HELP: NETGATE 3100 - After updating from 22.05 to 23.01 unable to create/use GIF interfaces

ChrisJenk

I have been using 22.05 (NetGate SG3100) for ages and I have a 6in4 GIF tunnel configured to provide IPv6 services via Hurricane Electric tunnel broker. I just updated to 23.01 and now the gif tunnel no longer works. It is present in the configuration, and everything looks fine but the associated interface (WANV6) is down and if I log into the unit via ssh then ifconfig does not list any gif interfaces. I have restarted the unit but this does not help. There is nothing in the logs to indicate any issue.

It is critical for me to get this working again. I can't believe an upgrade would break such basic functionality.

Can anyone help please?

ChrisJenk

@chrisjenk UPDATE: I am not even able to create a GIF interface on my system now.

root: ifconfig gif0 create
ifconfig: SIOCIFCREATE2 (gif0): Invalid argument
root: ifconfig gif9 create
ifconfig: SIOCIFCREATE2 (gif9): Invalid argument

It is almost as if the 23.01 kernel is missing support for GIF interfaces?

Bob.Dig

@chrisjenk said in HELP: After updating from 22.05 to 23.01 my Hurricane Electric 6in4 GIF tunnel no longer works:

It is almost as if the 23.01 kernel is missing support for GIF interfaces?

No, working fine here. But I created my tunnel afterwards. If it would be a general problem, this thread would fill up over time.

ChrisJenk

@bob-dig It might be hardware specific (different kernel). Given that I cannot even create a GIF interface using ifconfig it sure looks pretty fundamental.

jimp

It looks like it was the linker hints, like I mentioned on your other thread asking about the linker error.

I found one of my 3100 installs where I could replicate this, but just that one:

: ifconfig gif9 create
ifconfig: SIOCIFCREATE2 (gif9): Invalid argument
: kldxref /boot/kernel/
: ifconfig gif9 create
: ifconfig gif9 destroy
:

jaltman

After upgrading my Netgate XG-1537 from 22.05 to 23.01 my Hurricane Electric GIF tunnels are broken.

I can successfully ping the HE tunnel endpoint from within the LAN but no packets received from the tunnel are delivered.

ChrisJenk

@jaltman Have you tried the solution in the answer above from @jimp ? You likely need to reboot after running the kldxref command (I did). After that it all worked for me.

jaltman

@chrisjenk Thanks for the reply.

My symptoms are a bit different in that gif0 is present but there is no traffic flowing from the pfSense tunnel endpoint to the LAN. I can ping the pfSense tunnel endpoint from the LAN. I can ping the HE tunnel endpoint from the outside world.

I cannot ping the pfSense tunnel endpoint from the outside world nor can the LAN ping the HE tunnel endpoint.

HE support does not see anything problem with the tunnel from their point of view. pfSense reports the tunnel as present and "UP" with no packet loss.

I have a TAC Enterprise subscription and have created a support ticket.

jaltman

@jaltman In my case the "Automatic" setting for IPv6 gateway no longer results in the HE Tunnel being used to route IPv6 traffic. Manually selecting the tunnel gateway results in the passing of traffic.

jimp

@jaltman said in HELP: NETGATE 3100 - After updating from 22.05 to 23.01 unable to create/use GIF interfaces:

@jaltman In my case the "Automatic" setting for IPv6 gateway no longer results in the HE Tunnel being used to route IPv6 traffic. Manually selecting the tunnel gateway results in the passing of traffic.

What gateway did "Auto" use instead?

Auto is always a roll of the dice, it can be different with any change in the interface properties, add/delete interfaces, new VPNs, etc.

You should always set a specific gateway (or better yet, a group) with what you want there.

jaltman

@jimp Unfortunately I do not know. Now when I set the gateway to "automatic" and reboot the tunnel is selected as the default. Sadly I did not create a snapshot before I made the change.

I agree that explicitly selecting the tunnel is the correct thing to do.

jmaynard

I had this problem, and tried to fix it by deleting and redefining the GIF. Unfortunately, that didn't work: I get a PHP error when I try to define it:

[24-Feb-2023 20:52:20 America/Chicago] PHP Fatal error:  Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44
Stack trace:
#0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1)
#1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array)
#2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array)
#3 {main}
  thrown in /etc/inc/interfaces.inc on line 44

I tried registering on Redmine to file a bug report, but have not yet gotten the activation email. @jimp , is it broken again?

stephenw10

That's a different issue. I opened a bug for it: https://redmine.pfsense.org/issues/14035

jmaynard

@stephenw10 Thanks! Yeah, I was hesitant to post to this thread about it, but there was already discussion on GIF interfaces, so...

(And if I can ever get registered on Redmine, I did save the debug log.)

stephenw10

Can you see what's in your config file when you hit that error?

Or the exact steps required to replicate it?

jmaynard

@stephenw10 Replicating it is easy:

1. Navigate to Interfaces->Assignments, GIFs tab.
2. Click + Add.
3. Enter server IP address, GIF tunnel local address, and GIF tunnel remote address as appropriate (I took mine from my HE tunnel page).
4. Select 64 for GIF tunnel subnet.
5. Do not select ECN friendly behavior or Outer Source Filtering.
6. Enter "HE IPv6 tunnel" for description.
7. Click Save.

Expected result: GIF interface is created.
Actual result: PHP error:

Fatal error: Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44 Stack trace: #0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1) #1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array) #2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array) #3 {main} thrown in /etc/inc/interfaces.inc on line 44 PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 44, Message: Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44 Stack trace: #0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1) #1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array) #2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array) #3 {main} thrown

stephenw10

Mmm, there must be something existing in your config or missing from that would usually be there by default when you attempt to apply that. It doesn't happen on a clean config as far as I can tell. Or at least I've failed to replicate it so far.

jmaynard

@stephenw10 I can send you my config, if you like. Just let me know where to send it.

stephenw10

Yes, please upload it here: https://nc.netgate.com/nextcloud/s/3kdTjgDRRC2txeQ

jmaynard

@stephenw10 Done.