Need to select "Prefer to use IPv4 even if IPv6 available" to upgrade to 26.1?

Started by trdeal, February 04, 2026, 07:05:54 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 04, 2026, 07:05:54 AM
Hi,
After trying to upgrade to 26.1 even using Option 12 on the console and it failing with truncated .sig files. After googling I found a suggestion to enable "Prefer to use IPv4 even if IPv6 available" immediately doing this the upgrade process was completely different when this option was not selected. A summary of the upgrade and its changed appeared which appears to be hosted on github based on forum post did not appear when the option was not selected. When I perform a dig for github.com it does not have an IPv6 address which explains why it did not appear.

dig @8.8.8.8 github.com aaaa

; <<>> DiG 9.18.42 <<>> @8.8.8.8 github.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26887
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;github.com.                    IN      AAAA

;; AUTHORITY SECTION:
github.com.             1112    IN      SOA     dns1.p08.nsone.net. hostmaster.nsone.net. 1656468023 43200 7200 1209600 3600

;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Wed Feb 04 05:54:38 GMT 2026
;; MSG SIZE  rcvd: 104

Is there any possibility to IPv6 support incorporated into the upgrade process so that "Prefer to use IPv4 even if IPv6 available" is not required in the future to perform an upgrade. Just to put things into context IPv6 traffic arriving at google.com peaked at 49.57% so far this year, it was 46.43% in January 2025. https://www.google.com/intl/en/ipv6/statistics.html

February 04, 2026, 08:24:20 AM #1
> Is there any possibility to IPv6 support incorporated into the upgrade process so that "Prefer to use IPv4 even if IPv6 available" is not required in the future to perform an upgrade.

Isn't this a question for your ISP?  Your IPv6 is not fully functional.


Cheers,
Franco
February 04, 2026, 07:28:56 PM #2
Thanks for the feedback, however I never had a problem with IPv6 connectivity in 11 years except with pfsense and now Opnsense (same problem with major upgrades), while upgrades within a major release never cause an issue with "Prefer to use IPv4 even if IPv6 available" disabled.
 
February 04, 2026, 08:12:23 PM #3
Just post your firmware connectivity audit here so we can see :)


Cheers,
Franco
Today at 10:46:26 AM #4
Hi,
Here is the Run an Audit selecting the Upgrade Log, unfortunately it does not show the multiple failed upgrades with "Prefer to use IPv4 even if IPv6 available" disabled. I have been checking the logs on the Firewall and the syslog server.

Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 930 packages processed.
OPNsense is up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
OPNsense is up to date.
Checking for upgrades (207 candidates): .......... done
Processing candidates (207 candidates): .......... done
Checking integrity... done (1 conflicting)
- os-isc-dhcp-1.0_3 conflicts with opnsense-25.7.11_9 on /usr/local/etc/dhcpd.opnsense.d/README
Checking integrity... done (0 conflicting)
The following 207 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
dhcp6c: 20250513 -> 20260122
hostwatch: 1.0.6 -> 1.0.11
opnsense: 25.7.11_9 -> 26.1_4
opnsense-lang: 25.7.4 -> 26.1
opnsense-update: 25.7.11 -> 26.1
os-acme-client: 4.11 -> 4.12
os-isc-dhcp: 0.1 -> 1.0_3

Installed packages to be REINSTALLED:
abseil-20250127.1
acme.sh-3.1.2
bash-5.3.9
beep-1.0_2
bind-tools-9.20.16
boost-libs-1.89.0_1
brotli-1.2.0,1
ca_root_nss-3.117_2
choparp-20150613_1
cpdup-1.22_1
cpustats-0.1
curl-8.17.0
cyrus-sasl-2.1.28_5
cyrus-sasl-gssapi-2.1.28
dhcrelay-1.0
dmidecode-3.6
dnsmasq-2.91_1,1
dpinger-3.4
easy-rsa-3.2.4,1
expat-2.7.3
filterlog-0.7_2
flock-2.37.2_1
flowd-0.9.1_5
fstrm-0.6.1_1
gettext-runtime-0.26
glib-2.84.4,2
gmp-6.3.0
hostapd-2.11_3
hyperscan-5.4.2
icu-76.1,1
ifinfo-13.0_1
iftop-1.0.p4_1
indexinfo-0.3.1_1
isc-dhcp44-server-4.4.3P1_2
ivykis-0.43.2_1
jansson-2.14.1
jq-1.8.1
json-c-0.18
jsoncpp-1.9.6_1
kea-3.0.2
krb5-1.22.1
ldns-1.8.4
libargon2-20190702_1
libcbor-0.13.0
libedit-3.1.20251016_1,1
libevent-2.1.12
libffi-3.5.1
libfido2-1.16.0
libgcrypt-1.11.2
libgpg-error-1.58
libiconv-1.18_1
libidn2-2.3.8
libinotify-20240724_3
libltdl-2.5.4
liblz4-1.10.0_2,1
libmcrypt-2.5.8_4
libnet-1.3,1
libnghttp2-1.68.0
libpfctl-0.17
libpsl-0.21.5_2
libsodium-1.0.21
libucl-0.9.3
libunistring-1.4.1
liburcu-0.15.3
libuuid-2.41.1_1
libuv-1.51.0
libxml2-2.14.6
libxslt-1.1.43_1
libyaml-0.2.5
lighttpd-1.4.82
log4cplus-2.1.2
lua54-5.4.8
lzo2-2.10_1
monit-5.35.2
mpd5-5.9_19
mpdecimal-4.0.1
netdata-2.8.1_1
nettle-3.10.2
nspr-4.38.2
nss-3.119.1
ntp-4.2.8p18_5
oniguruma-6.9.10
openldap26-client-2.6.10
openssh-portable-10.2.p1_1,1
openssl-3.0.18,1
openvpn-2.6.17
opnsense-installer-25.1
os-dmidecode-1.2
os-netdata-1.2_1
os-smart-2.4
os-vnstat-1.3_1
pam_opnsense-24.1
pcre2-10.47_1
perl5-5.42.0_1
pftop-0.13
php83-8.3.28
php83-ctype-8.3.28
php83-curl-8.3.28
php83-dom-8.3.28
php83-filter-8.3.28
php83-gettext-8.3.28
php83-ldap-8.3.28
php83-mbstring-8.3.28
php83-pcntl-8.3.28
php83-pdo-8.3.28
php83-pear-1.10.16
php83-pear-Crypt_CHAP-1.5.0_1
php83-pecl-mcrypt-1.0.7
php83-pecl-radius-1.4.0b1_3
php83-phalcon-5.9.3
php83-phpseclib-3.0.48
php83-session-8.3.28
php83-simplexml-8.3.28
php83-sockets-8.3.28
php83-sqlite3-8.3.28
php83-xml-8.3.28
php83-zlib-8.3.28
pkcs11-helper-1.31.0
pkg-2.3.1_1
pkgconf-2.4.3,1
protobuf-29.5,1
protobuf-c-1.5.1_3
py311-Babel-2.17.0_1
py311-Jinja2-3.1.6
py311-aioquic-1.3.0_1
py311-anyio-4.12.0
py311-async_generator-1.10_1
py311-attrs-25.4.0
py311-beautifulsoup-4.13.4_2
py311-bottleneck-1.3.8_1
py311-certifi-2025.11.12
py311-cffi-1.17.1
py311-charset-normalizer-3.4.4
py311-cryptography-45.0.7_1,1
py311-dns-lexicon-3.23.2
py311-dnspython-2.8.0_1,1
py311-duckdb-1.3.2
py311-filelock-3.19.1
py311-h11-0.16.0
py311-h2-4.1.0_1
py311-hpack-4.0.0_1
py311-html5lib-1.1_1
py311-httpcore-1.0.9
py311-httpx-0.28.1_1
py311-hyperframe-6.0.0_1
py311-idna-3.11
py311-jq-1.10.0
py311-ldap3-2.9.1_1
py311-lxml-6.0.1
py311-markupsafe-3.0.3
py311-numexpr-2.14.1
py311-numpy-1.26.4_11,1
py311-outcome-1.3.0_2
py311-packaging-25.0
py311-pandas-2.3.3,1
py311-pyasn1-0.6.0
py311-pyasn1-modules-0.4.1
py311-pycparser-2.23
py311-pylsqpack-0.3.23
py311-pyopenssl-25.3.0_1,1
py311-pyotp-2.9.0_1
py311-pysocks-1.7.1_1
py311-python-dateutil-2.9.0
py311-pytz-2025.2_1,1
py311-pyyaml-6.0.3
py311-requests-2.32.5
py311-requests-file-2.0.0
py311-service-identity-24.2.0
py311-six-1.17.0
py311-sniffio-1.3.1
py311-socksio-1.0.0_1
py311-sortedcontainers-2.4.0_1
py311-soupsieve-2.8
py311-sqlite3-3.11.14_11
py311-tldextract-5.3.0
py311-trio-0.32.0
py311-truststore-0.10.4
py311-typing-extensions-4.15.0
py311-tzdata-2025.3
py311-ujson-5.11.0
py311-urllib3-2.6.0,1
py311-vici-6.0.3
py311-webencodings-0.5.1_1
python311-3.11.14
radvd-2.20
readline-8.3.1
rrdtool-1.9.0_1
samplicator-1.3.8.r1_1
smartmontools-7.5_1
socat-1.8.1.0
sqlite3-3.50.4_2,1
strongswan-6.0.3_1
sudo-1.9.17p2_2
suricata-8.0.3
syslog-ng-4.10.2
unbound-1.24.2
vnstat-2.13
wpa_supplicant-2.11_7
zip-3.0_4
zstd-1.5.7_1

Number of packages to be upgraded: 7
Number of packages to be reinstalled: 200
[1/207] Reinstalling abseil-20250127.1...
[1/207] Extracting abseil-20250127.1: .......... done
[2/207] Reinstalling beep-1.0_2...
[2/207] Extracting beep-1.0_2: ..... done
[3/207] Reinstalling brotli-1.2.0,1...
[3/207] Extracting brotli-1.2.0,1: .......... done
[4/207] Reinstalling ca_root_nss-3.117_2...
[4/207] Extracting ca_root_nss-3.117_2: ..... done
[5/207] Reinstalling choparp-20150613_1...
[5/207] Extracting choparp-20150613_1: ...... done
[6/207] Reinstalling cpustats-0.1...
[6/207] Extracting cpustats-0.1: . done
[7/207] Upgrading dhcp6c from 20250513 to 20260122...
[7/207] Extracting dhcp6c-20260122: ........ done
[8/207] Reinstalling dhcrelay-1.0...
[8/207] Extracting dhcrelay-1.0: ....... done
[9/207] Reinstalling dmidecode-3.6...
[9/207] Extracting dmidecode-3.6: .......... done
[10/207] Reinstalling dpinger-3.4...
[10/207] Extracting dpinger-3.4: .... done
[11/207] Reinstalling easy-rsa-3.2.4,1...
[11/207] Extracting easy-rsa-3.2.4,1: .......... done
[12/207] Reinstalling expat-2.7.3...
[12/207] Extracting expat-2.7.3: .......... done
[13/207] Reinstalling filterlog-0.7_2...
[13/207] Extracting filterlog-0.7_2: .... done
[14/207] Reinstalling flock-2.37.2_1...
[14/207] Extracting flock-2.37.2_1: ...... done
[15/207] Reinstalling flowd-0.9.1_5...
===> Creating groups
Using existing group '_flowd'
===> Creating users
Using existing user '_flowd'
[15/207] Extracting flowd-0.9.1_5: .......... done
[16/207] Upgrading hostwatch from 1.0.6 to 1.0.11...
===> Creating groups
Using existing group 'hostd'
===> Creating users
Using existing user 'hostd'
[16/207] Extracting hostwatch-1.0.11: ..... done
[17/207] Reinstalling hyperscan-5.4.2...
[17/207] Extracting hyperscan-5.4.2: .......... done
[18/207] Reinstalling icu-76.1,1...
[18/207] Extracting icu-76.1,1: .......... done
[19/207] Reinstalling ifinfo-13.0_1...
[19/207] Extracting ifinfo-13.0_1: .... done
[20/207] Reinstalling iftop-1.0.p4_1...
[20/207] Extracting iftop-1.0.p4_1: ..... done
[21/207] Reinstalling indexinfo-0.3.1_1...
[21/207] Extracting indexinfo-0.3.1_1: .... done
[22/207] Reinstalling bash-5.3.9...
[22/207] Extracting bash-5.3.9: .......... done
[23/207] Reinstalling gettext-runtime-0.26...
[23/207] Extracting gettext-runtime-0.26: .......... done
[24/207] Reinstalling gmp-6.3.0...
[24/207] Extracting gmp-6.3.0: .......... done
[25/207] Reinstalling ivykis-0.43.2_1...
[25/207] Extracting ivykis-0.43.2_1: .......... done
[26/207] Reinstalling jansson-2.14.1...
[26/207] Extracting jansson-2.14.1: .......... done
[27/207] Reinstalling json-c-0.18...
[27/207] Extracting json-c-0.18: .......... done
[28/207] Reinstalling jsoncpp-1.9.6_1...
[28/207] Extracting jsoncpp-1.9.6_1: .......... done
[29/207] Reinstalling libargon2-20190702_1...
[29/207] Extracting libargon2-20190702_1: .......... done
[30/207] Reinstalling libcbor-0.13.0...
[30/207] Extracting libcbor-0.13.0: .......... done
[31/207] Reinstalling libedit-3.1.20251016_1,1...
[31/207] Extracting libedit-3.1.20251016_1,1: .......... done
[32/207] Reinstalling libffi-3.5.1...
[32/207] Extracting libffi-3.5.1: .......... done
[33/207] Reinstalling libgpg-error-1.58...
[33/207] Extracting libgpg-error-1.58: .......... done
[34/207] Reinstalling libgcrypt-1.11.2...
[34/207] Extracting libgcrypt-1.11.2: .......... done
[35/207] Reinstalling libiconv-1.18_1...
[35/207] Extracting libiconv-1.18_1: .......... done
[36/207] Reinstalling libinotify-20240724_3...
[36/207] Extracting libinotify-20240724_3: .......... done
[37/207] Reinstalling libltdl-2.5.4...
[37/207] Extracting libltdl-2.5.4: .......... done
[38/207] Reinstalling liblz4-1.10.0_2,1...
[38/207] Extracting liblz4-1.10.0_2,1: .......... done
[39/207] Reinstalling libmcrypt-2.5.8_4...
[39/207] Extracting libmcrypt-2.5.8_4: .......... done
[40/207] Reinstalling libnet-1.3,1...
[40/207] Extracting libnet-1.3,1: .......... done
[41/207] Reinstalling libnghttp2-1.68.0...
[41/207] Extracting libnghttp2-1.68.0: .......... done
[42/207] Reinstalling libpfctl-0.17...
[42/207] Extracting libpfctl-0.17: ...... done
[43/207] Reinstalling libsodium-1.0.21...
[43/207] Extracting libsodium-1.0.21: .......... done
[44/207] Reinstalling libunistring-1.4.1...
[44/207] Extracting libunistring-1.4.1: .......... done
[45/207] Reinstalling libidn2-2.3.8...
[45/207] Extracting libidn2-2.3.8: .......... done
[46/207] Reinstalling libpsl-0.21.5_2...
[46/207] Extracting libpsl-0.21.5_2: .......... done
[47/207] Reinstalling liburcu-0.15.3...
[47/207] Extracting liburcu-0.15.3: .......... done
[48/207] Reinstalling libuuid-2.41.1_1...
[48/207] Extracting libuuid-2.41.1_1: .......... done
[49/207] Reinstalling libuv-1.51.0...
[49/207] Extracting libuv-1.51.0: .......... done
[50/207] Reinstalling libyaml-0.2.5...
[50/207] Extracting libyaml-0.2.5: ......... done
[51/207] Reinstalling log4cplus-2.1.2...
[51/207] Extracting log4cplus-2.1.2: .......... done
[52/207] Reinstalling lua54-5.4.8...
[52/207] Extracting lua54-5.4.8: ......... done
[53/207] Reinstalling libucl-0.9.3...
[53/207] Extracting libucl-0.9.3: .......... done
[54/207] Reinstalling lzo2-2.10_1...
[54/207] Extracting lzo2-2.10_1: .......... done
[55/207] Reinstalling mpd5-5.9_19...
[55/207] Extracting mpd5-5.9_19: .......... done
[56/207] Reinstalling mpdecimal-4.0.1...
[56/207] Extracting mpdecimal-4.0.1: .......... done
[57/207] Reinstalling nettle-3.10.2...
[57/207] Extracting nettle-3.10.2: .......... done
[58/207] Reinstalling dnsmasq-2.91_1,1...
[58/207] Extracting dnsmasq-2.91_1,1: .......... done
[59/207] Reinstalling nspr-4.38.2...
[59/207] Extracting nspr-4.38.2: .......... done
[60/207] Reinstalling oniguruma-6.9.10...
[60/207] Extracting oniguruma-6.9.10: .......... done
[61/207] Reinstalling jq-1.8.1...
[61/207] Extracting jq-1.8.1: .......... done
[62/207] Reinstalling openssl-3.0.18,1...
[62/207] Extracting openssl-3.0.18,1: .......... done
[63/207] Reinstalling cpdup-1.22_1...
[63/207] Extracting cpdup-1.22_1: ..... done
[64/207] Reinstalling cyrus-sasl-2.1.28_5...
*** Updated user `cyrus'.
[64/207] Extracting cyrus-sasl-2.1.28_5: .......... done
[65/207] Reinstalling hostapd-2.11_3...
[65/207] Extracting hostapd-2.11_3: ....... done
[66/207] Reinstalling ldns-1.8.4...
[66/207] Extracting ldns-1.8.4: .......... done
[67/207] Reinstalling libevent-2.1.12...
[67/207] Extracting libevent-2.1.12: .......... done
[68/207] Reinstalling fstrm-0.6.1_1...
[68/207] Extracting fstrm-0.6.1_1: .......... done
[69/207] Reinstalling libfido2-1.16.0...
[69/207] Extracting libfido2-1.16.0: .......... done
[70/207] Reinstalling monit-5.35.2...
[70/207] Extracting monit-5.35.2: ....... done
[71/207] Reinstalling openssh-portable-10.2.p1_1,1...
[71/207] Extracting openssh-portable-10.2.p1_1,1: .......... done
[72/207] Reinstalling opnsense-installer-25.1...
[72/207] Extracting opnsense-installer-25.1: .......... done
[73/207] Upgrading opnsense-lang from 25.7.4 to 26.1...
[73/207] Extracting opnsense-lang-26.1: .......... done
[74/207] Upgrading opnsense-update from 25.7.11 to 26.1...
[74/207] Extracting opnsense-update-26.1: .......... done
[75/207] Reinstalling os-dmidecode-1.2...
[75/207] Extracting os-dmidecode-1.2: ...... done
configd not running? (check /var/run/configd.pid).
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
[76/207] Reinstalling pam_opnsense-24.1...
[76/207] Extracting pam_opnsense-24.1: ........ done
[77/207] Reinstalling pcre2-10.47_1...
[77/207] Extracting pcre2-10.47_1: .......... done
[78/207] Reinstalling lighttpd-1.4.82...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[78/207] Extracting lighttpd-1.4.82: .......... done
[79/207] Reinstalling perl5-5.42.0_1...
[79/207] Extracting perl5-5.42.0_1: .......... done
[80/207] Reinstalling ntp-4.2.8p18_5...
[80/207] Extracting ntp-4.2.8p18_5: .......... done
[81/207] Reinstalling pftop-0.13...
[81/207] Extracting pftop-0.13: ..... done
[82/207] Reinstalling pkcs11-helper-1.31.0...
[82/207] Extracting pkcs11-helper-1.31.0: .......... done
[83/207] Reinstalling openvpn-2.6.17...
===> Creating groups
Using existing group 'openvpn'
===> Creating users
Using existing user 'openvpn'
[83/207] Extracting openvpn-2.6.17: .......... done
[84/207] Reinstalling pkg-2.3.1_1...
[84/207] Extracting pkg-2.3.1_1: .......... done
[85/207] Reinstalling pkgconf-2.4.3,1...
[85/207] Extracting pkgconf-2.4.3,1: .......... done
[86/207] Reinstalling protobuf-29.5,1...
[86/207] Extracting protobuf-29.5,1: .......... done
[87/207] Reinstalling protobuf-c-1.5.1_3...
[87/207] Extracting protobuf-c-1.5.1_3: .......... done
[88/207] Reinstalling bind-tools-9.20.16...
[88/207] Extracting bind-tools-9.20.16: .......... done
[89/207] Reinstalling radvd-2.20...
[89/207] Extracting radvd-2.20: .......... done
[90/207] Reinstalling readline-8.3.1...
[90/207] Extracting readline-8.3.1: .......... done
[91/207] Reinstalling krb5-1.22.1...
[91/207] Extracting krb5-1.22.1: .......... done
[92/207] Reinstalling cyrus-sasl-gssapi-2.1.28...
[92/207] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[93/207] Reinstalling libxml2-2.14.6...
[93/207] Extracting libxml2-2.14.6: .......... done
[94/207] Reinstalling libxslt-1.1.43_1...
[94/207] Extracting libxslt-1.1.43_1: .......... done
[95/207] Reinstalling openldap26-client-2.6.10...
[95/207] Extracting openldap26-client-2.6.10: .......... done
[96/207] Reinstalling php83-8.3.28...
[96/207] Extracting php83-8.3.28: .......... done
[97/207] Reinstalling php83-ctype-8.3.28...
[97/207] Extracting php83-ctype-8.3.28: ........ done
[98/207] Reinstalling php83-dom-8.3.28...
[98/207] Extracting php83-dom-8.3.28: .......... done
[99/207] Reinstalling php83-filter-8.3.28...
[99/207] Extracting php83-filter-8.3.28: ......... done
[100/207] Reinstalling php83-gettext-8.3.28...
[100/207] Extracting php83-gettext-8.3.28: ........ done
[101/207] Reinstalling php83-ldap-8.3.28...
[101/207] Extracting php83-ldap-8.3.28: ........ done
[102/207] Reinstalling php83-mbstring-8.3.28...
[102/207] Extracting php83-mbstring-8.3.28: .......... done
[103/207] Reinstalling php83-pcntl-8.3.28...
[103/207] Extracting php83-pcntl-8.3.28: ......... done
[104/207] Reinstalling php83-pdo-8.3.28...
[104/207] Extracting php83-pdo-8.3.28: .......... done
[105/207] Reinstalling php83-pecl-mcrypt-1.0.7...
[105/207] Extracting php83-pecl-mcrypt-1.0.7: ........ done
[106/207] Reinstalling php83-pecl-radius-1.4.0b1_3...
[106/207] Extracting php83-pecl-radius-1.4.0b1_3: .......... done
[107/207] Reinstalling php83-phpseclib-3.0.48...
[107/207] Extracting php83-phpseclib-3.0.48: ......... done
[108/207] Reinstalling php83-session-8.3.28...
[108/207] Extracting php83-session-8.3.28: .......... done
[109/207] Reinstalling php83-phalcon-5.9.3...
[109/207] Extracting php83-phalcon-5.9.3: ........ done
[110/207] Reinstalling php83-simplexml-8.3.28...
[110/207] Extracting php83-simplexml-8.3.28: ......... done
[111/207] Reinstalling php83-sockets-8.3.28...
[111/207] Extracting php83-sockets-8.3.28: .......... done
[112/207] Reinstalling php83-xml-8.3.28...
[112/207] Extracting php83-xml-8.3.28: ......... done
[113/207] Reinstalling php83-zlib-8.3.28...
[113/207] Extracting php83-zlib-8.3.28: ........ done
[114/207] Reinstalling php83-pear-1.10.16...
[114/207] Extracting php83-pear-1.10.16: .......... done
[115/207] Reinstalling php83-pear-Crypt_CHAP-1.5.0_1...
[115/207] Extracting php83-pear-Crypt_CHAP-1.5.0_1: ...... done
uninstall ok: channel://pear.php.net/Crypt_CHAP-1.5.0
install ok: channel://pear.php.net/Crypt_CHAP-1.5.0
[116/207] Reinstalling python311-3.11.14...
[116/207] Extracting python311-3.11.14: .......... done
[117/207] Reinstalling py311-Babel-2.17.0_1...
[117/207] Extracting py311-Babel-2.17.0_1: .......... done
[118/207] Reinstalling py311-async_generator-1.10_1...
[118/207] Extracting py311-async_generator-1.10_1: .......... done
[119/207] Reinstalling py311-attrs-25.4.0...
[119/207] Extracting py311-attrs-25.4.0: .......... done
[120/207] Reinstalling py311-certifi-2025.11.12...
[120/207] Extracting py311-certifi-2025.11.12: .......... done
[121/207] Reinstalling py311-charset-normalizer-3.4.4...
[121/207] Extracting py311-charset-normalizer-3.4.4: .......... done
[122/207] Reinstalling py311-filelock-3.19.1...
[122/207] Extracting py311-filelock-3.19.1: .......... done
[123/207] Reinstalling py311-h11-0.16.0...
[123/207] Extracting py311-h11-0.16.0: .......... done
[124/207] Reinstalling py311-hpack-4.0.0_1...
[124/207] Extracting py311-hpack-4.0.0_1: .......... done
[125/207] Reinstalling py311-hyperframe-6.0.0_1...
[125/207] Extracting py311-hyperframe-6.0.0_1: .......... done
[126/207] Reinstalling py311-h2-4.1.0_1...
[126/207] Extracting py311-h2-4.1.0_1: .......... done
[127/207] Reinstalling py311-idna-3.11...
[127/207] Extracting py311-idna-3.11: .......... done
[128/207] Reinstalling py311-lxml-6.0.1...
[128/207] Extracting py311-lxml-6.0.1: .......... done
[129/207] Reinstalling py311-markupsafe-3.0.3...
[129/207] Extracting py311-markupsafe-3.0.3: .......... done
[130/207] Reinstalling py311-Jinja2-3.1.6...
[130/207] Extracting py311-Jinja2-3.1.6: .......... done
[131/207] Reinstalling py311-numpy-1.26.4_11,1...
[131/207] Extracting py311-numpy-1.26.4_11,1: .......... done
[132/207] Reinstalling py311-bottleneck-1.3.8_1...
[132/207] Extracting py311-bottleneck-1.3.8_1: .......... done
[133/207] Reinstalling py311-numexpr-2.14.1...
[133/207] Extracting py311-numexpr-2.14.1: .......... done
[134/207] Reinstalling py311-outcome-1.3.0_2...
[134/207] Extracting py311-outcome-1.3.0_2: .......... done
[135/207] Reinstalling py311-packaging-25.0...
[135/207] Extracting py311-packaging-25.0: .......... done
[136/207] Reinstalling glib-2.84.4,2...
[136/207] Extracting glib-2.84.4,2: .......... done
[137/207] Reinstalling py311-pyasn1-0.6.0...
[137/207] Extracting py311-pyasn1-0.6.0: .......... done
[138/207] Reinstalling py311-ldap3-2.9.1_1...
[138/207] Extracting py311-ldap3-2.9.1_1: .......... done
[139/207] Reinstalling py311-pyasn1-modules-0.4.1...
[139/207] Extracting py311-pyasn1-modules-0.4.1: .......... done
[140/207] Reinstalling py311-pycparser-2.23...
[140/207] Extracting py311-pycparser-2.23: .......... done
[141/207] Reinstalling py311-cffi-1.17.1...
[141/207] Extracting py311-cffi-1.17.1: .......... done
[142/207] Reinstalling py311-cryptography-45.0.7_1,1...
[142/207] Extracting py311-cryptography-45.0.7_1,1: .......... done
[143/207] Reinstalling py311-pylsqpack-0.3.23...
[143/207] Extracting py311-pylsqpack-0.3.23: .......... done
[144/207] Reinstalling py311-pyotp-2.9.0_1...
[144/207] Extracting py311-pyotp-2.9.0_1: .......... done
[145/207] Reinstalling py311-pysocks-1.7.1_1...
[145/207] Extracting py311-pysocks-1.7.1_1: .......... done
[146/207] Reinstalling py311-pytz-2025.2_1,1...
[146/207] Extracting py311-pytz-2025.2_1,1: .......... done
[147/207] Reinstalling py311-pyyaml-6.0.3...
[147/207] Extracting py311-pyyaml-6.0.3: .......... done
[148/207] Reinstalling py311-service-identity-24.2.0...
[148/207] Extracting py311-service-identity-24.2.0: .......... done
[149/207] Reinstalling py311-six-1.17.0...
[149/207] Extracting py311-six-1.17.0: .......... done
[150/207] Reinstalling py311-python-dateutil-2.9.0...
[150/207] Extracting py311-python-dateutil-2.9.0: .......... done
[151/207] Reinstalling py311-sniffio-1.3.1...
[151/207] Extracting py311-sniffio-1.3.1: .......... done
[152/207] Reinstalling py311-socksio-1.0.0_1...
[152/207] Extracting py311-socksio-1.0.0_1: .......... done
[153/207] Reinstalling py311-sortedcontainers-2.4.0_1...
[153/207] Extracting py311-sortedcontainers-2.4.0_1: .......... done
[154/207] Reinstalling py311-soupsieve-2.8...
[154/207] Extracting py311-soupsieve-2.8: .......... done
[155/207] Reinstalling py311-trio-0.32.0...
[155/207] Extracting py311-trio-0.32.0: .......... done
[156/207] Reinstalling py311-truststore-0.10.4...
[156/207] Extracting py311-truststore-0.10.4: .......... done
[157/207] Reinstalling py311-typing-extensions-4.15.0...
[157/207] Extracting py311-typing-extensions-4.15.0: .......... done
[158/207] Reinstalling py311-anyio-4.12.0...
[158/207] Extracting py311-anyio-4.12.0: .......... done
[159/207] Reinstalling py311-httpcore-1.0.9...
[159/207] Extracting py311-httpcore-1.0.9: .......... done
[160/207] Reinstalling py311-httpx-0.28.1_1...
[160/207] Extracting py311-httpx-0.28.1_1: .......... done
[161/207] Reinstalling py311-pyopenssl-25.3.0_1,1...
[161/207] Extracting py311-pyopenssl-25.3.0_1,1: .......... done
[162/207] Reinstalling py311-aioquic-1.3.0_1...
[162/207] Extracting py311-aioquic-1.3.0_1: .......... done
[163/207] Reinstalling py311-dnspython-2.8.0_1,1...
[163/207] Extracting py311-dnspython-2.8.0_1,1: .......... done
[164/207] Reinstalling py311-tzdata-2025.3...
[164/207] Extracting py311-tzdata-2025.3: .......... done
[165/207] Reinstalling py311-ujson-5.11.0...
[165/207] Extracting py311-ujson-5.11.0: .......... done
[166/207] Reinstalling py311-urllib3-2.6.0,1...
[166/207] Extracting py311-urllib3-2.6.0,1: .......... done
[167/207] Reinstalling py311-requests-2.32.5...
[167/207] Extracting py311-requests-2.32.5: .......... done
[168/207] Reinstalling py311-jq-1.10.0...
[168/207] Extracting py311-jq-1.10.0: ........ done
[169/207] Reinstalling py311-requests-file-2.0.0...
[169/207] Extracting py311-requests-file-2.0.0: .......... done
[170/207] Reinstalling py311-tldextract-5.3.0...
[170/207] Extracting py311-tldextract-5.3.0: .......... done
[171/207] Reinstalling py311-vici-6.0.3...
[171/207] Extracting py311-vici-6.0.3: .......... done
[172/207] Reinstalling py311-webencodings-0.5.1_1...
[172/207] Extracting py311-webencodings-0.5.1_1: .......... done
[173/207] Reinstalling py311-html5lib-1.1_1...
[173/207] Extracting py311-html5lib-1.1_1: .......... done
[174/207] Reinstalling py311-beautifulsoup-4.13.4_2...
[174/207] Extracting py311-beautifulsoup-4.13.4_2: .......... done
[175/207] Reinstalling py311-dns-lexicon-3.23.2...
[175/207] Extracting py311-dns-lexicon-3.23.2: .......... done
[176/207] Reinstalling rrdtool-1.9.0_1...
[176/207] Extracting rrdtool-1.9.0_1: .......... done
[177/207] Reinstalling samplicator-1.3.8.r1_1...
[177/207] Extracting samplicator-1.3.8.r1_1: ..... done
[178/207] Reinstalling smartmontools-7.5_1...
[178/207] Extracting smartmontools-7.5_1: .......... done
[179/207] Reinstalling os-smart-2.4...
[179/207] Extracting os-smart-2.4: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
[180/207] Reinstalling socat-1.8.1.0...
[180/207] Extracting socat-1.8.1.0: ......... done
[181/207] Reinstalling sqlite3-3.50.4_2,1...
[181/207] Extracting sqlite3-3.50.4_2,1: .......... done
[182/207] Reinstalling nss-3.119.1...
[182/207] Extracting nss-3.119.1: .......... done
[183/207] Reinstalling php83-sqlite3-8.3.28...
[183/207] Extracting php83-sqlite3-8.3.28: ......... done
[184/207] Reinstalling py311-sqlite3-3.11.14_11...
[184/207] Extracting py311-sqlite3-3.11.14_11: ......... done
[185/207] Reinstalling py311-pandas-2.3.3,1...
[185/207] Extracting py311-pandas-2.3.3,1: .......... done
[186/207] Reinstalling py311-duckdb-1.3.2...
[186/207] Extracting py311-duckdb-1.3.2: .......... done
[187/207] Reinstalling sudo-1.9.17p2_2...
[187/207] Extracting sudo-1.9.17p2_2: .......... done
[188/207] Reinstalling suricata-8.0.3...
[188/207] Extracting suricata-8.0.3: .......... done
[189/207] Reinstalling unbound-1.24.2...
===> Creating groups
Using existing group 'unbound'
===> Creating users
Using existing user 'unbound'
[189/207] Extracting unbound-1.24.2: .......... done
[190/207] Reinstalling vnstat-2.13...
===> Creating groups
Using existing group 'vnstat'
===> Creating users
Using existing user 'vnstat'
[190/207] Extracting vnstat-2.13: .......... done
[191/207] Reinstalling os-vnstat-1.3_1...
[191/207] Extracting os-vnstat-1.3_1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
Reloading template OPNsense/Vnstat: OK
[192/207] Reinstalling wpa_supplicant-2.11_7...
[192/207] Extracting wpa_supplicant-2.11_7: .......... done
[193/207] Reinstalling zip-3.0_4...
[193/207] Extracting zip-3.0_4: .......... done
[194/207] Reinstalling zstd-1.5.7_1...
[194/207] Extracting zstd-1.5.7_1: .......... done
[195/207] Reinstalling boost-libs-1.89.0_1...
[195/207] Extracting boost-libs-1.89.0_1: .......... done
[196/207] Reinstalling curl-8.17.0...
[196/207] Extracting curl-8.17.0: .......... done
[197/207] Reinstalling acme.sh-3.1.2...
===> Creating groups
Using existing group 'acme'
===> Creating users
Using existing user 'acme'
===> Creating homedir(s)
[197/207] Extracting acme.sh-3.1.2: .......... done
[198/207] Reinstalling kea-3.0.2...
[198/207] Extracting kea-3.0.2: .......... done
[199/207] Reinstalling netdata-2.8.1_1...
===> Creating groups
Using existing group 'netdata'
===> Creating users
Using existing user 'netdata'
===> Creating homedir(s)
[199/207] Extracting netdata-2.8.1_1: .......... done
[200/207] Upgrading os-acme-client from 4.11 to 4.12...
[200/207] Extracting os-acme-client-4.12: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
Reloading template OPNsense/AcmeClient: OK
[201/207] Reinstalling os-netdata-1.2_1...
[201/207] Extracting os-netdata-1.2_1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
Reloading template OPNsense/Netdata: OK
[202/207] Reinstalling php83-curl-8.3.28...
[202/207] Extracting php83-curl-8.3.28: .......... done
[203/207] Reinstalling strongswan-6.0.3_1...
[203/207] Extracting strongswan-6.0.3_1: .......... done
[204/207] Reinstalling syslog-ng-4.10.2...
[204/207] Extracting syslog-ng-4.10.2: .......... done
[205/207] Upgrading opnsense from 25.7.11_9 to 26.1_4...
[205/207] Extracting opnsense-26.1_4: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Migrated OPNsense\Radvd\Radvd from 0.0.0 to 1.0.0
Migrated OPNsense\IDS\IDS from 1.1.1 to 1.1.2
Migrated OPNsense\Interfaces\Settings from 0.0.0 to 1.0.0
Migrated OPNsense\Firewall\DNat
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: Modified 192 trust store links.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
[206/207] Reinstalling isc-dhcp44-server-4.4.3P1_2...
===> Creating groups
Using existing group 'dhcpd'
===> Creating users
Using existing user 'dhcpd'
[206/207] Extracting isc-dhcp44-server-4.4.3P1_2: .......... done
[207/207] Upgrading os-isc-dhcp from 0.1 to 1.0_3...
[207/207] Extracting os-isc-dhcp-1.0_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
Reloading template OPNsense/Syslog: OK
==> Running trigger: gio-modules.ucl
Generating GIO modules cache
==> Running trigger: glib-schemas.ucl
Compiling glib schemas
No schema files found: doing nothing.
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/etc/dnsmasq.conf if it is no longer needed.
=====
Message from dnsmasq-2.91_1,1:

--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]

Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq


NOTE: when using dnssec, inaccurate system clocks
can cause DNS resolution to fail
because DNSSEC signatures may then not validate.


SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
=====
Message from oniguruma-6.9.10:

--
===> NOTICE:

This port is deprecated; you may wish to reconsider installing it:

Project archived upstream.

It is scheduled to be removed on or after 2026-12-01.
You may need to manually remove /usr/local/openssl/openssl.cnf if it is no longer needed.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
=====
Message from openvpn-2.6.17:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
=====
Message from py311-urllib3-2.6.0,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/vnstat.conf if it is no longer needed.
=====
Message from acme.sh-3.1.2:

--
In versions < 3.0.5_1, sample newsyslog files were installed to

/usr/local/etc/newsyslog.d/acme.sh

Now they are installed to:

/usr/local/etc/newsyslog.conf.d/acme.sh.conf

You may wish to delete the old files/directory and edit the new files to
enable the log rotation. Instructions contained within.
You may need to manually remove /usr/local/etc/kea/kea-ctrl-agent.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp6.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/keactrl.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/netdata/netdata.conf if it is no longer needed.
=====
Message from strongswan-6.0.3_1:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
=====
Message from opnsense-26.1_4:

--
One step ahead, one step behind it, now you gotta run to get even
Checking all packages: .......... done
Today at 11:08:59 AM #5
Hi,
Run an Audit and selecting connectivity produces the following

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 26.1.1 (amd64) at Thu Feb  5 09:46:54 GMT 2026
Checking connectivity for host: pkg.opnsense.org -> 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 1500 data bytes

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 929 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
PING(1548=40+8+1500 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1

--- 2001:1af8:5300:a010:1::1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error

What is interesting is that in my WAN interface I have specified the MTU to be 1492 and initially left the MSS blank and was curious to see the size of IPv6 ping in bytes.

However, I subsequently editted the WAN interface and set the MSS to 1492 and re-ran the Run An Audit, selecting connectivity but the IPv6 ping size is too large.

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 26.1.1 (amd64) at Thu Feb  5 09:57:55 GMT 2026
Checking connectivity for host: pkg.opnsense.org -> 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 1500 data bytes

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 929 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
PING(1548=40+8+1500 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1

--- 2001:1af8:5300:a010:1::1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error

From the linux computers in the house I can ping IPv4 or IPv6 successfully through the Opnsense firewall but the firewall itself is not honouring the MTU/MSS settings on the WAN interface and is thus failing in its IPv6 connectivity.
Today at 11:24:54 AM #6
Quote from: trdeal on Today at 11:08:59 AMthe firewall itself is not honouring the MTU/MSS settings on the WAN interface and is thus failing in its IPv6 connectivity.

Have you tried deleting the MSS and MTU settings you manually entered? My settings have nothing in the values for MSS/MTU in the WAN config and my Connectivity Audit doesn't fail
Today at 11:40:31 AM #7 Last Edit: Today at 11:55:26 AM by trdeal
Hi
If I do not have MTU set to 1492 then I would lose IPv4 connectivity to the Internet, found this out after I switched from pfsense to Opnsense and forgot to set it on the WAN interface.
Using ssh to connect to opnsense I opened a shell and used ping

root@gw:~ # ping 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 56 data bytes
64 bytes from 89.149.222.99: icmp_seq=0 ttl=54 time=22.515 ms
64 bytes from 89.149.222.99: icmp_seq=1 ttl=54 time=21.932 ms
64 bytes from 89.149.222.99: icmp_seq=2 ttl=54 time=22.901 ms
64 bytes from 89.149.222.99: icmp_seq=3 ttl=54 time=22.742 ms
64 bytes from 89.149.222.99: icmp_seq=4 ttl=54 time=22.489 ms
64 bytes from 89.149.222.99: icmp_seq=5 ttl=54 time=22.700 ms
64 bytes from 89.149.222.99: icmp_seq=6 ttl=54 time=22.553 ms
64 bytes from 89.149.222.99: icmp_seq=7 ttl=54 time=22.428 ms
64 bytes from 89.149.222.99: icmp_seq=8 ttl=54 time=22.512 ms
64 bytes from 89.149.222.99: icmp_seq=9 ttl=54 time=22.197 ms
^C
--- 89.149.222.99 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 21.932/22.497/22.901/0.261 ms
root@gw:~ # ping -6 2001:1af8:5300:a010:1::1
PING(56=40+8+8 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1
^C
--- 2001:1af8:5300:a010:1::1 ping statistics ---
26 packets transmitted, 0 packets received, 100.0% packet loss

The MSS setting on the WAN interface does not effect IPv6 pings they all fail.

From my desktop the same IPv6 ping to pkg.opnsense.org traversing opnsense (removed MSS value before test as this was the default setting)

$ ping -s 2001:1af8:5300:a010:1::1
PING 2001:1af8:5300:a010:1::1: 56 data bytes
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=0. time=21.834 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=1. time=22.057 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=2. time=21.662 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=3. time=21.783 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=4. time=21.853 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=5. time=22.138 ms
64 bytes from 2001:1af8:5300:a010:1::1: icmp_seq=6. time=22.026 ms
^C
----2001:1af8:5300:a010:1::1 PING Statistics----
7 packets transmitted, 7 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 21.662/21.908/22.138/0.170

Today at 12:30:21 PM #8
QuoteChecking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
PING(1548=40+8+1500 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1


--- 2001:1af8:5300:a010:1::1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:14:amd64/26.1
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error

This illustrates your problem: large IPv6 packets are not going through which also makes the package manager fail.


Cheers,
Franco
Today at 12:48:00 PM #9 Last Edit: Today at 01:10:40 PM by trdeal
Hi

My ISP has an MTU of 1492 bytes with the IPv6 standard specifying a minimum of 1280 bytes. For an IPv6 communication to take place the PMTU (Path Maximum Transmission Unit) needs to be discovered or configured as any packets that exceed the PMTU are dropped as IPv6 does not fragment packets the way that IPv4 does. So the PMTU must be determined for successful IPv6 communication to occur between hosts.
So while I have configured the MTU which works fine for IPv4 traffic from the opnsense and for IPv4/IPv6 tranffic traversing opnsense, however when opnsense attempts to make an IPv6 connection itself it is not honouring the MTU from which the PMTU should be defined. This appears to be a bug in opnsense not honouring the MTU (PMTU) value itself and generating too large a packet which will be dropped.
Today at 03:08:23 PM #10
This has nothing to do with MTU / packet size. Your IPv6 ping on the OPNsense console uses small packets and fails, too:

Code Select
root@gw:~ # ping -6 2001:1af8:5300:a010:1::1
PING(56=40+8+8 bytes) 2a02:8010:d00d:1:8395:9cef:ffaa:d122 --> 2001:1af8:5300:a010:1::1
^C
--- 2001:1af8:5300:a010:1::1 ping statistics ---
26 packets transmitted, 0 packets received, 100.0% packet loss
You'll have to dig deeper why you don't have IPv6 connectivity on OPNsense itself.
Default gateway configured correctly?
WAN interface address correct? The source address of your ping looks almost like a SLAAC address, but isn't (:8395:9cef:ffaa:d122). Is this your WAN address?

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Today at 03:25:21 PM #11
I didn't catch the fact that the successful ping was from a client behind ;)

In some cases there's a bad SLAAC address on the WAN. It's not easy to get rid of it programmatically.


Cheers,
Franco
Today at 03:33:48 PM #12
Quote from: franco on Today at 03:25:21 PMIn some cases there's a bad SLAAC address on the WAN. It's not easy to get rid of it programmatically.
Isn't that easily fixed with the setting "Request a Prefix Only" on the WAN Interface ?

Usually you don't need more than that since your OPNsense will use the Link-Local address to communicate with your ISP's Router :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 03:47:11 PM #13
Hi,
Opnsense is using a fixed IPv6 WAN address, so Prefix Delegation and SLAAC are not relevant.
Today at 04:24:03 PM #14
So 2a02:8010:d00d:1:8395:9cef:ffaa:d122 is the address which you statically configured on the WAN interface? And you're 100% positive that this address is actually routed to you by your ISP (or upstream router, if there is one between OPNsense and your ISP)?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1 2
User actions