IPv6 connectivity error after update to OPNsense 25.7.10-amd64

Started by ischilling, December 21, 2025, 07:02:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 21, 2025, 07:02:15 PM
Quote from: ischilling on December 21, 2025, 01:15:21 AMBefore I updated to OPNsense 25.7.10 (amd64) everything worked perfect, right after the update and a reboot, the IPv6 problem on the WAN interface appeared on my system as well.. In short words, I get the fixed IPv4 but neither a fixed IPv6 nor my fixed IPv6 /56 network.

I've a fixed IPv6 /56 network and the following settings worked very well before the update, please find my settings in the attached screenshot.

Currently it looks as if the dhcp6c.conf which to my understanding is needed for dhcp6c service isn't existing:

auser@theFirewall:~ # ls -l /usr/local/etc/dhcp6c.conf
ls: /usr/local/etc/dhcp6c.conf: No such file or directory
auser@theFirewall:~ # service dhcp6c onestart
/usr/local/etc/rc.d/dhcp6c: WARNING: /usr/local/etc/dhcp6c.conf is not readable.
/usr/local/etc/rc.d/dhcp6c: WARNING: failed precmd routine for dhcp6c
auser@theFirewall:~ # ps aux | grep dhcp6c
root      824  0.0  0.0  13744    2404  0  S+  00:54    0:00.00 grep dhcp6c
auser@theFirewall:~ # opnsense-version
OPNsense 25.7.10 (amd64)
auser@theFirewall:~ # ls -l /usr/local/opnsense/service/conf/actions.d | grep dhcp
-rw-r--r--  1 root wheel 1052 Dec 18 14:13 actions_dhcpd.conf
-rw-r--r--  1 root wheel 1090 Dec 18 14:13 actions_dhcpd6.conf

As said - everything worked perfect before the update.

I now installed OPNsense 25.7-amd64 - with NO patch.

Everything works smooth - which from my point of view indicates that something is wrong with the current OPNsense 25.7.10 (amd64) update.

Interestingly - when using a configuration backup I made with OPNsense 25.7.10 (amd64) in OPNsense 25.7-amd64 - the IPv6 issue reappears....

Note:
  • igb0 is the WAN interface on my system
  • the following is a fresh install - no further settings, except for correct settings for IPv6 on the WAN interface and track interface (0) on the LAN interface
  • no Packages are installed in addition

ifconfig igb0 results in on OPNsense 25.7-amd64 (before the update)
Code Select
igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        inet6 fe80::a236:9fff:fea0:7d54%igb0 prefixlen 64 scopeid 0x3
        inet6 2a02:8109:8000:6a::144b prefixlen 128 pltime 86400 vltime 86400
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

ibg0 is configured (right after the update) to OPNsense 25.7.10 (amd64)
Code Select
igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        inet6 fe80::0000:0000:0000:0000%igb0 prefixlen 64 scopeid 0x3
        inet6 2a02:0000:0000:00::144b prefixlen 128 pltime 86400 vltime 86400
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

And without further configuration everything is fine and works.

However, as soon as I restore the full configuration from a backup before the update, a well working configuration though, the following happens:

Code Select
igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: ZONE0_0_WAN_KD (wan)
        options=48520b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 90.187.76.171
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,[b]IFDISABLED[/b],AUTO_LINKLOCAL>

As yo ucan see the IPv6 part of WAN is disabled - with a before well working configuration setting....

Checking the packages (which have been used with this configuration) I had to resolve the missing ones - which I did and I rebooted the system, just in case.

Code Select
igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: ZONE0_0_WAN_KD (wan)
        options=48520b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,[b]IFDISABLED[/b],AUTO_LINKLOCAL>

So it seems, one of the installed packages on my system is in combination with OPNsense 25.7.10-amd64, the problem.

I'll update this here as soon as I found out which...

... and we've two candidates: os-crowdsec and os-maltrail or both.

I am not sure which combination is the problem, however, if I install the one or the other and reboot (without doing any configuration) I come back to the problem as described here. So for my situation, I am happy to not use the one or the other and have a working OPNsense system running :)

Last and least (for now) I want to state: I had both installed and everything worked before the update to OPNsense 25.7.10-amd64.

To find out the plugins, I stripped all PlugIns from the configuration file I had and used it as new configuration for a blank, fully updated, OPNsense 25.7.10-amd64. Then I added step by step all PlugIns I was sure they won't hurt and ended up with these two.

Since I've no time for further testing I've the following findings:

  • the ISP got the DHCPv6 requests and delivered the information back to OPNsense - this could be seen in the logfiles and via tcpdump etc...
  • it seems dhcp6c never got the result
  • Rules for the ports (even unsecure ones) on the WAN interface don't fix this as well
  • I am definitely not deep enough into firewalling with OPNsense or FreeBSD to find out the reason for my problem nor to fix it

So I hope someone here hat ideas - and a solution.
Print
Go Up Pages1
User actions