CALL FOR TESTING: IPv6 improvements!

Started by franco, January 16, 2026, 03:10:34 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 19, 2026, 04:42:35 PM #15
Great. Can you share the log line here or via PM? I don't have a setup obviously. Just for double-checking.


Thanks,
Franco
January 19, 2026, 06:22:41 PM #16
@franco If you need a DHCPv6 server which offers this option for testing, you can simply use OPNsense's ISC DHCPv6 server with a custom config:

Code Select
echo "option dhcp6.aftr-name test.aftr.example.com;" > /usr/local/etc/dhcpd6.opnsense.d/aftr.conf
I've done this before and it works just fine.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
January 19, 2026, 06:34:39 PM #17
Ok, I hadn't thought of that.  That will make testing via VM client easy.  :)

I mostly test against the Fritzbox these days.  Still pondering how to build an effective test suite around dhcp6c in the codebase itself to emulate such things, perhaps with packet captures.


Thanks,
Franco
January 19, 2026, 06:44:30 PM #18
As upstream routers for testing, I mostly use OPNsense VMs (radvd, ISC DHCPv6 etc.) as well as MikroTik RouterOS VMs (they have free VM images for testing and offer some features which OPNsense doesn't have, like a PPPoE server).

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
January 21, 2026, 02:42:58 PM #19
I have done part 1 here, everything seems ok so far.  I'll keep an eye on things.  I got a bit confused by whether I should see lifetimes, but I'm using "prevent release" for reasons I can no longer remember, so if I've understood correctly, I shouldn't expect to see lifetimes in that case.

I haven't done part 2, as I'm not running the development version.
January 21, 2026, 03:50:26 PM #20
Nice, thanks. Yes that is expected.

Part 2 is mostly for multi-wan but can wait. Still weighing if part 1 is good enough for 26.1 or if it should move to 26.1.1 just to have a revert target with 26.1.


Cheers,
Franco
Today at 06:44:38 AM #21
I have also completed the first part, and so far everything seems to be fine.
Code Select
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN (lan)
        options=880008<VLAN_MTU,LINKSTATE,HWSTATS>
        ether bc:24:11:e4:42:08
        inet 192.168.8.1 netmask 0xffffff00 broadcast 192.168.8.255
        inet6 fe80::be24:11ff:fee4:4208%vtnet0 prefixlen 64 scopeid 0x1
        inet6 2601:2c1:c600:5671:be24:11ff:fee4:4208 prefixlen 64 pltime 3700 vltime 3700
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=880008<VLAN_MTU,LINKSTATE,HWSTATS>
        ether bc:24:11:e3:3c:83
        inet 76.30.75.80 netmask 0xfffffc00 broadcast 255.255.255.255
        inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::be24:11ff:fee3:3c83%vtnet1 prefixlen 64 scopeid 0x2
        inet6 2001:558:6022:c6:b103:3def:f639:2dfb prefixlen 128 pltime 5505 vltime 5505
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


vlan0.10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: iot (opt1)
        options=80000<LINKSTATE>
        ether bc:24:11:e4:42:08
        inet 172.16.127.1 netmask 0xffffff00 broadcast 172.16.127.255
        inet6 fe80::be24:11ff:fee4:4208%vlan0.10 prefixlen 64 scopeid 0x7
        inet6 2601:2c1:c600:5672:be24:11ff:fee4:4208 prefixlen 64 pltime 3700 vltime 3700
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Today at 09:36:31 AM #22 Last Edit: Today at 09:38:43 AM by OPNenthu
I don't have multi-WAN but I just tried the first part.  I also see pltime = vltime and both are counting down.

I'm not using Prevent Release, but my /60 delegation doesn't change often so I don't think I should see anything interesting except these timers will eventually reset?

Code Select
root@firewall:~ # ifconfig -L
igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    description: LAN (lan)
    options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
    ether 64:xx:xx:xx:xx:9e
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    inet6 fe80::66xx:xxxx:xxxx:xx9e%igc0 prefixlen 64 scopeid 0x1
    inet6 2601:xx:xxxx:3161::1 prefixlen 64 pltime 4588 vltime 4588
    groups: IG_LOCAL IG_OUT_WAN IG_DNS IG_NTP IG_DROP_LOW
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    description: WAN (wan)
    options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
    ether 02:xx:xx:xx:xx:b2
    hwaddr 64:xx:xx:xx:xx:9f
    inet 69.xxx.xx.99 netmask 0xfffffc00 broadcast 255.255.255.255
    inet6 fe80::xx:xxxx:xxxx:xxb2%igc1 prefixlen 64 scopeid 0x2
    inet6 2601:xx:xxxx:3160:xxxx:xxxx:xxxx:xxxx prefixlen 64 pltime 4588 vltime 4588
    media: Ethernet autoselect (2500Base-T <full-duplex>)
    status: active
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
...
Today at 09:40:46 AM #23
> I'm not using Prevent Release, but my /60 delegation doesn't change often so I don't think I should see anything interesting except these timers will eventually reset?

Yes, correct.

The biggest issue we've had here was a kernel bug that would not update the link route lifetimes when they were renewed by the deamon. Ifconfig was fine but the route disappeared. This was fixed in 25.7.11 with https://github.com/opnsense/src/commit/46f807c0c

So you should see your prefix renew and your clients still able to connect after each renewal.

Thank you for testing.  The last few reports have improved the confidence to tag and ship the new dhcp6c code in 26.1 so we will probably do that.


Cheers,
Franco
Today at 09:54:27 AM #24
@franco, as we were typing the timers already refreshed.  It seemed like a very short interval.  The router uptime since the reboot is ~45 min.

No issues seen on the client(s) yet.  Will keep an eye on it.

Code Select
root@firewall:~ # ifconfig -L
igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: LAN (lan)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
ether 64:xx:xx:xx:xx:9e
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::66xx:xxxx:xxxx:xx9e%igc0 prefixlen 64 scopeid 0x1
inet6 2601:xx:xxxx:3161::1 prefixlen 64 pltime 6448 vltime 6448
groups: IG_LOCAL IG_OUT_WAN IG_DNS IG_NTP IG_DROP_LOW
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
ether 02:xx:xx:xx:xx:b2
hwaddr 64:xx:xx:xx:xx:9f
inet 69.xxx.xx.99 netmask 0xfffffc00 broadcast 255.255.255.255
inet6 fe80::xx:xxxx:xxxx:xxb2%igc1 prefixlen 64 scopeid 0x2
inet6 2601:xx:xxxx:3160:xxxx:xxxx:xxxx:xxxx prefixlen 64 pltime 6448 vltime 6448
media: Ethernet autoselect (2500Base-T <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
...

Today at 10:04:14 AM #25
Yup, renew intervals can be short.  In my setup it's 30 minutes.


Cheers,
Franco
Today at 10:09:55 AM #26
It's stuck on 7200 now for all interfaces and no longer counting down.  This all in short succession (sorry for the spam).

Expected?

Code Select
igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    description: WAN (wan)
    options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
    ether 02:xx:xx:xx:xx:b2
    hwaddr 64:xx:xx:xx:xx:9f
    inet 69.xxx.xx.99 netmask 0xfffffc00 broadcast 255.255.255.255
    inet6 fe80::xx:xxxx:xxxx:xxb2%igc1 prefixlen 64 scopeid 0x2
    inet6 2601:xx:xxxx:3160:xxxx:xxxx:xxxx:xxxx prefixlen 64 pltime 7200 vltime 7200
    media: Ethernet autoselect (2500Base-T <full-duplex>)
    status: active
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Today at 10:12:13 AM #27
-L is important to view the remaining lifetime :)
Today at 10:13:36 AM #28
Ah!  Didn't notice I had dropped it.  All looks fine.
Today at 01:59:44 PM #29 Last Edit: Today at 02:02:28 PM by franco
So https://github.com/opnsense/ports/commit/a1996a8fe27 is coming to 26.1-RC2 soon.  That more or less concludes 1.)

For 2.) I'll publish new patch instructions after 26.1 is out. I think they don't apply cleanly in all cases anymore since there were more moving parts and some things from the patch have been extracted and moved to the master branch because they were safe as is.


Thanks,
Franco
Print
Go Up Pages 1 2
User actions