Impossibility to use IPv6 since 23.X

[RomyxBaps]

Hello,

Important notices

Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.

Before you ask a new question, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

I have a problem to contact my OpnSense with IPv6 since i upgrade from 22.7 to 23.X.
The connection worked normally since the upgrade.

Here is my route :

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            X.X.X.254      UGS        vmx0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::1                               link#3                        UHS         lo0
2001::/64            link#1                        U          vmx0
2001::2              link#1                        UHS         lo0
fc00::                            link#7                        UHS         lo0
fc00::/56                         link#7                        U           wg0
fe80::%vmx0/64                    link#1                        U          vmx0
fe80::250:56ff:fe96:dbeb%vmx0     link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0

When i'm trying to ping6 i have this error :

ping6 www.google.fr
ping6: UDP connect: No route to host

When i add a default gateway, here is the errors :

ping6 www.google.fr
ping6: sendmsg: No buffer space available
ping6: wrote www.google.fr 16 chars, ret=-1
ping6: sendmsg: No buffer space available
ping6: wrote www.google.fr 16 chars, ret=-1
ping6: sendmsg: No buffer space available
ping6: wrote www.google.fr 16 chars, ret=-1
ping6: sendmsg: No buffer space available
ping6: wrote www.google.fr 16 chars, ret=-1

And from the outside it's the same thing, it's impossible to contact the server on IPv6 :

ping6 server                                                                                                                
PING server(2001::2) 56 data bytes
From 2001::3 icmp_seq=1 Destination unreachable: Address unreachable
From 2001::3 icmp_seq=2 Destination unreachable: Address unreachable
From 2001::3 icmp_seq=3 Destination unreachable: Address unreachable
From 2001::3 icmp_seq=4 Destination unreachable: Address unreachable
From 2001::3 icmp_seq=5 Destination unreachable: Address unreachable
From 2001:3 icmp_seq=6 Destination unreachable: Address unreachable
--- server ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6161ms

I have an Ipv4 and IPv6 with the good gateways on my WAN interface.
I've just few firewall rules, and in it, the client has all the right on the server.

Also, i read the forums and this topic talk about the same problem i have : https://forum.opnsense.org/index.php?topic=32263.45
I tried the patch and i've got this output :

opnsense-patch 9eaff5c21907d
Fetched 9eaff5c21907d via https://github.com/opnsense/core
1 out of 3 hunks failed while patching etc/rc.newwanipv6

Regards

[RomyxBaps]

When I check the file /var/log/system/latest.log here are the line when I reload the route and reset wan interface :

<11>1 2023-03-22T17:47:51+01:00 server 30565 - [meta sequenceId="7"] /usr/local/etc/rc.routing_configure: The command '/sbin/route add -'inet6' default '2001::ff7f'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 2001::ff7f fib 0: Network is unreachable'

<13>1 2023-03-22T17:47:51+01:00 server 30565 - [meta sequenceId="8"] /usr/local/etc/rc.routing_configure: plugins_configure monitor (1)

<13>1 2023-03-22T17:47:51+01:00 serveropnsense 30565 - [meta sequenceId="9"] /usr/local/etc/rc.routing_configure: plugins_configure monitor (execute task : dpinger_configure_do(1))

<12>1 2023-03-22T17:48:12+01:00 server opnsense 72627 - [meta sequenceId="10"] /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

<12>1 2023-03-22T17:48:12+01:00 server opnsense 72627 - [meta sequenceId="11"] /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

[RomyxBaps]

When I check the file /var/log/system/latest.log here are the line when I reload the route and reset wan interface :

<11>1 2023-03-22T17:47:51+01:00 server 30565 - [meta sequenceId="7"] /usr/local/etc/rc.routing_configure: The command '/sbin/route add -'inet6' default '2001::ff7f'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 2001::ff7f fib 0: Network is unreachable'

<13>1 2023-03-22T17:47:51+01:00 server 30565 - [meta sequenceId="8"] /usr/local/etc/rc.routing_configure: plugins_configure monitor (1)

<13>1 2023-03-22T17:47:51+01:00 server opnsense 30565 - [meta sequenceId="9"] /usr/local/etc/rc.routing_configure: plugins_configure monitor (execute task : dpinger_configure_do(1))

<12>1 2023-03-22T17:48:12+01:00 server opnsense 72627 - [meta sequenceId="10"] /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

<12>1 2023-03-22T17:48:12+01:00 server opnsense 72627 - [meta sequenceId="11"] /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

Alright, this is OK know for those two errors.
I can ping6 from inside the firewall to outside but not outside from inside.

EDIT : I still have the log ROUTING :

<11>1 2023-03-23T12:33:11+01:00 server opnsense 29773 - [meta sequenceId="13"] /status_services.php: The command '/bin/kill -'TERM' '27387'' returned exit code '1', the output was 'kill: 27387: No such process'
<13>1 2023-03-23T12:33:38+01:00 server configctl 51968 - [meta sequenceId="14"] event @ 1679571217.66 msg: Mar 23 12:33:37 server config[55752]: [2023-03-23T12:33:37+01:00][INFO] config-event: new_config /conf/backup/config-1679571217.6595.xml 
<13>1 2023-03-23T12:33:38+01:00 server configctl 51968 - [meta sequenceId="15"] event @ 1679571217.66 exec: system event config_changed
<12>1 2023-03-23T12:33:39+01:00 server opnsense 55752 - [meta sequenceId="16"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 serveropnsense 55752 - [meta sequenceId="17"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 server opnsense 55752 - [meta sequenceId="18"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 server opnsense 55752 - [meta sequenceId="19"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 serveropnsense 55752 - [meta sequenceId="20"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 server opnsense 55752 - [meta sequenceId="21"] /services_unbound.php: ROUTING: not a valid host gateway address: ''
<12>1 2023-03-23T12:33:39+01:00 server opnsense 55752 - [meta sequenceId="22"] /services_unbound.php: ROUTING: not a valid host gateway address: ''


<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="1"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="2"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="3"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="4"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="5"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="6"] /system_general.php: ROUTING: not a valid host gateway address: ''
<172>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="7"] /system_general.php: ROUTING: not a valid host gateway address: ''
<173>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="8"] /system_general.php: plugins_configure dns ()
<173>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="9"] /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
<173>1 2023-03-23T12:44:57+01:00 server php-cgi 55752 - [meta sequenceId="10"] /system_general.php: plugins_configure dns (execute task : unbound_configure_do())

[RomyxBaps]

Also, when I go to System -> Interfaces -> [WAN] and then i save and reload, the ping6 from outside to inside works but only for ~5 minutes.
Here is the log :

<13>1 2023-03-23T14:45:56+01:00 server configctl 51968 - [meta sequenceId="1"] event @ 1679579155.65 msg: Mar 23 14:45:55 server config[33734]: [2023-03-23T14:45:55+01:00][INFO] config-event: new_config /conf/backup/config-1679579155.646.xml 
<13>1 2023-03-23T14:45:56+01:00 server configctl 51968 - [meta sequenceId="2"] event @ 1679579155.65 exec: system event config_changed
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="3"] /interfaces.php: ROUTING: entering configure using 'wan'
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="4"] /interfaces.php: ROUTING: IPv4 default gateway set to wan
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="5"] /interfaces.php: ROUTING: setting IPv4 default route to 185.X.X.254
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="6"] /interfaces.php: ROUTING: IPv6 default gateway set to wan
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="7"] /interfaces.php: ROUTING: setting IPv6 default route to 2001::ff7f
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="8"] /interfaces.php: plugins_configure monitor (,WAN_GWv6)
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="9"] /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_GWv6))
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="10"] /interfaces.php: plugins_configure monitor (,WAN_GW)
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="11"] /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_GW))
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="12"] /interfaces.php: plugins_configure ipsec (,wan)
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="13"] /interfaces.php: plugins_configure ipsec (execute task : ipsec_configure_do(,wan))
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="14"] /interfaces.php: plugins_configure route_reload (,[])
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="15"] /interfaces.php: plugins_configure route_reload (execute task : core_routing_batch(,[]))
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="16"] /interfaces.php: plugins_configure dhcp ()
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="17"] /interfaces.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
<11>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="18"] /interfaces.php: The command '/bin/kill -'TERM' '5876'' returned exit code '1', the output was 'kill: 5876: No such process'
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="19"] /interfaces.php: plugins_configure dns ()
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="20"] /interfaces.php: plugins_configure dns (execute task : dnsmasq_configure_do())
<13>1 2023-03-23T14:45:57+01:00 server opnsense 19759 - [meta sequenceId="21"] /interfaces.php: plugins_configure dns (execute task : unbound_configure_do())
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="22"] /interfaces.php: ROUTING: entering configure using defaults
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="23"] /interfaces.php: ROUTING: IPv4 default gateway set to wan
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="24"] /interfaces.php: ROUTING: setting IPv4 default route to 185.X.X.254
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="25"] /interfaces.php: ROUTING: keeping current default gateway '185.X.X.254'
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="26"] /interfaces.php: ROUTING: IPv6 default gateway set to wan
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="27"] /interfaces.php: ROUTING: setting IPv6 default route to 2001::ff7f
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="28"] /interfaces.php: plugins_configure monitor ()
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="29"] /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do())
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="30"] /interfaces.php: plugins_configure newwanip (,wan)
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="31"] /interfaces.php: plugins_configure newwanip (execute task : dnsmasq_configure_do())
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="32"] /interfaces.php: plugins_configure newwanip (execute task : dyndns_configure_do(,wan))
<13>1 2023-03-23T14:45:59+01:00 server opnsense 19759 - [meta sequenceId="33"] /interfaces.php: plugins_configure newwanip (execute task : ntpd_configure_do())
<13>1 2023-03-23T14:46:00+01:00 server opnsense 19759 - [meta sequenceId="34"] /interfaces.php: plugins_configure newwanip (execute task : opendns_configure_do())
<13>1 2023-03-23T14:46:00+01:00 server opnsense 19759 - [meta sequenceId="35"] /interfaces.php: plugins_configure newwanip (execute task : openssh_configure_do(,wan))
<13>1 2023-03-23T14:46:00+01:00 server opnsense 19759 - [meta sequenceId="36"] /interfaces.php: plugins_configure newwanip (execute task : unbound_configure_do(,wan))
<13>1 2023-03-23T14:46:01+01:00 server opnsense 19759 - [meta sequenceId="37"] /interfaces.php: plugins_configure newwanip (execute task : vxlan_configure_do())
<13>1 2023-03-23T14:46:01+01:00 server opnsense 19759 - [meta sequenceId="38"] /interfaces.php: plugins_configure newwanip (execute task : webgui_configure_do(,wan))

The only error I saw here is in sequence 18.

[RomyxBaps]

Okay, new step.
When the IPv6 work for during the 5 minutes after i reload the interface, if i make a ping who doesn't stop from oustide to the firewall, the IPv6 is always reachable, it don't went to "sleep" but when i don't ping outside from inside the firewall, after the ~5 minutes, the IPv6 goes down...

[Sieboldianus]

Jumping in here, I also see these logs since the last update:

Notice	opnsense	/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''	
Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

I have both ipv4 and ipv6 on WAN. IPv6 Configuration Type is set to DHCPv6.

[edit]
Found one issue: Either I did not tick them, or they disappeared - several checks were missing on the WAN IPv6 configuration, following Configure IPv6 for generic DSL dialup

• Request only an IPv6 prefix
• Send IPv6 prefix hint
• Use IPv4 connectivity

I still see

Notice	opnsense	/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]
WARNING /usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''

, but I do get a IPv6 address.

Also, my DHCPv6 Server isn't starting, and clicking on the start in the Dashboard leads to the following log:

2023-03-28T07:14:14	Error	opnsense	/status_services.php: The command '/bin/kill -'TERM' '16531'' returned exit code '1', the output was 'kill: 16531: No such process'

[RomyxBaps]

@Sieboldianus Is it possible for you to ping6 your firewall from outside in the same subnet ?

[fichtner]

@RomyxBaps I'm sorry what is this? A random static IPv6 address manually assigned?

2001::/64            link#1                        U          vmx0
2001::2              link#1                        UHS         lo0

@Sieboldianus cross-posting really doesn't help on topics "IPv6 is broken [no proper report attached]".

As such this ticket will remain in community support state and I would recommend using the forum for such questions.

Cheers,
Franco

[RomyxBaps]

@fichtner It's a false ipv6, barrely it can be 2001:abcd:0123:4567::/64 and 2001:abcd:0123:4567::2

[fichtner]

You can use XXX if you want but if you scrub it like you did it will make it appear it's working as intended (no connection).

Ifconfig output matters, your configuration matters, "22.7 works but 23.1 doesn't" is the least effective way of asking for help.

[RomyxBaps]

Which configuration file do i need to put ?
Here is my ifconfig :

vmx0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN (wan)
	options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
	ether 00:50:56:96:db:eb
	inet6 fe80::250:56ff:fe96:dbeb%vmx0 prefixlen 64 scopeid 0x1
	inet6 2001:XXXX:XXXX:XXXX::2 prefixlen 56
	inet 185.XXX.XXX.85 netmask 0xfffffe00 broadcast 185.XXX.XXX.255
	media: Ethernet autoselect
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
	groups: enc
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
	groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
	syncpeer: 0.0.0.0 maxupd: 128 defer: off
	syncok: 1
	groups: pfsync
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
	options=80000<LINKSTATE>
	inet 10.10.0.1 --> 10.10.0.2 netmask 0xffffff00
	groups: tun openvpn
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	Opened by PID 59597
wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
	options=80000<LINKSTATE>
	inet 198.18.108.1 netmask 0xffffff00
	inet6 fc00:: prefixlen 56
	groups: wg wireguard
	nd6 options=101<PERFORMNUD,NO_DAD>

What is very weird, is when a save the configuration WAN, the IPv6 works but only for nearly 5minutes and after the connection is "lost" and only ipv4 works.

[fichtner]

Is this a static setup? /56 looks wrong and should be /64.

Also, what is your router pointing to when it works vs. when it stops working?

# ifctl -r -6 -i vmx0

[RomyxBaps]

Yes it's a static IP from a subnet i have.
Yes /56 is okay, if I put /64, i'm not on a good network.

The command ifctl -r -6 -i vmx0 return nothing when it's working and when it's not working.
The network inside the firewall is okay, even when i can't ping from a VM inside the subnet IPv6, inside the firewall I can ping6 outside.

[fichtner]

Can you dump a listing of your state files?

 # ls /tmp/vmx0_*

I suppose you do have a gateway set up for this and it's a GUA (hence why you need the /56). A link-local gateway would probably help.

Cheers,
Franco

[RomyxBaps]

Here is the output of the command :

ls /tmp/vmx0_*
ls: No match.

Here is the result for ls /tmp:

configdmodelfield.data		lighttpdcompress		pkg_upgrade.json		template_sample
ddb.conf			opnsense_acl_cache.json		pkg_upgrade.progress		tmp.u6EmFw2l
filter.lock			opnsense_menu_cache.xml		rules.debug			tmpHOSTS
filter_reload_gateway.lock	ovpns1_router			rules.debug.old			unbound-blocklists.conf
filter_update_tables.lock	php-fastcgi.socket-0		rules.limits			unbound-blocklists.conf.cache
gateway_list.json		php-fastcgi.socket-1		ssh-tBXEt5iei0			unbound-download_blocklists.tmp
isAuthLocalIP.cache.json	pkg_update.out			syslog_applications.json	unbound_start.lock

Thank you for helping me !
Oh and what is the GUA ? Yes i have a gateway for the /56, this gateway is use for a lot of servers too (VM).

[fichtner]

The GUA router is also prefixed with 2001: I suppose. It could pose issues and I;d recommend to try using the link-local router IPv6 instead. Also this is not multi-WAN and you don't have default gateway switching enabled?

[RomyxBaps]

Yes, my gateway is like this :

2001:XXXX:XXX:XXff:ffff:ffff:ffff:ff7f

How can i set the "link-local router" ?
I only have one interface (WAN) with an IPv4 and an IPv6.

[fichtner]

Since the setup is static it takes external knowledge to know which link-local address the router has on the WAN interface. Is that gateway under your control or from the ISP?

Cheers,
Franco

[RomyxBaps]

The gateway is under my control yes.
All the subnet IPv4 and IPv6 are in my control.

[fichtner]

Then you can look up the link-local IP on the gateway box with ifconfig on the interface attached to the OPNsense WAN on the other end. Typically, an alias is set there like fe80::1:1 to make the router link-local static and easy to remember.

Cheers,
Franco

[RomyxBaps]

The link local on the machine that hold the IPv6 gateway ? Or on the OPNsense ?
The ifconfig on the OPNsense is like this :

vmx0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN (wan)
	options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
	ether 00:50:56:96:db:eb
	inet6 fe80::250:56ff:fe96:dbeb%vmx0 prefixlen 64 scopeid 0x1
	inet6 2001:XXXX:XXXX:bb04::2 prefixlen 56
	inet 185.XXX.XXX.85 netmask 0xfffffe00 broadcast 185.12.33.255
	media: Ethernet autoselect
	status: active

The gateway is 2001:XXXX:XXXX:bbff:ffff:ffff:ffff:ff7f
The alias on the vmx0 WAN OPNsense is fe80::250:56ff:fe96:dbeb%vmx0

[fichtner]

The link-local address from the gateway machine on the interface that is connected to the OPNsense.

[RomyxBaps]

Oh hmm sorry i didn't understood wel.
I can't check the server that old the IPv6 Gateway :/. I'm on an OVH PCC so OVH don't give me the access at the switch... :(

[fichtner]

Perhaps you can ask them about link-local IP of 2001:XXXX:XXXX:bbff:ffff:ffff:ffff:ff7f gateway address.

Honestly, I'm a little surprised a static setup stops working "dynamically". Something must be going on, but there was no indication that was the case on the OPNsense. We could be missing something of course, but I don't know what it could be.

[RomyxBaps]

I'm at the same point, i did a lot of test but none works.
And what is making me think it's from OPNsense is that i have 150 VM on the same PCC, on the same subnet IPv4 and IPv6 and all the VM works normally but 5 VM don't work and the 5 are OPNSense and since the upgrade from 22.7 to 23.X :/

[fichtner]

I think it's more of a configuration issue. If the default gateway is missing but it's created as a gateway it should automatically use it (unless gateway monitoring thinks it's down and tries to switch away from it to a different gateway entry, perhaps an invalid one for a VPN).

[RomyxBaps]

What is weird is i can ping6 from the firewall to outside of it. But when i try to do a ping on the same subnet from a different VM to the firewall, i have Host unreachable. I don't understand why

[fichtner]

I can't be of much help with this extended debugging in community scope. The typical way to debug is to check wiring, IPv4 connectivity, packet capture for IPv6 on the ICMPv6 messages to see if they are coming in (and being replied to, perhaps wrong interface). Make sure you have the latest version and a clean reboot.

Cheers,
Franco

[RomyxBaps]

I have the latest version and i reboot multiple times.
Also, when i tcpdump on the WAN Interface OPNsense, nothing comes to it.

I will try to disable all the vpn (openvpn and wireguard) on it to force to answer on a single interface but it's weard that it's working 5 minutes and disconnect after. It make me think of this topic on the forum https://forum.opnsense.org/index.php?topic=32263.45.

[Sieboldianus]

My IPv6 works again - after a complete reboot. The last update did not require/automatically reboot.

Before rebooting, I observed a lot of state violation for DNS IPVs on LAN egress, which looked really strange and did not make sense:

LAN		2023-03-28T17:24:02	[2003:e7:1f2b:9600::1b33]:65047	[2003:e7:1f2b:9600:2e0:67ff:fe2a:72e4]:53	udp	Default deny / state violation rule	
LAN		2023-03-28T17:24:02	[2003:e7:1f2b:9600::1b33]:58541	[2003:e7:1f2b:9600:2e0:67ff:fe2a:72e4]:53	udp	Default deny / state violation rule	
LAN		2023-03-28T17:24:02	[2003:e7:1f2b:9600::1b33]:54400	[2003:e7:1f2b:9600:2e0:67ff:fe2a:72e4]:53	udp	Default deny / state violation rule

Now, after reboot, these are gone and https://internet.nl/connection/ shows all green lights:

• IPv6 connectivity of DNS resolver
• IPv6 connectivity (via DNS)
• IPv6 connectivity (direct)
• Privacy Extensions for IPv6
• Domain signature validation (DNSSEC)

However, my general log is still spammed with these log entries:

2023-03-28T18:23:28	Notice	opnsense	/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]	
2023-03-28T18:23:28	Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''	
2023-03-28T18:23:28	Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''	
2023-03-28T18:13:26	Notice	opnsense	/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]	
2023-03-28T18:13:25	Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''	
2023-03-28T18:13:25	Warning	opnsense	/usr/local/etc/rc.newwanipv6: ROUTING: not a valid host gateway address: ''	
2023-03-28T18:03:23	Notice	opnsense	/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]

On the weekend I will have more time for a proper debug and reporting.

Looks like this community forum posts describes my issue:
https://forum.opnsense.org/index.php?topic=32263.0

[fichtner]

not a valid host gateway address

A faulty host gateway address is hardly a connectivity issue and without any sort of information what could be the source of the host address this is impossible to comment on.

[n-thumann]

@Sieboldianus Regarding ROUTING: not a valid host gateway address: '': I assume you have DNS servers configured in System -> Settings -> General, but no gateways selected. Assigning a gateway to each DNS server might help to dodge the bug.
For me #6462 fixes this error, feel free to try ✌️

[Sieboldianus]

Ah, yes, that fixed it for me! Thank you so much!

Strange - this behavior must have been introduced recently, because I neither remember seing this default gateway option, nor these log entries before it started a week ago.

[fichtner]

I’ve added a warning/error for this recently. Functionally this doesn’t matter. It always did the right thing. But thanks for the PR which aligns the call path correctly.

Cheers,
Franco

[RomyxBaps]

Hi,
Personnaly, this doesn't work for me because I can't set a gateway to my DNS because they are on the same network.
Cheers

[Sieboldianus]

The last issue I have is now the logs

/usr/local/etc/rc.newwanipv6: No IP change detected for WAN[wan]

appearing every 5 Minutes in m System > General log.

Is this standard behaviour?

[ssbarnea]

After 7 years of using IPv6 i got to the point where 23.3.5 update messed it and after spending two days debuging it, I am still not able to make it work correctly. In the process I was able to only make it worse. While the router itself gets IPv6 and can use it, that is no longer true for the LAN. I am using Zen Internet in UK for which we also happen to have our own documentation at https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html but sadly naone of them seem to be working.

The dynamic/simple one does not not enable LAN clients to get a proper IPv6 address and the static/advanced one does seem to make them get an IPv6 address but that one is not routed to WAN so no IPv6 internet.

Update, after a decade of using opnsense, I created a stick with openwrt and booted from it just to see if the dhcp based network config it would work, my hopens being low. My surprise was that it got both ipv4/6 config from the FTTP converter and gave full IPv6 support to all devices from my LAN. I guess I might even install it on the ssd later but for now I will survive with it on memory, I don't really need logs. https://test-ipv6.com/ reports 100%.

[skiffkiddie]

this is plauging me too and im sick of it will this even be addressed i am considering leaving opnsense myself...

[fichtner]

If we all quit who will fix it? 😊

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.

[Xboarder56]

@ssbarnea I noticed this issue on my setup as well. previously had IPv6 working now it only works on the OPNsense host itself. clients get IPv6 IPs from both DHCPv6/SLAAC but can't go outbound to the internet. Spent an entire day without luck either.

[cayenne17]

@ssbarnea I noticed this issue on my setup as well. previously had IPv6 working now it only works on the OPNsense host itself. clients get IPv6 IPs from both DHCPv6/SLAAC but can't go outbound to the internet. Spent an entire day without luck either.

Hello,
What is your OPNSense version?
I'm still on version 23.X and I don't have the problem.

[Xboarder56]

23.7.4

[fichtner]

Instead of using a closed ticket without giving additional helpful information I’d rather see individual new ones. At least half of the reports these days are ISP troubleshooting cases.

[Xboarder56]

@fichtner sorry, I’ll open a new one.