plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

FRR OSPFv3 fails to start (os-frr)

Open dave-messenger-cbre opened this issue 4 months ago • 1 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [ *] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [ *] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [ *] The title contains the plugin to which this issue belongs

Describe the bug I attempt to start OSPFv3 by enabling and configuring in the GUI but on checking vtysh, the ospf6 process is not started.

This is a new setup to me, as I only recently changed my ISP after 4 years and did not have IPv6 available for a considerable amount of time. I have used OSPF as part of my firewall configuration for 5+ years without issue.

To give a clear idea of the infrastructure I run: I have an EdgeRouterX running OpenWRT as an edge device terminating PPPoE with the LAN interface providing both IPv4/IPv6. Behind the router, I have both a Protectli hardware firewall using the latest OPNsense with a software version virtualised on Proxmox. The setup is CARP-based Active-Passive HA, which only uses the software firewall for short periods when performing upgrades. Various LANs are running on a Cisco 3850 across 4 different VRFs. The firewalls are the transit for all LAN prefixes.

OpenWRT FRR requires manual configuration via the associate daemon and frr.conf files however I do not see any issues on this device as I get a running process. Cisco side also has no issues to report starting OSPFv3 processes. Trying to enable OSPFv3 via the os-frr plugin on the firewall though results in the following output from vtysh:

26RH-FW-A.davidmessenger.co.uk# sh ip ospf OSPF Routing Process, Router ID: 172.20.8.2 Supports only single TOS (TOS0) routes This implementation conforms to RFC2328 RFC1583Compatibility flag is disabled OpaqueCapability flag is disabled Initial SPF scheduling delay 0 millisec(s) Minimum hold time between consecutive SPFs 50 millisec(s) Maximum hold time between consecutive SPFs 5000 millisec(s) Hold time multiplier is currently 1 SPF algorithm last executed 6d23h40m ago Last SPF duration 190 usecs SPF timer is inactive LSA minimum interval 5000 msecs LSA minimum arrival 1000 msecs Write Multiplier set to 20 Refresh timer 10 secs Maximum multiple paths(ECMP) supported 64 Administrative distance 110 This router is an ASBR (injecting external routing information) Number of external LSA 4. Checksum Sum 0x00031b69 Number of opaque AS LSA 0. Checksum Sum 0x00000000 Number of areas attached to this router: 1 Area ID: 0.0.0.0 (Backbone) Number of interfaces in this area: Total: 4, Active: 4 Number of fully adjacent neighbors in this area: 4 Area has no authentication SPF algorithm executed 27 times Number of LSA 15 Number of router LSA 5. Checksum Sum 0x0001d51b Number of network LSA 4. Checksum Sum 0x00022f5a Number of summary LSA 6. Checksum Sum 0x0002e45b Number of ASBR summary LSA 0. Checksum Sum 0x00000000 Number of NSSA LSA 0. Checksum Sum 0x00000000 Number of opaque link LSA 0. Checksum Sum 0x00000000 Number of opaque area LSA 0. Checksum Sum 0x00000000

26RH-FW-A.davidmessenger.co.uk# sh ipv6 ospf6 ospf6d is not running

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

Keep in mind, it was a long time ago I ran IPv6 with OSPFv3 and I don't even remember if I had the same setup back then 4+ years ago.

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior I expect OSPFv3 to start and allow for routing information to be exchanged in the same way as OSPF.

Screenshots I can add screenshots of the GUI configuration if required. I will try a fresh install to determine if a new instance starts the FRR process.

Relevant log files 26RH-FW-A.davidmessenger.co.uk# show watchfrr watchfrr global phase: Idle Restart Command: "/usr/sbin/service frr restart %s" Start Command: "/usr/sbin/service frr start %s" Stop Command: "/usr/sbin/service frr stop %s" Min Restart Interval: 60 Max Restart Interval: 600 Restart Timeout: 90 Reading Configuration: no mgmtd Up zebra Up ospfd Up bgpd Up staticd Up

Additional context I'm currently using BGP instead to get around the issue with OSPFv3 not starting on the firewall.

Environment Software version used and hardware type if relevant. e.g.:

Harware firewall: OPNsense 25.7.2 (amd64). Intel® Core™ i5-8250U 1.6Ghz Quad Core I211 Gigabit Network Connection

Software firewall: OPNsense 25.7.2 (amd64). Virtualised using Proxmox software.

dave-messenger-cbre avatar Sep 06 '25 19:09 dave-messenger-cbre

Note, I have finally diagnosed the issue. My OSPFv2 configuration originally included passive interface configuration defining multiple interfaces which should not send OSPF packets. This left only the four transit interfaces as interfaces which are allowed to send OSPF packets. For some reason, this configuration affected OSPFv3 and stopped the service from starting. Once this passive interface configuration was removed in the OSPF configuration via the GUI, OSPFv3 then started working correctly. I have since been able to peer both upstream/downstream using OSPFv3 from the firewall without issue.

dave-messenger-cbre avatar Sep 08 '25 14:09 dave-messenger-cbre