dhcp6c[34719]: skip opening control port
(...)

in the log indicate advanced mode - never have had those in basic mode ... Then the WAN configuration fail ...

@Taomyn How do you get step 2 of your bullet list done if not via rtsold/radvd then? Indeed, the address is build from the prefix obtained on WAN and the derived address part which is usually defined related to the Mac address (SLACC). Or do you config that manually/set up radvd.conf manually

Br br

[Taomyn]

Were you by any chance using Advanced mode for the DHCPv6 client options? Because advanced mode will not work properly, because it doesn't actually write out the config sections for tracked interfaces, if you stick to basic mode, it should work properly while using track interface.

No, I don't use Advanced mode for the reasons you give

[Taomyn]

@Taomyn How do you get step 2 of your bullet list done if not via rtsold/radvd then? Indeed, the address is build from the prefix obtained on WAN and the derived address part which is usually defined related to the Mac address (SLACC). Or do you config that manually/set up radvd.conf manually

Br br

I simply entered an IPv6 address - I found no other way to assign the LAN interfaces any kind of address

[bringha]

Can you please check whether your rtsold and radvd agents are running?

[Taomyn]

Can you please check whether your rtsold and radvd agents are running?

These I can see in system activity:

/usr/sbin/rtsold -p /var/run/rtsold_pppoe0.pid -O /var/etc/rtsold_pppoe0_script.sh -R /usr/bin/true -d pppoe0

/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog

[bringha]

And how do your /var/etc/dhcp6c_wan.conf and your /var/etc/radvd.conf look like?

[Taomyn]

And how do your /var/etc/dhcp6c_wan.conf and your /var/etc/radvd.conf look like?

Code Select Expand



interface pppoe0 {
  send ia-na 0;   # request stateful address
  send ia-pd 0;  # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/56 infinity;
  prefix-interface em3 {
    sla-id 1;
    sla-len 8;
  };
  prefix-interface em0 {
    sla-id 0;
    sla-len 8;
  };
};


Code Select Expand


# Automatically Generated, do not edit

# Generated config for dhcp6 delegation from wan on opt1
interface em3 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL star-one.co.uk { };
};
# Generated config for dhcp6 delegation from wan on lan
interface em0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL star-one.co.uk { };
};


[bringha]

Hello,

sorry for the late reply, was off yesterday.

Your radvd.conf file is incomplete. if you use SLACC /what you obviously have configured on your WAN interface, the individual lines in your radvd.conf must contain

Code Select Expand


interface em0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix 200X:XXXX:XXXX:XXXX::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL star-one.co.uk { };
};


while yours only contain

Code Select Expand


interface em0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL star-one.co.uk { };
};

i.e. your prefix is empty.

Moreover you seem not to have set a domain name in your general config.

So, either the /56 prefix which your ISP sends is not recognized or it even does not send one but only an address.

Br br