[SOLVED] [17.1.5] Still no working IPv6 on LAN

[gothbert]

do someone have a working configuration with a ppoe over modem connection? I still have a problem with ipv6 and opnsense:

Have you suricata (Intrusion Detection) turned on or off? If it is turned on, could you please turn it off and reboot and see if the prefix and IPv6 at the LAN interface come up?

[zitlo]

Hello,

@gothbert: no surica is off.
@franco: I will check when Im back home

thank you all

[zitlo]

So I made a few screenshots:

[zitlo]

When I add some ipv6 DNS Servers I get an error:

[zitlo]

I made two firewall rules:

WAN: IPv4+6 ICMP   Allow all
LAN: IPv4+6 ICMP   Allow all

[zitlo]

I can ping any host from my opnsense GUI:

PING6(56=40+8+8 bytes) 2003:c2:ebbf:1d64:20d:xxxx:xxxx:xxxx --> 2001:1900:2254:206a::50:0
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=0 hlim=58 time=171.710 ms
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=1 hlim=58 time=171.586 ms
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=2 hlim=58 time=171.838 ms

--- freebsd.org ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 171.586/171.711/171.838/0.103 ms

[zitlo]

mg@ZOS1337:~ % cat /var/etc/radvd.conf
# Automatically Generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface igb1 {
   AdvSendAdvert on;
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1500;
   AdvOtherConfigFlag on;
      prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr on;
   };
   RDNSS 2620:0:ccc::2 2620:0:ccd::2 { };
   DNSSL localdomain { };
};

[Space]

Hi,

if you check the interfaces ... on which interface do you see an IPv6 address? Is it on WAN or LAN?

What messages do you see in the dhcp log?
Best regards,

    Jochen

[franco]

Yes, you do not receive a prefix (empty "::/64"). It's likely due to your device in front of OPNsense not giving out one.

Under Interfaces: [WAN], can you try to set "Directly send SOLICIT"?


Cheers,
Franco

[Space]

And if you are using OpenVPN ... please try to disable the OpenVPN service.

Whenever I boot up my OPNsense box or do an action that forces a save of the interfaces I have to stop the OpenVPN service. Then the router advertisements are received by dhcp6c and the IPv6 is then set on the LAN interface and apinger, ntpd and OpenVPN services are started again automatically afterwards.

@Franco: do you think there is an option to stop OpenVPN like ntpd and apinger are stopped until IPv6 is up and running? Or do you have an idea why OpenVPN is listening on port 546 and intercepts the packets that dhcp6c should get? See the issue I opened some time ago: https://github.com/opnsense/core/issues/1668.

Thanks,

    Jochen

[zitlo]

Hi,

if you check the interfaces ... on which interface do you see an IPv6 address? Is it on WAN or LAN?

What messages do you see in the dhcp log?
Best regards,

    Jochen

only on ppoe0

Code Select Expand

pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
inet6 fe80::20d:b9ff:fe47:1a9c%pppoe0 prefixlen 64 scopeid 0xb
inet6 fe80::20d:b9ff:fe47:1a9d%pppoe0 prefixlen 64 scopeid 0xb
inet6 2003:c2:ebbf:2ea9:xxx:xxxx:xxxx:1a9c prefixlen 64 autoconf
inet 46.91.190.79 --> 62.155.241.133  netmask 0xffffffff
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

[zitlo]

Code Select Expand


igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
ether 00:0d:b9:47:1a:9c
inet6 fe80::20d:b9ff:fe47:1a9c%igb0 prefixlen 64 scopeid 0x1
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,TXCSUM_IPV6>
ether 00:0d:b9:47:1a:9d
inet 192.168.91.254 netmask 0xffffff00 broadcast 192.168.91.255
inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:0d:b9:47:1a:9e
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: off
ovpns1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
igb1_vlan20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:0d:b9:47:1a:9d
inet6 fe80::20d:b9ff:fe47:1a9d%igb1_vlan20 prefixlen 64 scopeid 0x9
inet 192.168.20.254 netmask 0xffffff00 broadcast 192.168.20.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 20 vlanpcp: 0 parent interface: igb1
groups: vlan
igb1_vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:0d:b9:47:1a:9d
inet6 fe80::20d:b9ff:fe47:1a9d%igb1_vlan30 prefixlen 64 scopeid 0xa
inet 192.168.30.254 netmask 0xffffff00 broadcast 192.168.30.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 30 vlanpcp: 0 parent interface: igb1
groups: vlan
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
inet6 fe80::20d:b9ff:fe47:1a9c%pppoe0 prefixlen 64 scopeid 0xb
inet6 fe80::20d:b9ff:fe47:1a9d%pppoe0 prefixlen 64 scopeid 0xb
inet6 2003:c2:ebbf:2ea9:20d:xxxx:xxxx:xxxx prefixlen 64 autoconf
inet 46.91.xxx.xx --> 62.155.241.xxx  netmask 0xffffffff
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

[zitlo]

Yes, you do not receive a prefix (empty "::/64"). It's likely due to your device in front of OPNsense not giving out one.

Under Interfaces: [WAN], can you try to set "Directly send SOLICIT"?


Cheers,
Franco

OK SOLICIT is active

Code Select Expand

cat /var/etc/radvd.conf
# Automatically Generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface igb1 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS 2620:0:ccc::2 2620:0:ccd::2 { };
DNSSL localdomain { };
};


[zitlo]

Yes, you do not receive a prefix (empty "::/64"). It's likely due to your device in front of OPNsense not giving out one.

Under Interfaces: [WAN], can you try to set "Directly send SOLICIT"?


Cheers,
Franco

DHCP6 log

Code Select Expand


ul 11 21:35:37 ZOS1337 dhcp6c[55924]: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:20:f6:7f:5e:00:0d:b9:47:1a:9c
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: failed initialize control message authentication
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: skip opening control port
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>[interface] (9)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <5>[pppoe0] (6)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>begin of closure [{] (1)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>[script] (6)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>end of sentence [;] (1)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>end of closure [}] (1)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: <3>end of sentence [;] (1)
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: called
Jul 11 21:35:37 ZOS1337 dhcp6c[55924]: called
Jul 11 21:35:37 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=INIT, timeo=0, retrans=891
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: a new XID (85ac73) is generated
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:35:38 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=0, retrans=1091
Jul 11 21:35:39 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:35:39 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:35:39 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:35:39 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:35:39 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=1, retrans=2083
Jul 11 21:35:41 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:35:41 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:35:41 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:35:41 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:35:41 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=2, retrans=3982
Jul 11 21:35:45 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:35:45 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:35:45 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:35:45 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:35:45 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=3, retrans=8065
Jul 11 21:35:53 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:35:53 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:35:53 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:35:53 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:35:53 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=4, retrans=16326
Jul 11 21:36:04 ZOS1337 dhcp6c[99764]: Sending Solicit
Jul 11 21:36:09 ZOS1337 dhcp6c[56598]: Sending Solicit
Jul 11 21:36:09 ZOS1337 dhcp6c[56598]: set client ID (len 14)
Jul 11 21:36:09 ZOS1337 dhcp6c[56598]: set elapsed time (len 2)
Jul 11 21:36:09 ZOS1337 dhcp6c[56598]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:09 ZOS1337 dhcp6c[56598]: reset a timer on pppoe0, state=SOLICIT, timeo=5, retrans=31928
Jul 11 21:36:26 ZOS1337 dhcp6c[56598]: removing an event on pppoe0, state=SOLICIT
Jul 11 21:36:26 ZOS1337 dhcp6c[56598]: executes /var/etc/dhcp6c_wan_script.sh
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:20:f6:7f:5e:00:0d:b9:47:1a:9c
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: failed initialize control message authentication
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: skip opening control port
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>[interface] (9)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <5>[pppoe0] (6)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>begin of closure [{] (1)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>[script] (6)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>end of sentence [;] (1)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>end of closure [}] (1)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: <3>end of sentence [;] (1)
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: called
Jul 11 21:36:27 ZOS1337 dhcp6c[55726]: called
Jul 11 21:36:27 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=INIT, timeo=0, retrans=891
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: a new XID (7ac87) is generated
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:28 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=0, retrans=1091
Jul 11 21:36:29 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:36:29 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:36:29 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:36:29 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:29 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=1, retrans=2083
Jul 11 21:36:31 ZOS1337 dhcp6c[56598]: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 11 21:36:31 ZOS1337 dhcp6c[56598]: exiting
Jul 11 21:36:31 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:36:31 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:36:31 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:36:31 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:31 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=2, retrans=3982
Jul 11 21:36:35 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:36:35 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:36:35 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:36:35 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:35 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=3, retrans=8065
Jul 11 21:36:43 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:36:43 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:36:43 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:36:43 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:36:43 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=4, retrans=16326
Jul 11 21:37:00 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:37:00 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:37:00 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:37:00 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:37:00 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=5, retrans=31928
Jul 11 21:37:32 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:37:32 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:37:32 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:37:32 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:37:32 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=6, retrans=64469
Jul 11 21:37:57 ZOS1337 dhcp6c[99764]: Sending Solicit
Jul 11 21:44:31 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:44:31 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:44:31 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:44:31 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:44:31 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=10, retrans=111000
Jul 11 21:45:40 ZOS1337 dhcp6c[99764]: Sending Solicit
Jul 11 21:46:22 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:46:22 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:46:22 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:46:22 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:46:22 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=11, retrans=120720
Jul 11 21:47:31 ZOS1337 dhcp6c[99764]: Sending Solicit
Jul 11 21:48:23 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:48:23 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:48:23 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:48:23 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:48:23 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=12, retrans=108504
Jul 11 21:49:29 ZOS1337 dhcp6c[99764]: Sending Solicit
Jul 11 21:50:11 ZOS1337 dhcp6c[55879]: Sending Solicit
Jul 11 21:50:11 ZOS1337 dhcp6c[55879]: set client ID (len 14)
Jul 11 21:50:11 ZOS1337 dhcp6c[55879]: set elapsed time (len 2)
Jul 11 21:50:11 ZOS1337 dhcp6c[55879]: send solicit to ff02::1:2%pppoe0
Jul 11 21:50:11 ZOS1337 dhcp6c[55879]: reset a timer on pppoe0, state=SOLICIT, timeo=13, retrans=110940



[zitlo]

Sorry for posting in a row.

Thank you for your help!

I deactivated openvpn and restarted opnsense.