18.1.12 Prefix Delegation Bug?

[milkywaygoodfellas]

After upgrading to 18.1.12 I noticed my LAN was no longer receiving IPv6 addresses.  I did not change my setup.

WAN interface is set to DHCPv6, LAN interface is set to Tracking WAN interface with prefix ID 0.  The LAN interface does receive an IPv6 address but does not hand out IPv6 to the LAN clients.

If I configure the LAN as Static IPv6 using the same /64 prefix it gets assigned as a track interface and then enable DHCPv6 and RAs, it works fine.

The former setup with LAN set to track WAN was working normally up until I upgraded, any ideas why it stopped?  What information can I provide to help track down the issue?

[franco]

Some people reported that their ISPs refused to give a new lease unless you changed your DUID. You can do so under Interfaces: Settings.

We are highly confident that IPv6 does not suddenly stop working due to a 18.1.x release.


Cheers,
Franco

[marjohn56]

I suspect Franco is correct, but just in case, if that does not solve it.

Set the system back to track interface on LAN.  On WAN set IPv6 to dhcp6 and enable dhcp6c debug.

Goto Services->DHCPv4->Log File. Filter entries regarding dhcp6c and post them so we can see what's going on.

[milkywaygoodfellas]

Some people reported that their ISPs refused to give a new lease unless you changed your DUID. You can do so under Interfaces: Settings.

We are highly confident that IPv6 does not suddenly stop working due to a 18.1.x release.


Cheers,
Franco

My ISP is giving me a lease.  The issue is that the OPNsense box stopped handing out IPv6 addresses to LAN clients.

I suspect Franco is correct, but just in case, if that does not solve it.

Set the system back to track interface on LAN.  On WAN set IPv6 to dhcp6 and enable dhcp6c debug.

Goto Services->DHCPv4->Log File. Filter entries regarding dhcp6c and post them so we can see what's going on.

I will post the entries as soon as I'm able to collect them.  Thanks.

[milkywaygoodfellas]

Here are the logs.  Note IPv6 is now not working as soon as I changed it back to a track interface, and the dashboard no longer shows an IPv6 address on the LAN interface, either.

Code: [Select]

Date Message
Jul 24 20:16:01 dhcp6c[44834]: got an expected reply, sleeping.
Jul 24 20:16:01 dhcp6c[44834]: removing server (ID: XX:XX:XX:XX)
Jul 24 20:16:01 dhcp6c[44834]: removing an event on bce0, state=REQUEST
Jul 24 20:16:01 dhcp6c[44834]: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 24 20:16:00 dhcp6c: dhcp6c REQUEST on bce0 - running newipv6
Jul 24 20:16:00 dhcp6c: dhcp6c REQUEST on bce0
Jul 24 20:16:00 dhcp6c[44834]: executes /var/etc/dhcp6c_wan_script.sh
Jul 24 20:16:00 dhcp6c[44834]: add an address XX:XX:XX:XX/128 on bce0
Jul 24 20:16:00 dhcp6c[44834]: create an addressXX:XX:XX:XX pltime=1209600, vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: make an IA: NA-0
Jul 24 20:16:00 dhcp6c[44834]: create a prefix XX:XX:XX:XX::/64 pltime=1209600, vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: make an IA: PD-0
Jul 24 20:16:00 dhcp6c[44834]: Domain search list[0] attlocal.net.
Jul 24 20:16:00 dhcp6c[44834]: nameserver[0] XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: Received REPLY for REQUEST
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option domain search list, len 14
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option DNS, len 16
Jul 24 20:16:00 dhcp6c[44834]: preference: 255
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option preference, len 1
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option server ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option client ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: IA_PD prefix: XX:XX:XX:XX/64 pltime=1209600 vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD prefix, len 25
Jul 24 20:16:00 dhcp6c[44834]: IA_PD: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD, len 41
Jul 24 20:16:00 dhcp6c[44834]: IA_NA address: XX:XX:XX:XX pltime=1209600 vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA address, len 24
Jul 24 20:16:00 dhcp6c[44834]: IA_NA: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option identity association, len 40
Jul 24 20:16:00 dhcp6c[44834]: receive reply from XX:XX:XX:XX%bce0 on bce0
Jul 24 20:16:00 dhcp6c[44834]: XID mismatch
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option domain search list, len 14
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option DNS, len 16
Jul 24 20:16:00 dhcp6c[44834]: preference: 255
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option preference, len 1
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option server ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option client ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: IA_PD prefix: XX:XX:XX:XX/64 pltime=1209600 vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD prefix, len 25
Jul 24 20:16:00 dhcp6c[44834]: IA_PD: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD, len 41
Jul 24 20:16:00 dhcp6c[44834]: IA_NA address: XX:XX:XX:XX pltime=1209600 vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA address, len 24
Jul 24 20:16:00 dhcp6c[44834]: IA_NA: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option identity association, len 40
Jul 24 20:16:00 dhcp6c[44834]: receive advertise from XX:XX:XX:XX%bce0 on bce0

[marjohn56]

That's very odd. dhcp6c is doing its thing, it appears  not to be applying it to the interfaces, I've never seen that happen before.

Code: [Select]

ul 25 05:27:27   dhcp6c[97941]: got an expected reply, sleeping.
Jul 25 05:27:27   dhcp6c[97941]: removing server (ID: 00:01:00:01:22:c3:87:ae:02:77:70:cd:1e:00)
Jul 25 05:27:27   dhcp6c[97941]: removing an event on igb0, state=REQUEST
Jul 25 05:27:27   dhcp6c[97941]: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 25 05:27:26   dhcp6c: dhcp6c REQUEST on igb0 - running newipv6
Jul 25 05:27:26   dhcp6c: dhcp6c REQUEST on igb0
Jul 25 05:27:26   dhcp6c[97941]: executes /var/etc/dhcp6c_wan_script.sh
Jul 25 05:27:26   dhcp6c[97941]: T1(2250) and/or T2(3600) is locally determined
Jul 25 05:27:26   dhcp6c[97941]: add an address xxxx:xxxx:xxxx:0:eeee:d109:19ee:3014/128 on igb0
Jul 25 05:27:26   dhcp6c[97941]: create an address xxxx:xxxx:xxxx:0:eeee:d109:19ee:3014 pltime=4500, vltime=7657215833025813536
Jul 25 05:27:26   dhcp6c[97941]: make an IA: NA-0
Jul 25 05:27:26   dhcp6c[97941]: T1(2250) and/or T2(3600) is locally determined
Jul 25 05:27:26   dhcp6c[97941]: add an address xxxx:xxxx:xxxx:aa00:20e:c4ff:fed2:8143/64 on igb1
Jul 25 05:27:26   dhcp6c[97941]: create a prefix xxxx:xxxx:xxxx:aa00::/56 pltime=4500, vltime=7200
Jul 25 05:27:26   dhcp6c[97941]: make an IA: PD-0
Jul 25 05:27:26   dhcp6c[97941]: nameserver[0] xxxx:xxxx:xxxx:0:77:70ff:fecd:1e00
Jul 25 05:27:26   dhcp6c[97941]: Received REPLY for REQUEST
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option DNS, len 16
Jul 25 05:27:26   dhcp6c[97941]: DUID: 00:01:00:01:22:c3:87:ae:02:77:70:cd:1e:00
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option server ID, len 14
Jul 25 05:27:26   dhcp6c[97941]: DUID: 00:01:00:01:22:e8:d0:b6:00:0e:c4:d2:81:42
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option client ID, len 14
Jul 25 05:27:26   dhcp6c[97941]: IA_PD prefix: xxxx:xxxx:xxxx:aa00::/56 pltime=4500 vltime=7657215833025813536
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option IA_PD prefix, len 25
Jul 25 05:27:26   dhcp6c[97941]: IA_PD: ID=0, T1=0, T2=0
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option IA_PD, len 41
Jul 25 05:27:26   dhcp6c[97941]: IA_NA address: xxxx:xxxx:xxxx:0:eeee:d109:19ee:3014 pltime=4500 vltime=7200
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option IA address, len 24
Jul 25 05:27:26   dhcp6c[97941]: IA_NA: ID=0, T1=0, T2=0
Jul 25 05:27:26   dhcp6c[97941]: get DHCP option identity association, len 40
Jul 25 05:27:26   dhcp6c[97941]: receive reply from fe80::277:70ff:fecd:1e00%igb0 on igb0
Jul 25 05:27:26   dhcp6c[97941]: reset a timer on igb0, state=REQUEST, timeo=1, retrans=1737
Jul 25 05:27:26   dhcp6c[97941]: send request to ff02::1:2%igb0


If it was running before upgrade, and you say it was then something strange has happened in the upgrade process. No one else is reporting this issue and my test unit is running 18.1.12 too. Maybe time to backup the config and re-install. What hardware is it running on?


Can you post the /var/etc/dhcp6c_wan.conf, it should look like this:

Code: [Select]

interface igb0 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix-interface igb1 {
    sla-id 0;
    sla-len 8;
  };
};



edit: Also post the dhcp6c_wan_script.sh, should look like this

Code: [Select]

#!/bin/sh
if [ -n 'debug' ]; then
   /usr/bin/logger -t dhcp6c "dhcp6c $REASON on igb0"
fi
case $REASON in
REQUEST|RELEASE)
   /usr/bin/logger -t dhcp6c "dhcp6c $REASON on igb0 - running newipv6"
   /usr/local/opnsense/service/configd_ctl.py interface newipv6 igb0
   ;;
*)
   ;;
esac



There should also be some entries in the main system.log for dhcp6c too. They may also contain useful info

[milkywaygoodfellas]

Yeah, it's super odd since from what I can tell, everything should be working according to the logs.

I'm on 18.1.13 now, and I suppose if your test unit is working fine something might have gone wacky during the update process to 18.1.12.  I'm running it on a Dell PE R210 II with the built-in dual Broadcom gigabit NIC (forget the exact model... 5720 maybe?), an E3-1220v2, 8GB of DDR3, and a 128GB SATA SSD.  If you need more detailed specs I can grab those tonight when I have access to the machine again.

I can also post the contents of the files you requested later on as well.  Backing up the config and re-installing might be a good idea, though.  If all else fails I'll give that a try.

[Space]

Hi,

I see the same issue ... I checked with tcpdump on the clients and it looks like radvd does not hand out the prefix ...

Code: [Select]

00:55:47.112912 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 96) fe80::1:1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 96
hop limit 64, Flags [other stateful], pref medium, router lifetime 30s, reachable time 0s, retrans time 0s
  rdnss option (25), length 40 (5):  lifetime 10s, addr: 2a03:..... addr: 2a03:.....
  dnssl option (31), length 24 (3):  lifetime 10s, domain(s): spacenet.
  mtu option (5), length 8 (1):  1500
  source link-address option (1), length 8 (1): f4:ce:....:f4
Best regards,

    Jochen

[Space]

This is the created /var/etc/radvd.conf config:

Code: [Select]

# Automatically generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface igb0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix ::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2a03:....60 2a03:.....:160 { };
        DNSSL spacenet { };
};


[milkywaygoodfellas]

Well, I had to reboot mine for an unrelated issue and it started handing out IPv6 addresses again and the conf files look normal.  Not really sure what happened there as I already tried rebooting it twice before but... It's working for now.  I'll try to grab the files if it stops working again, though.

[Space]

Well, I have "fixed" mine as well, at least for the moment it's working ... when checking https://github.com/opnsense/core/pull/2460 I saw the comment

go to the System->Settings->General Page and enable Manual IPv6 DHCPD and RA.

When I checked the page I did not see that option but noticed that in the DNS servers section some errors were present ... some IPv6 servers had set IPv4 gateway and vice versa. After changing those to "None" as gateway the prefix was almost immediately announced by radvd ...

Funny thing was: for some IPv6 nameservers only "None" and IPv4-gw were selectable and for some IPv4 nameservers only "None" and IPv6-gw ... after saving the page both IPv4-gw and IPv6-gw wer available again as well.

I hope this helps ... I will monitor my system for some time.

Thanks and best regards,

    Space

[Space]

Having the same issue again ...

When I check "Services" in "Dashboard" I see that

Code: [Select]

dhcpd6 DHCPv6 Server
is not started.

[marjohn56]

If you have not then manually configured the dhcpv6 server and radvd then it will not start. You cannot just switch it to manual and expect it to work. Have you entered the ranges?

[Space]

Hi,

I have not manually configured it ... the DNS settings were only the settings from General and it states they get overwritten by DHCP ... Should I remove the DNS servers altogether? I can try ...

But I do not even find the option to

Code: [Select]

enable Manual IPv6 DHCPD and RA

[marjohn56]

I think you are leading yourself up the garden path. Put the dhcpv6 server setting back to automatic and then tell us exactly what issues  you have after you have done that.