HELP: NETGATE 3100 - After updating from 22.05 to 23.01 unable to create/use GIF interfaces
-
After upgrading my Netgate XG-1537 from 22.05 to 23.01 my Hurricane Electric GIF tunnels are broken.
I can successfully ping the HE tunnel endpoint from within the LAN but no packets received from the tunnel are delivered.
-
-
@chrisjenk Thanks for the reply.
My symptoms are a bit different in that gif0 is present but there is no traffic flowing from the pfSense tunnel endpoint to the LAN. I can ping the pfSense tunnel endpoint from the LAN. I can ping the HE tunnel endpoint from the outside world.
I cannot ping the pfSense tunnel endpoint from the outside world nor can the LAN ping the HE tunnel endpoint.
HE support does not see anything problem with the tunnel from their point of view. pfSense reports the tunnel as present and "UP" with no packet loss.
I have a TAC Enterprise subscription and have created a support ticket.
-
@jaltman In my case the "Automatic" setting for IPv6 gateway no longer results in the HE Tunnel being used to route IPv6 traffic. Manually selecting the tunnel gateway results in the passing of traffic.
-
@jaltman said in HELP: NETGATE 3100 - After updating from 22.05 to 23.01 unable to create/use GIF interfaces:
@jaltman In my case the "Automatic" setting for IPv6 gateway no longer results in the HE Tunnel being used to route IPv6 traffic. Manually selecting the tunnel gateway results in the passing of traffic.
What gateway did "Auto" use instead?
Auto is always a roll of the dice, it can be different with any change in the interface properties, add/delete interfaces, new VPNs, etc.
You should always set a specific gateway (or better yet, a group) with what you want there.
-
@jimp Unfortunately I do not know. Now when I set the gateway to "automatic" and reboot the tunnel is selected as the default. Sadly I did not create a snapshot before I made the change.
I agree that explicitly selecting the tunnel is the correct thing to do.
-
I had this problem, and tried to fix it by deleting and redefining the GIF. Unfortunately, that didn't work: I get a PHP error when I try to define it:
[24-Feb-2023 20:52:20 America/Chicago] PHP Fatal error: Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44 Stack trace: #0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1) #1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array) #2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array) #3 {main} thrown in /etc/inc/interfaces.inc on line 44
I tried registering on Redmine to file a bug report, but have not yet gotten the activation email. @jimp , is it broken again?
-
That's a different issue. I opened a bug for it: https://redmine.pfsense.org/issues/14035
-
@stephenw10 Thanks! Yeah, I was hesitant to post to this thread about it, but there was already discussion on GIF interfaces, so...
(And if I can ever get registered on Redmine, I did save the debug log.)
-
Can you see what's in your config file when you hit that error?
Or the exact steps required to replicate it?
-
@stephenw10 Replicating it is easy:
- Navigate to Interfaces->Assignments, GIFs tab.
- Click + Add.
- Enter server IP address, GIF tunnel local address, and GIF tunnel remote address as appropriate (I took mine from my HE tunnel page).
- Select 64 for GIF tunnel subnet.
- Do not select ECN friendly behavior or Outer Source Filtering.
- Enter "HE IPv6 tunnel" for description.
- Click Save.
Expected result: GIF interface is created.
Actual result: PHP error:Fatal error: Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44 Stack trace: #0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1) #1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array) #2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array) #3 {main} thrown in /etc/inc/interfaces.inc on line 44 PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 44, Message: Uncaught TypeError: pfSense_interface_flags(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:44 Stack trace: #0 /etc/inc/interfaces.inc(44): pfSense_interface_flags(Array, 1) #1 /etc/inc/interfaces.inc(1271): interfaces_bring_up(Array) #2 /usr/local/www/interfaces_gif_edit.php(124): interface_gif_configure(Array) #3 {main} thrown
-
Mmm, there must be something existing in your config or missing from that would usually be there by default when you attempt to apply that. It doesn't happen on a clean config as far as I can tell. Or at least I've failed to replicate it so far.
-
@stephenw10 I can send you my config, if you like. Just let me know where to send it.
-
Yes, please upload it here: https://nc.netgate.com/nextcloud/s/3kdTjgDRRC2txeQ
-
@stephenw10 Done.
-
Thanks. When you hit this error does the tunnel actually get created? Do you get additional config in the file?
-
@stephenw10 I don't know where to look at the config file (I'm ont a BSD guy), but Interfaces->Assignments, Interface Assignments tab, does not show the interface to assign.
-
If you look in Diag > Backup > Config History you can see any changes to the config file.
-
@stephenw10 Nope...last thing in the config history is the deletion of the GIF interface that I did trying to resolve the initial problem.
-
@stephenw10 I see the Redmine case is marked "more information needed". I'll be happy to provide more, but I still can't get the verification email from Redmine. What else is needed?