[isolated: see #91] PPPoE reconnect loop

marjohn56 · February 18, 2018, 11:57:47 AM

Just to rule something out are you're running in a VM?

elektroinside · February 18, 2018, 12:13:21 PM

Nope, OPNsense runs on a physical machine.
On that particular machine, I can't do a clean setup for a number of reasons. What I could try is to set up another physical machine, but I'm uncertain if the results will be relevant (different hw, different drivers)...

elektroinside · February 18, 2018, 12:49:28 PM

Not one of my finest work, but this will be the test setup :-)

marjohn56 · February 18, 2018, 02:24:37 PM

Nah... looks pretty reasonable to me. 8)

We're only doing what your tag suggests.

Now, what I can do is that i have a Qotom i5 based unit which is fine, I also have two APU's, one APU1 and one APU2, I will configure them and try them with my ISP using pppoe dhcp6 rather than static and see if I get any issues. Might take a day or two as I have to do it when my better half is not working and online.

elektroinside · February 18, 2018, 02:38:59 PM

So.. new setup, clean install 18.1, updated to 18.1.2, no import of backups.

Here's what I found so far:

1. WAN IPv4 only
- no reconnect loops after multiple disconnects
- LAN client has internet connectivity

2. WAN IPv4 + IPv6 (happened once)
- IPv6 exactly like here https://forum.opnsense.org/index.php?topic=7267.0
- no reconnect loops, but my only LAN client, which is a laptop directly connected to the LAN interface of the OPNsense box, will lose internet connectivity
- even so, pinging and stuff work on the OPNsense box and I do receive IPv4 + IPv6 from the ISP

3. WAN IPv4 + IPv6 (happened most of the times)
- no reconnect loops
- LAN client has internet connectivity
- WAN loses IPv6

4. WAN IPv4 + IPv6
- IDS + IPS enabled (with all rules set to 'alert' only)
- no reconnect loops
- LAN client has internet connectivity
- WAN loses IPv6

5. WAN IPv4 + IPv6
- IDS + IPS enabled (with all rules set to 'drop')
- no reconnect loops
- LAN client has internet connectivity
- WAN loses IPv6

6. WAN IPv4 + IPv6
- OpenVPN settings imported from backup
- no reconnect loops
- LAN client has internet connectivity
- WAN loses IPv6

marjohn56 · February 18, 2018, 03:26:47 PM

So what we are seeing now with IDS & IPS is NO loops but loss of IPv6?

Well that's different, not sure how to account for that. However, look at the dhcp6c logs and see if anything strange is happening there. Do you have 'Prevent Release' and 'Use IPv4 Connectivity' set?

elektroinside · February 18, 2018, 03:31:34 PM

(I'll keep updating my previous post with my findings)

Use IPv4 is checked (WAN won't receive an IPv6 otherwise), and prevent release is right now unchecked.

But i had the IPv6 loss with my other box as well, it's not new.. not in my case at least.

marjohn56 · February 18, 2018, 03:44:46 PM

OK, what's appearing in dhcp6c logs, is it being signalled to exit?

elektroinside · February 18, 2018, 05:03:14 PM

Ok, finally nailed it!

The culprit for both the PPPoE reconnect loop and the IPv6 loss was (in my case):

- custom MTU (1492)
- custom MSS (1452)

... both configured on the WAN of course.

Although both are correct for PPPoE (as far as I know), manually configuring them caused the PPPoE loop and the IPv6 loss. After deleting both, the loop is gone and IPv6 is also back :)

I'm not sure if this is a bug or a misconfiguration.

Thank you for all your help marjohn56!

marjohn56 · February 18, 2018, 05:05:41 PM

Excellent!! :)

Never touched my MTU or MSS, I let the system work it out.

Now let's see if its the same thing for others too.

mimugmail · February 18, 2018, 05:12:53 PM

A fixed value could let to a CONFNAK on the provider LNS when the client insist of the value

marjohn56 · February 18, 2018, 05:59:03 PM

Quote from: mimugmail on February 18, 2018, 05:12:53 PM
A fixed value could let to a CONFNAK on the provider LNS when the client insist of the value

So if on PPPoE best to leave it to work it out itself?

elektroinside · February 18, 2018, 06:24:20 PM

Quote from: mimugmail on February 18, 2018, 05:12:53 PM
A fixed value could let to a CONFNAK on the provider LNS when the client insist of the value

Even if the fixed values are the ones the ISP would require anyways?

marjohn56 · February 18, 2018, 06:47:20 PM

You don't want to believe what the ISP says. :)

mimugmail · February 18, 2018, 08:18:52 PM

Quote from: elektroinside on February 18, 2018, 06:24:20 PM
Quote from: mimugmail on February 18, 2018, 05:12:53 PM
A fixed value could let to a CONFNAK on the provider LNS when the client insist of the value

Even if the fixed values are the ones the ISP would require anyways?

If I remember correctly I had the same issue with a Cisco Router as LNS with an early 15.0 release and Client was also Cisco, so this might bei unrelated to OPNsense

[isolated: see #91] PPPoE reconnect loop

marjohn56

February 18, 2018, 11:57:47 AM #30

elektroinside

February 18, 2018, 12:13:21 PM #31 Last Edit: February 18, 2018, 12:18:26 PM by elektroinside

elektroinside

February 18, 2018, 12:49:28 PM #32

marjohn56

February 18, 2018, 02:24:37 PM #33

elektroinside

February 18, 2018, 02:38:59 PM #34 Last Edit: February 18, 2018, 03:29:06 PM by elektroinside

marjohn56

February 18, 2018, 03:26:47 PM #35

elektroinside

February 18, 2018, 03:31:34 PM #36 Last Edit: February 18, 2018, 03:35:01 PM by elektroinside

marjohn56

February 18, 2018, 03:44:46 PM #37

elektroinside

February 18, 2018, 05:03:14 PM #38

marjohn56

February 18, 2018, 05:05:41 PM #39 Last Edit: February 18, 2018, 05:07:30 PM by marjohn56

mimugmail

February 18, 2018, 05:12:53 PM #40

marjohn56

February 18, 2018, 05:59:03 PM #41

elektroinside

February 18, 2018, 06:24:20 PM #42

marjohn56

February 18, 2018, 06:47:20 PM #43

mimugmail

February 18, 2018, 08:18:52 PM #44