core
core copied to clipboard
opnsense
DS-Lite not coming up after a reboot
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Describe the bug
When having a DS-Lite setup, with a dynamic IPv6 and IPv4 via PPPoE (and behind a CG-Nat), no internet connection is made after a reboot. The current workaround is setting the LAN interface to DHCPv6 and back to tracking the WAN interface afterwards. This is also talked about here https://forum.opnsense.org/index.php?topic=22286.15 . The first mention of the workaround is from November of 2021, and the bug still exists in the latest version of 24.7. I also observed that the DHCPv6 service is stopped after a reboot until the workaround is applied.
To Reproduce
Steps to reproduce the behavior:
- Reboot Opnsense Router
- Wait until the WAN interface gets a link local address
- No internet connection comes up
(Workaround) 4. Set the LAN interface to DHCPv6 and apply 5. Internet connection comes up
Expected behavior
After a reboot, Opnsense automatically gets an internet connection again
Describe alternatives you considered Using the workaround.
Relevant log files
I couldn't find anything specific in the general logs, but am willing to provide whatever I can.
Additional context
With 24.7 several improvments to IPv6 were made. Before I had to additionally disable and enable the GIF tunnel again after setting the LAN interface to DHCPv6. This is now not needed anymore.
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.7_9-amd64 FreeBSD 14.1-RELEASE-p2 AMD GX-420CA SOC with Radeon(tm) HD Graphics (4 cores, 4 threads)
ISP is M-Net in Germany
Need a system (general) log from a fresh boot to see what's going on. There should be an error relating to this in there and maybe timing related hints WRT interface setup.
Cheers, Franco
Here is the log, it was after an upgrade to the latest version. After it booted I had to apply the LAN and GIF interface a few times to finally get the GIF interface up and the internet back. system.log
I see too many
Device gif0 missing required local address, skipping now.
so I'm not sure why that would be so persistent. What's configured in gif0?
Cheers, Franco
I configured it according to https://cybercyber.org/m-net-ds-lite-anschluss-mit-pfsense.html (It's in german)
Edit:
I just noticed that on the GIF Interface overview it shows the WAN as the local address:
There seems to be a bit of drift between your label "Lan" and the internal identifier perhaps. Sometimes it happens that the internal "wan" is redefined as a LAN type interface by the user. It's not a big deal but can be confusing. Can you dump the whole gif struct?
# pluginctl -g gifs
And then what it says for "if" here
# pluginctl -6 <if>
So we can double check the address is there eventually.
What I still do not quite understand is that eventually when DHCPv6 is done it calls:
https://github.com/opnsense/core/blob/5f533d45731db1611d6579a7638012968fb01865/src/etc/rc.newwanipv6#L99
Which sets up the tunnel. I get that it fails as long as there is no address, but at some point it has to be there and the script must run. It looks like a race condition or there is a subtle bug somewhere in there (which by general gif terms doesn't seem to be the case or else there would be more reports).
Cheers, Franco
I renamed by interfaces a bunch of time, might be that that caused the drift. Here's for gifs:
root@OPNsense:~ # pluginctl -g gifs
{
"@attributes": {
"version": "1.0.0"
},
"gif": [
{
"@attributes": {
"uuid": "6f78c9fe-fadd-4b29-95c7-63e9115dc450"
},
"if": "opt1",
"ipaddr": "",
"gifif": "gif0",
"remote-addr": "2001:a60:0:1::ffff",
"tunnel-local-addr": "192.0.0.2",
"tunnel-remote-addr": "192.0.0.1",
"tunnel-remote-net": "29",
"descr": "",
"link1": "0",
"link2": "0"
}
]
}
and here is for opt1:
root@OPNsense:~ # pluginctl -6 opt1
{
"opt1": [
{
"address": "2001:a61:256e:ca01:a236:9fff:feaa:70ed",
"network": "2001:a61:256e:ca01::/64",
"bits": 64,
"device": "igb1_vlan10",
"interface": "opt1",
"family": "inet6"
}
]
}
Also something I noticed that might be relevant. During the time where the gif interface is not yet up, either the DHCPv6 Server or the Router Advertisement Daemon is always stopped and can't be started.
If the DHCPv6 has some problem, that would also explain why switching between Tracking Interface and DHCPv6 on the Lan Interface eventually causes it to come up (even though I sometimes have to switch up to 20 times for it to work).
Although I am still confused in general why the Gif interface binding to my Lan causes it to work, rather than it binding to the WAN.
Although I am still confused in general why the Gif interface binding to my Lan causes it to work, rather than it binding to the WAN.
If the DHCPv6 server on WAN only gives a prefix you do not have an address (by default). This is easy to explain.
Ok so... if you say flipping configuration eventually allows it to start it should be that
# /usr/local/etc/rc.configure_interface <if>
should bring it back? In this case
Cheers, Franco
Hmm the way the code is set up is this should pull a LAN address from a prefix-only WAN as well.
I'm starting to suspect the issue is just with the IPv6 DHCPv6 request on the WAN. Can you enable debug on the DHCPv6 via Interfaces: Settings?
(After debug is set it needs a reboot to apply and produce debug output. Forgot to say that.)
I do however have an IPv6 address on my WAN as well. I unchecked the "Request prefix only" box on the WAN interface and added an "Optional prefix ID" there (in my case, I set it to 0). And I checked afterwards, the WAN also has an IPv6 IP.
As for the debug logs, doing that right now.
Well, this time I got lucky, it booted and the GIF Interface didn't come up, but after changing the LAN interface to DHCPv6 once it immediately came up.
(Ignore that the labels of some of the interfaces other than WAN and LAN changed, I did that for an unrelated reason)
Hope this helps.
Any update on this? I will be getting DS-Lite service in 2 weeks, so I will probably also be able to submit a log or test out a kernel patch.
@fichtner First of all, Happy New Year!
Do you need more debug logs from other devices to investigate? As mentioned before, I switched to the same service setup and encountered the same issue.
Update from my side: After upgrading to 25.1 I noticed a better way to work around the issue for me. After OpnSense comes up and has no connection, I go to Devices > Point to Point and resave my existing device. Then I go to Devices > Gif and also resave and reapply that device. After that, once I set my internal LAN to DHCPv6 instead of Tracking the Gif Gateway immediatly comes up. Beats the old way of brute forcing by switching between Tracking Interface and DHCPv6 on my LAN interface.
@Zerwin As far as I can tell some PPPoE connections react allergic to the fact that we try to get a prefix twice. In your old log it ends up with "advertise contains no address/prefix" which means now that everything is booted and stable you don't have any address for the GIF to latch on to.
@TheDom42 are you also on PPPoE?
Cheers, Franco
@TheDom42 are you also on PPPoE?
Yes, I am on the exact same connection type as @Zerwin - DS-Lite with PPPoE and GIF from M-Net (that's how I found this thread).
I actually needed to downgrade to 24.7 today: After upgrading to 25.1 a few weeks ago, I encountered very random but complete disconnects on the pppoe0 WAN. These usually could only be solved by a reboot (and the following LAN DHCPv6-Track-Interface-Switch workaround). Sometimes the workaround was enough, sometimes the connection recovered by itself.
Whenever the drop happend, the general log contained the following (often, it was repeated multiple times with only a few seconds in between):
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : wireguard_sync())
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : webgui_configure_do(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan]))
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : vxlan_configure_do())
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : unbound_configure_do(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan]))
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : openssh_configure_do(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan]))
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : opendns_configure_do())
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : ntpd_configure_do())
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dnsmasq_configure_do())
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (execute task : dhcrelay_configure_if(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan],inet6))
2025-03-08T01:37:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan],inet6)
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : wireguard_configure_do())
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : openvpn_configure_do(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan]))
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (execute task : ipsec_configure_do(,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan]))
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,[wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan],inet6)
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_DHCP6]))
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,[WAN_DHCP6])
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping inet6 default route to fe80********************e%pppoe0
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: configuring inet6 default gateway on wan
2025-03-08T01:37:58 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using wan, opt14, opt2, opt4, opt12, opt7, opt6, opt5, opt3, opt11, opt13, lan
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,[MNETAFTRDSLITE_TUNNELV4]))
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,[MNETAFTRDSLITE_TUNNELV4])
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting inet default route to 192.0.0.1
2025-03-08T01:37:57 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: configuring inet default gateway on opt1
2025-03-08T01:37:56 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using opt1
2025-03-08T01:37:56 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renewal starting (address: 2001*********************************1, interface: wan, device: pppoe0)
2025-03-08T01:37:55 Notice kernel <5>ng_pppoe[8b]: no matching session
2025-03-08T01:37:53 Notice ppp ppp-linkup: executing on pppoe0 for inet6
2025-03-08T01:37:45 Notice ppp ppp-linkdown: executing on pppoe0 for inet6
Generally, the WAN was therefore quite unstable: this could happen multiple times on the same day or with a week in between.
@Zerwin Did you encounter this as well?
I am open to upgrading again and investigate further, if I know where to look.
https://github.com/opnsense/src/issues/242#issuecomment-2679069936
Could be this one. It’s scheduled to hit 25.1.3 next week.
Thanks for the quick response and hint. Based on the bug report, this seems to be an issue with SLAAC and NAT66? Or did I misread this? In any case, I will wait for 25.1.3 and report back. If you want an earlier report, I might be able to test the patch in between. But I would prefer waiting for the release if it already that close.
Alright, now it is getting weird: this morning, I also encountered the issue on 24.7. My log now looks a bit different:
2025-03-08T06:09:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : wireguard_sync())
2025-03-08T06:09:59 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : webgui_configure_do(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : vxlan_configure_do())
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : unbound_configure_do(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : openssh_configure_do(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : opendns_configure_do())
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : ntpd_configure_do())
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : dnsmasq_configure_do())
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : dhcrelay_configure_if(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan,inet6))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan,inet6)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,lan)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,lan)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt13)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt13)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt11)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt11)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt3)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt3)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt5)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt5)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt6)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt6)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt7)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt7)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt12)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt12)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt4)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt4)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt2)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt2)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,opt14)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,opt14)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure newwanip (,wan)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn (,wan)
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : wireguard_configure_do())
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : openvpn_configure_do(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (execute task : ipsec_configure_do(,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan))
2025-03-08T06:09:58 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure vpn_map (,wan,opt14,opt2,opt4,opt12,opt7,opt6,opt5,opt3,opt11,opt13,lan,inet6)
2025-03-08T06:09:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_DHCP6]))
2025-03-08T06:09:57 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,[WAN_DHCP6])
2025-03-08T06:09:57 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping inet6 default route to fe80*******************ee%pppoe0
2025-03-08T06:09:57 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: configuring inet6 default gateway on wan
2025-03-08T06:09:57 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using wan, opt14, opt2, opt4, opt12, opt7, opt6, opt5, opt3, opt11, opt13, lan
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6))
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure dhcp (,inet6)
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (execute task : dpinger_configure_do(,[MNETAFTRDSLITE_TUNNELV4]))
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: plugins_configure monitor (,[MNETAFTRDSLITE_TUNNELV4])
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: setting inet default route to 192.0.0.1
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: configuring inet default gateway on opt1
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using opt1
2025-03-08T06:09:56 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renewal starting (address: 2001********************************db, interface: wan, device: pppoe0)
This is spammed in the general log with 3 seconds apart. After a while, it just recovered by itself. The IPv6 GUA at the beginning of the log sequence is the same for every notification on this (therefore, no actual IP renewal is taking place).
Now I am unsure, if the issue I reported earlier today only started happening in 25.1 or if this was already a problem before.
The fix is for specific neighbour discovery packets being dropped not allowing to acquire subsequent IPv6 connectivity. But it could also be your ISP here as you mention this again on 24.7.
Cheers, Franco
@TheDom42 I'm currently on 25.1.1 and I checked my logs a few min ago, but the last time I had anything with newwanipv6 in it was when I last rebooted OpnSense about 3 weeks ago. However, I also got an email from the ISP today that they want to do some maintenance on my connection area in a few weeks, I hope that won't introduce the same problem you have.
Thanks for the input. I think I have solved my last issue (not the one from the initial post of this issue, of course): my OPNsense WAN Gateway is a Draytek Vigor 2766. I had upgraded the firmware in the past, and apparently, I switched the modem code for the G.Fast sync. Now I am on a different modem code/firmware on the Draytek and the newwanipv6 are gone for a few days now. Only leaves the general DS-Lite issue open now.
Now that the PPPoE log is fixed in 25.1.3 would you guys mind sending in another system general log from the boot process to inspect?
Thanks, Franco
Do you need a second log, or is this one sufficient to identify (and hopefully fix) the issue?
@Zerwin @TheDom42 can you try this patch? 25585eb
# opnsense-patch 25585eb
Cheers, Franco
Thank you for the patch! I tried it today - unfortunately, no change in the behavior. I even waited >15 minutes after the boot, until I applied the workaround to switch one of the LAN interfaces to DHCPv6 to see if I was too impatient in the past.
@Zerwin Just to confirm: for me, I don't even have any kind of GUA on any of the interfaces (WAN as well as any LAN interface), until I switch one LAN interface to DHCPv6. Is that the same for you? Do you receive a GUA without switching an interface? So, it's not only GIF not working for me, but also the whole GUA functionality without the workaround.
I attached a log from the fresh boot with the patch. I removed some identifying information and log parts that should not matter in my eyes. If you need them @fichtner, I can provide them via email. It also contains the workaround LAN DHCPv6 switch (and back) in the end (I use my IoT net for this).
general_bootlog_opnsense_prune.log
@TheDom42 this patch was specifically for the data that @Zerwin provided earlier, but there is a lot of potential for mismatching between configs and expectations. Fact is you need a GUA on the interface that the GIF is attached to in order to bring up the IPv4 tunnel correctly. I'll take a look at the log, thanks!