if_pppoe problems with php-fpm causing loops. (resolved)
-
The issue is already known and reported, but linking this post on redmine in case anything is missed.
https://redmine.pfsense.org/issues/16235
-
@chrcoluk said in if_pppoe serious problems with php-fpm causing loops.:
https://redmine.pfsense.org/issues/16235
Try the patch linked there. That should resolve it, it did in all our test cases. But pppoe has quite a lot of variation so yours might be a new edge case that would be good to test/fix before 2.8.1.
-
@stephenw10 I will do tonight thanks, I need to determine if the IPv6 issue is a separate bug or will be ok with the patch.
-
There has been a bunch of work gone into the IPv6 setup since 2.8.0. Mostly around the variation in ISPs sending RAs.
Try the patch here: https://redmine.pfsense.org/issues/16265
-
@stephenw10 Ok I have just done it now, patched the file, and rebooted with if_pppoe, the good news is, its came online with no loops and all services running, the bad news is the ipv6 is an issue, I already raised the ipv6 on redmine, will add a note to say I have tested it now with the patch.
-
OK so it just fails to pull a lease at all? Also no PD?
Are you requesting a PD only?
Do you have 'Do not wait for RAs set'?
The behaviour of that setting may be different. Some users have reported needing it set or unset with if_pppoe. ISP dependent.Who is your ISP, if you can say?
-
@stephenw10 The ISP is AAISP. (UK)
The configuration is to request prefix/information via IPv4 connectivity.
Prefix delegation set to none.
no prefix hint, do not wait for RA unticked, request only prefix unticked.The IPv6 subnets working as normal on my LAN interfaces, not requested via DHCP6, but normally AAISP assign a single /128 to the pppoe interface on the firewall for its own use. This is what is failing. Without touching anything other than the enable if_pppoe box it will work on mpd.
I am leaving this booted now on if_pppoe since it is at least now stable, so I will be able to try and fix it by tinkering, if its possible.
I added extra info here.
https://redmine.pfsense.org/issues/16300
See here for some documentation on what AAISP do.
https://support.aa.net.uk/IPv6
It is that 2001: that is failing to attach.
-
@chrcoluk said in if_pppoe serious problems with php-fpm causing loops.:
The ISP is AAISP. (UK)
Nice! That explains the control you have then.
Do you see it trying to pull a dhcpv6 lease? Do you see it logging a RA after it connects at v4?
-
@stephenw10 Yeah, bear in mind I am no expert on dhcp6c, but what I am seeing suggests, its managing to pull something, it then runs ' /var/etc/dhcp6c_wan_script.sh ' which seems to fail, I posted these logs on the redmine, I will snippets here as well for you.
Sorry also forgot to mention I have now also tried the do not wait for RA option as well.
Here is end of it
"Jul 4 13:46:23 dhcp6c 21264 exiting
Jul 4 13:46:23 dhcp6c 21264 script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 4 13:46:23 dhcp6c 22610 script "/var/etc/dhcp6c_wan_script.sh" cannot be executed safely
Jul 4 13:46:23 dhcp6c 22610 lstat failed: No such file or directory
Jul 4 13:46:23 dhcp6c 21264 executes /var/etc/dhcp6c_wan_script.sh
Jul 4 13:46:23 dhcp6c 21264 removing an event on pppoe2, state=INIT
Jul 4 13:46:23 dhcp6c 21264 exit without release "Here is all of it, I just noticed it there is an error at the start as well, whether that also happens when it succeeds on mpd I dont know as I wasnt looking.
Jul 4 13:46:23 dhcp6c 21264 exiting
Jul 4 13:46:23 dhcp6c 21264 script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 4 13:46:23 dhcp6c 22610 script "/var/etc/dhcp6c_wan_script.sh" cannot be executed safely
Jul 4 13:46:23 dhcp6c 22610 lstat failed: No such file or directory
Jul 4 13:46:23 dhcp6c 21264 executes /var/etc/dhcp6c_wan_script.sh
Jul 4 13:46:23 dhcp6c 21264 removing an event on pppoe2, state=INIT
Jul 4 13:46:23 dhcp6c 21264 exit without release
Jul 4 13:46:22 dhcp6c 21264 reset a timer on pppoe2, state=INIT, timeo=0, retrans=891
Jul 4 13:46:22 dhcp6c 21004 called
Jul 4 13:46:22 dhcp6c 21004 called
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>end of closure [}] (1)
Jul 4 13:46:22 dhcp6c 21004 <13>begin of closure [{] (1)
Jul 4 13:46:22 dhcp6c 21004 <13>[0] (1)
Jul 4 13:46:22 dhcp6c 21004 <13>[na] (2)
Jul 4 13:46:22 dhcp6c 21004 <3>[id-assoc] (8)
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>end of closure [}] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>comment [# we'd like some nameservers please] (35)
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Jul 4 13:46:22 dhcp6c 21004 <3>[script] (6)
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>[domain-name] (11)
Jul 4 13:46:22 dhcp6c 21004 <3>[request] (7)
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>[domain-name-servers] (19)
Jul 4 13:46:22 dhcp6c 21004 <3>[request] (7)
Jul 4 13:46:22 dhcp6c 21004 <3>comment [# request stateful address] (26)
Jul 4 13:46:22 dhcp6c 21004 <3>end of sentence [;] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>[0] (1)
Jul 4 13:46:22 dhcp6c 21004 <3>[ia-na] (5)
Jul 4 13:46:22 dhcp6c 21004 <3>[send] (4)
Jul 4 13:46:22 dhcp6c 21004 <3>begin of closure [{] (1)
Jul 4 13:46:22 dhcp6c 21004 <5>[pppoe2] (6)
Jul 4 13:46:22 dhcp6c 21004 <3>[interface] (9)
Jul 4 13:46:22 dhcp6c 21004 skip opening control port
Jul 4 13:46:22 dhcp6c 21004 failed initialize control message authentication
Jul 4 13:46:22 dhcp6c 21004 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jul 4 13:46:22 dhcp6c 21004 extracted an existing DUID from /var/db/dhcp6c_duid: <censored> -
Both logs are reverse order I assume?
-
@stephenw10 yes, newest at the top.
-
Ok I have a done a little more testing, so the dhcp6c client was not staying in a running state, it is supposed to stay running.
I first tried to just manually start it after pppoe2 is online, but it just says sending solicit every 2 seconds with not much else happening, also the '/var/etc/dhcp6c.conf' is unpopulated.
I then rebooted into legacy mode, and '/var/etc/dhcp6c.conf' is populated with dhcpc6c running as a daemon.
The contents as below.
interface pppoe2 { send ia-na 0; # request stateful address request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please }; id-assoc na 0 { };
I then rebooted back into if_pppoe mode, let the ipv4 come online, manually populated the above file to match, and then started dhcpc6c from command line with same syntax as is done automatically and its now working.
I think its a timing issue, dhcp6c is called too early on if_pppoe, I will update the redmine post.
-
@chrcoluk said in if_pppoe serious problems with php-fpm causing loops.:
I think its a timing issue, dhcp6c is called too early on if_pppoe
I just want to clarify — you're not using a multi-WAN configuration, right? And no CARP?
-
@w0w There is only one active pppoe, I think its pppoe2, because of an old WAN config that was disabled ages ago.
Not using CARP.
-
@chrcoluk said in if_pppoe serious problems with php-fpm causing loops.:
/var/etc/dhcp6c_wan_script.sh
What's in that script in each pppoe mode?
-
@stephenw10 I already know the contents in if_pppoe mode, I dont know when I can next reboot as I have been annoying people with all the stuff I am doing, but will check it on mpd as soon as possible. I think this one is without debug activated.
#!/bin/sh This shell script launches /etc/rc.newwanipv6 with a interface argument. dmips=${new_domain_name_servers} dmnames=${new_domain_name} case $REASON in REBIND) /usr/bin/logger -t dhcp6c "dhcp6c rebind on pppoe2" ;; REQUEST|RELEASE) /usr/bin/logger -t dhcp6c "dhcp6c RELEASE, REQUEST or EXIT on pppoe2 running rc.newwanipv6" /usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=pppoe2&dmnames=${dmnames}&dmips=${dmips}&reason=${REASON}" ;; RENEW|INFO) /usr/bin/logger -t dhcp6c "dhcp6c RENEW on pppoe2 running rc.newwanipv6" /usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=pppoe2&dmnames=${dmnames}&dmips=${dmips}&reason=${REASON}" esac
-
@w0w I have now deleted the old dormant pppoe0, there is no pppoe1, so now pppoe2 is the only PPP listed in the PPPs section and is assigned to WAN. This is just me tidying up though. I doubt its related as its been sitting there for probably 2 years unused (not assigned to any interfaces) since I stopped using that service.
-
@chrcoluk said in if_pppoe serious problems with php-fpm causing loops.:
This shell script launches /etc/rc.newwanipv6 with a interface argument.
That line should be commented:
# This shell script launches /etc/rc.newwanipv6 with a interface argument.
Is that just a typo?
-
@stephenw10 It is commented in the actual file.
# cat /var/etc/dhcp6c_wan_script.sh #!/bin/sh # This shell script launches /etc/rc.newwanipv6 with a interface argument. dmips=${new_domain_name_servers} dmnames=${new_domain_name} case $REASON in REBIND) /usr/bin/logger -t dhcp6c "dhcp6c rebind on pppoe2" ;; REQUEST|RELEASE) /usr/bin/logger -t dhcp6c "dhcp6c RELEASE, REQUEST or EXIT on pppoe2 running rc.newwanipv6" /usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=pppoe2&dmnames=${dmnames}&dmips=${dmips}&reason=${REASON}" ;; RENEW|INFO) /usr/bin/logger -t dhcp6c "dhcp6c RENEW on pppoe2 running rc.newwanipv6" /usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=pppoe2&dmnames=${dmnames}&dmips=${dmips}&reason=${REASON}" esac
I have just noticed this is repeating every hour in the general log.
php-fpm <pid> /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe2.
So even with the IPv6 online after my manual intervention, its unhappy about something, maybe because it never worked with the automatic attempt.
This from earlier when I ran dhcp6c manually.
rc.newwanipv6: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 2001:8b0:<blah> - Restarting packages
-
Can you see what's triggering that? Anything else logged at the time?