Multi WAN and ipv6

[Yoshi-DE]

Hello,

is this now working on 20.7 dev?

I have installed the dev version, but I cannot get IPv6 running on both WAN interfaces. IPv6 only runs on WAN1 with prefix delegation. The radvd.conf only shows the IPv6 prefix from WAN1.

WAN1 -> Cable Provider with "static" IPv6. Changes only with new DUID.
WAN2 -> DSL over PPPoE with dynamic IPv6. The prefix changed on every reconnect.

Thanks,
Yoshi

[marjohn56]

Not yet. I have some PRs on Github but I don't think the devs are looking to take it forward at the moment.

[Yoshi-DE]

ok, then I'll have to keep working with the tunnelbroker on WAN2.

[fryfrog]

It seems like there might also be issues w/ dhcpc6 on lagg links too. I just switched from a working ipv6 setup w/ a single, regular old connection to lagg and lost ipv6.

[franco]

General idea is now in development branch minus some things relating to tracking WAN from LAN(s). Now all we need is tests+time. ;)


Cheers,
Franco

[marjohn56]

As per @Franco's comment, a lot of work has gone into this in the last week or so, indirectly due to Covid19... there are some upsides!


What we really need now are users who can run multi-wan dhcp6 and are prepared to test, and I mean test thoroughly the code behind it all and feed the information back to us. Whilst I can emulate multi-wan with use of VLANs it's not real world and that's what we need. In order to test this you would need to be on the 20.7 dev branch and know how to apply patches etc. There's more to this than just a change of the code, we have updated dhcp6c to give extra information. Be aware that testing may also involve a loss of V6 where we get something wrong, though that's usually fixed very quickly.


Let us know if you are prepared to take the risks.

[Maurice]

Great to hear that, thanks for all your work!

While I don't currently have multiple Internet connections with PD, I can do real-life testing for possible side effects with a single PD WAN.
I'm on 20.7.b_97 (FreeBSD 11.2). Would you recommend applying specific patches or just do a git pull / make upgrade from master?

Cheers

Maurice

[marjohn56]

Let me check out some changes @franco has made to naming in a couple of areas, I may need to alter the patches to match frst.

[marjohn56]

OK, looks good for testing.
So do this:

You'll need to build the new dhcp6c, so pull the repo make & install. Remember to kill the running dhcp6c before the install. Follow this list you should be good.

# cd /usr
# git clone https://github.com/opnsense/dhcp6c.git
# cd /usr/dhcp6c
# ./configure
# make

kill the existing dhcp6c process

#killall -TERM dhcp6c

Now install the new one

# make install

cd /usr/core

# opnsense-code core
# make upgrade

Now the patches

# opnsense-patch c76a729
# opnsense-patch 88bb423
# opnsense-patch fa8b4c7

reboot, you should be good.

[Maurice]

Thanks for the instructions. I did follow them, but unfortunately dhcp6c seemed to be stuck in a loop after the reboot. The WAN-tracking LAN interfaces didn't get addresses any more and the WAN address was repeatedly added and removed. I'll send you the log. I now rolled back to 20.7.b_97 to get it working again.

I also noticed that the "Prevent release" setting (moved to Settings / Interfaces) was disabled after the update. I had this enabled before. It might be a good idea to either migrate this or enable it by default.

[Maurice]

Everyone, I tried again and now it works just fine.

If you currently have prevent release enabled and don't want to lose your prefix, you might want to unplug your WAN before rebooting, reboot, re-enable prevent release, reboot again and finally reconnect the WAN. That worked for me.

[marjohn56]

this is still a work in progress, but at least we are making some; but anyone testing please be aware things are not finalised yet and there are things still to do.

[marjohn56]

oh yes, dhcp6c prevent release and debug are now in interfaces-> settings.

[wget]

Ok. So I have tested the whole thing.

@marjohn56, I discarded the patches IDs you have sent to me in DM since the ones provided here above are more up to date.

Situation

PC Engines apu2c4 (apu2c4 = 3 i210AT LAN / AMD GX-412TC CPU / 4 GB DRAM)

1 LAN on opt0

2 WANs dual stack:
- Cable DOCSIS based connection (VOO Belgium 125/6.5Mbps) on opt1
- xDSL based connection (Proximus 35/10Mbps) (IPv6 tech info) on opt2

Instructions

My OPNsense was never put in devel mode, so I had to adapt your commands a bit.

Code Select Expand

opnsense-update -t opnsense-devel
cd /usr
opnsense-code core
make upgrade

cd /usr
git clone https://github.com/opnsense/dhcp6c.git
cd dhcp6c
./configure
make
killall -TERM dhcp6c
make install

opnsense-patch c76a729
opnsense-patch 88bb423
opnsense-patch fa8b4c7

reboot

Observations

- On the dashboard, the DHCPv6 server is exactly like before in red. Trying to restart it is not working.
- If I enable the xDSL IPv6 as DHCPv6, the modem cable connection cannot get an IPv6
- As soon I disable IPv6 on the xDSL and I reboot, the modem cable connection gets an IPv6
- Compared to the production 20.1 OPNsense version, the LAN now receives an additional IPv6 /128 scope global 2a02:[xxxx] address. LAN machines are still receiving a global unicast /64 like before.

What kind of log do you need to debug? I'm using radvdump extensively =)

[marjohn56]

Work has not yet been done on a single LAN with multiple WAN dhcp6, however dhcp6c should still do its thing. Can you post your /var/etc/dhcp6c.conf and /var/dhcpd/etc/dhcpdv6.conf files.