-
Notifications
You must be signed in to change notification settings - Fork 701
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DHCP v6 - VLAN priority not honored #6292
Comments
The likely problem could be that another rule overwrites the one that tries to set the priority. Let's first make sure set prio statement is there and tries to apply the correct value to correct traffic. Cheers, |
PS: Does IPv6 connectivity work in general? Tapping from WAN interface with bpf might show the state before the outgoing traffic is modified accordingly. |
Thanks for the quick response! IPv6 works in general, but obtaining a lease does not always work or may take a long time. The ISP (Orange) has also indicated that they are tightening controls around non-compliant DHCP requests which will result in not being able to obtain an IPv4 address or IPv6 PD. output of So rule seems to be there... |
It's set to log so you you should at least see if it matches in firewall live log? If it matches it would be better to dump traffic in front of the opnsense to see the actual traffic on the wire. If there is no match in rules something else seems to snatch this traffic. Worst case igc driver could refuse to set the tag for one reason or another. Was this working in 22.7.x or new setup? Orange and conformity is a joke with what hoops one has to deal with regarding their "standard" connectivity ;) |
The packet capture in front of the OPNsense is crucial information now. It looks correct so far :) |
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
Important notices
Describe the bug
I am running the OPNsense 23.1_6-amd64 (FreeBSD 13.1-RELEASE-p5, OpenSSL 1.1.1s 1 Nov 2022) release.
My ISP requires all WAN communications on VLAN 832 and the use of VLAN priority/DSCP CS6 for all control comms like DHCP and CS0 for the rest. I have configured the 'Use VLAN priority' field in the DHCP v6 config as 'Internetwork Control (6)'.
Capturing the network traffic on the interface shows that all DHCP v6 related comms from the firewall to the ISP router does not honor the DSCP CS6 setting, whilst all related comms back from the ISP is tagged as CS6 (as expected).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
DSCP property of DHVP v6 related packets to be labeled as CS6.
Describe alternatives you considered
I tried this on the most recent set of OPNSense releases, all with the same result.
Screenshots
interface configuration:
![VLAN priority](https://user-images.githubusercontent.com/5851246/216009418-be8bab6e-3d79-480f-9af8-dae676ab6a12.png)
Wireshark packets overview:
![packets](https://user-images.githubusercontent.com/5851246/216009443-997ff3dc-48c6-4296-a2df-e7ee6565df63.jpg)
Wireshark request packet details:
![DYCPv6 request detail](https://user-images.githubusercontent.com/5851246/216010407-fce5a675-451b-4174-a56a-66f09a2184e5.jpg)
Wireshark reply package details:
![DYCPv6 reply detail](https://user-images.githubusercontent.com/5851246/216010445-1a636a47-1b0c-47b5-8159-b72863729136.jpg)
Environment
OPNsense 23.1_6-amd64 (FreeBSD 13.1-RELEASE-p5, OpenSSL 1.1.1s 1 Nov 2022)
Intel(R) Celeron(R) N5105 @ 2.00GHz (4 cores, 4 threads)
Network Intel i225-V B3 2.5G
The text was updated successfully, but these errors were encountered: