[SOLVED] [17.1.5] Still no working IPv6 on LAN

Started by Space, April 26, 2017, 04:16:51 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 5
User actions
April 26, 2017, 04:16:51 PM Last Edit: April 26, 2017, 09:09:20 PM by Space
Hello,

with 17.1.4 and 17.1.5 (at least) I do not have IPv6 working on the LAN interface. IPv6 is set to DHCPv6 on WAN and it get's an IP from my Fritzbox:

Code Select
        inet6 fe80::1111:2222:3333:4444%em1 prefixlen 64 scopeid 0x2
        inet6 2002:aaaa:bbbb:0:1111:2222:3333:4444 prefixlen 64 autoconf


The "Interface List" in the dashboard only shows the fe80-address but not the one assigned by DHCPv6. The LAN interface is set to "Track Interface" but ifconfig still shows

Code Select
        inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1


and the clients on LAN are not able to access external IPv6 systems because they are not assigned any IPv6 ip.

Is this a known issue? Should I open an issue on github?

Thanks a lot and best regards,

    jochen
April 26, 2017, 04:37:33 PM #1
And this is from the logfile after changing the "IPv6 Prefix ID"

Code Select
Apr 26 16:35:27 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:35:27 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:35:27 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:35:27 OPNvirt radvd[12988]: sendmsg: Can't assign requested address
Apr 26 16:35:27 OPNvirt radvd[12988]: resuming normal operation
Apr 26 16:35:30 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:35:30 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:35:30 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:35:30 OPNvirt radvd[12988]: resuming normal operation
Apr 26 16:36:42 OPNvirt radvd[12988]: attempting to reread config file
Apr 26 16:36:42 OPNvirt radvd[12988]: no auto-selected prefix on interface em0, disabling advertisements
Apr 26 16:36:42 OPNvirt radvd[12988]: can't join ipv6-allrouters on em0
Apr 26 16:36:42 OPNvirt radvd[12988]: sendmsg: Can't assign requested address
Apr 26 16:36:42 OPNvirt radvd[12988]: resuming normal operation


Best regards,

    Jochen
April 26, 2017, 04:52:36 PM #2
Hi,

I have attached the output of the dhcpd.log (IDs are obfuscated). Do I need to change some settings on the FritzBox maybe?

Code Select
Apr 26 16:36:42 OPNvirt dhcp6c[79517]: get DHCP option opt_86, len 16
Apr 26 16:36:42 OPNvirt dhcp6c[79517]: unknown or unexpected DHCP6 option opt_86, len 16


Thanks for any help and best regards,

   Jochen
April 26, 2017, 06:40:54 PM #3 Last Edit: April 26, 2017, 06:45:51 PM by franco
Hi Jochen,

I've been over the code a few times for radvd and nothing changed there that would time with this problem, we also never updated to the bad radvd, luckily caught in time for the initial 17.1 release.

So the real question is some other interface-related code ought to have changed, which would mean we need to look at the OPNsense system log?


Cheers,
Franco
April 26, 2017, 07:02:18 PM #4
Hi Jochen

Please double check your FritzBox and WAN config. I don't see in your logs any entry wrt to prefixes accordingly

When I understand you correctly, you want to assign ipv6 addresses derived from the prefix which your fritzbox is getting from your ISP.

Your fritzbox should then be set in your home net menu->network config->ipv6 addresses to 'Assign DNS Server and ipv6 prefix'.

Then, on the opnsense, WAN interface, click

use ipv4 connection
request only ipv6 prefix
DHCP6 prefix delegation size 60
send prefix hint

on LAN: read from interface WAN
Assign network ID 0; other interfaces get subsequent id 1,2 etc.

Then it should work

Br br
April 26, 2017, 08:20:13 PM #5 Last Edit: April 26, 2017, 08:27:20 PM by Space
Hi br,

I have the following settings active in the FritzBox:

Code Select
- Unique Local Addresses (ULA) zuweisen, solange keine IPv6-Internetverbindung besteht (empfohlen)
- Diese FRITZ!Box stellt den Standard-Internetzugang zur Verfügung
- DNSv6-Server auch über Router Advertisement bekanntgeben (RFC 5006)
- DNS-Server und IPv6-Präfix (IA_PD)zuweisen
- FRITZ!Box als DNS-Server via DHCPv6 bekannt geben. Teile des vom Internetanbieter zugewiesenen IPv6-Netzes an nachgelagerte Router weitergeben.

In OPNsense I have the settings you mentioned + debug but it still does not work.

Thanks for your suggestions and support!
April 26, 2017, 08:26:16 PM #6
Quote from: franco on April 26, 2017, 06:40:54 PM
So the real question is some other interface-related code ought to have changed, which would mean we need to look at the OPNsense system log?

Hi Franco,

what infos do you need? Can I send you the logfile somehow?

Thanks and best regards,

    Jochen
April 26, 2017, 09:08:29 PM #7 Last Edit: April 26, 2017, 09:22:07 PM by Space
Now ... I ... am ... puzzled ...

I have an IPv6 on LAN and on my servers ... I am not sure (tried many things). E.g.:

- on Fritzbox I have disabled option "DNSv6-Server auch über Router Advertisement bekanntgeben (RFC 5006)" -- could this have caused the "unknown or unexpected DHCP6 option opt_86"?
- on OPNsense I have enabled shared forwarding:

Code Select
sysctl net.pf.share_forward=1

The only other changes I found was that I disabled "Advanced Mode" and switched the prefix ID back and forth and changed the dhcp6-ia-pd-len.

Could any of these options be related?

Nevertheless: thanks a lot for your support! I really like OPNsense!

Thanks and best regards,

    Jochen
April 27, 2017, 05:57:15 AM #8
IMO, advanced mode for the DHCPv6 client configuration is completely broken, it prevents the prefix config for tracked interfaces from being written at all, making the entire config quite pointless. Stick to Basic and it should work fine.
April 27, 2017, 07:40:38 AM #9
Funny ... I had enabled it because it did not work (for whatever reason) at some point in time and I wanted to enable the debug switch :)

Thanks and best regards,

    Jochen
May 05, 2017, 06:02:49 PM #10
Jochen, this gives me hope that I can solve the issue as well.

I have a seemingly identical setup with respect to OPNSense which fails to hand out IPv6 addresses to LAN. Would you mind posting the relevant parts of your configuration?

sysctl net.pf.share_forward=1 did not help so far.

Kind regards,
Boris
May 05, 2017, 06:49:59 PM #11
Boris was kind enough to give a peek into his setup. It looks like track behaviour changed and can't pick up the IPv6 anymore, but at this point it's not clear why. WAN IPv6 (prefix) works fine so no problems with ISP, rtsold and dhcp6 configuration.

More on this next week. :)


Cheers,
Franco
May 06, 2017, 12:11:27 AM #12
Sure:

WAN-interface:

Code Select
IPv6 Configuration Type: DHCPv6
Configuration Mode: Basic
Use IPv4 connectivity: yes
Request only a IPv6 prefix: yes
Directly send SOLICIT: yes
DHCPv6 Prefix Delegation size: 60
Send IPv6 prefix hint: yes

LAN-Interface:

Code Select
IPv6 Configuration Type: Track Interface
IPv6 Interface: WAN
IPv6 Prefix ID: 1 or 2

Hope this helps ... But it takes some time to pick up the IPv6 IP when I press save on the LAN interface.

Best regards,

    Jochen
May 06, 2017, 09:39:35 AM #13
Hi Jochen,

Quote from: Space on May 06, 2017, 12:11:27 AM
Hope this helps ... But it takes some time to pick up the IPv6 IP when I press save on the LAN interface.

That's what I saw yesterday during testing also. This can take a minute for the IPv6 addresses to show up, though it seems this is forced by the server not answering the client request / solicit right away so the client ends up sending multiple solicit messages before that works.

@Boris, I could see in Services: DHCP: Log file for dhcp6c that when the server on the other side doesn't propagate a prefix tracking doesn't work... There must be something like this in the log:

May 6 09:35:58   dhcp6c[26048]: T1(2250) and/or T2(3600) is locally determined
May 6 09:35:58   dhcp6c[26048]: add an address 2001:470:25:233::ffd1/128 on em1
May 6 09:35:58   dhcp6c[26048]: T1(2250) and/or T2(3600) is locally determined
May 6 09:35:58   dhcp6c[26048]: add an address 2001:470:29:0:a00:27ff:febd:79ad/64 on em0
May 6 09:35:58   dhcp6c[26048]: dhcp6c Received REQUEST
May 6 09:35:58   dhcp6c[26048]: Sending Request
May 6 09:35:57   dhcp6c[26048]: Sending Solicit
May 6 09:35:49   dhcp6c[26048]: Sending Solicit
May 6 09:35:45   dhcp6c[26048]: Sending Solicit
May 6 09:35:43   dhcp6c[26048]: Sending Solicit
May 6 09:35:42   dhcp6c[26048]: Sending Solicit


Cheers,
Franco
May 07, 2017, 10:37:11 AM #14
Thanks, Jochen, for citing your configuration. I had no luck with it either.

Franco, I read your note on the prefix and browsed the web for such issues with my ISP and cable modem brand. I start to believe that the root of the problem is the modem and/or ISP. In particular, if I reconfigure the cable modem's DHCPv6 server from Stateless to Stateful, I do not even get an IPv6 address on the WAN interface. In none of the configurations I tried I ever get anything else than "Sending solicit".

I will ask my ISP.

Best regards,
Boris

Print
Go Up Pages1 2 3 ... 5
User actions