6to4 Tunnel seems to be broken.



  • I have noticed that I cannot get to IPV6 address recently. The latest code on actually produced an error which got me investigating.
    The WAN ipv6 address no longer shows up although it does create the GW and LAN does get an IP address from tracking WAN. This leave $oc['ipv6'] without an address for WAN.
    I also don't see the stf0 which I normally see. It seems to be wan_stf now, but that does not show up in routing.
    Please let me know what you need to help in troubleshooting this issue.



  • Check if this commit https://github.com/bsdperimeter/pfsense/commit/5ee79d322a70127025e51241c6092c1e7db74981 helps.

    Not sure how that worked before since that was unchanged.
    Just try it and let me know.

    An ifconfig output of the stf interface and the routing table helps here.



  • That commit has not helped.
    The stf interface is not being created as it does not show up in ifconfig output. Since it is not there a route is also not created.

    I have to delete the 2 lines you added in commit https://github.com/bsdperimeter/pfsense/commit/311959fe8b65db2bbb39e06f27e91f242bf101fe before I can get to the internet.

    If I leave them in I get:

    php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:227: syntax error - The line in question reads [227]: pass in on $WAN inet6 from any to / label "Allow 6in4 traffic in for 6to4 on WAN"
    

    I have also searched the logs and cannot determine that the stf interface has even been created.

    Edit:
    Looks like the stf interface changes were part of this commit.
    https://github.com/bsdperimeter/pfsense/commit/7d1f2eace0a951edd6ac2f5679d14f55ab212d85



  • Can you gitsync and try with latest code or latest snapshots from later on?



  • Yes, I will let you know the results.



  • Okay, there are no errors on filter reload. It is not creating the wan_stf or stf0 (which from the commits is being changed) interface. IPv6 is still not working correctly.



  • You mean on bootup or after clicking save on interface page?



  • On save on interface page. I have not tried a reboot since it is the main office FW. I don't want to keep rebooting it often. I can reboot if need be.



  • Reboot has no affect on this issue.



  • Not sure what is wrong on your side.
    I just selected an interface choose 6to4 type and the interface comes right up!
    Can you show screenshot of your configuration and also the section of the interface in config.xml for this?

    UPDATE: Also can you check that your interface address is not in private range since that will not allow it!



  • Do you mind if I PM you that?
    Yes, it is using a public address. Up till yesterday, IPv6 was working well.
    I am also running CAPR type VIPs on the WAN as well. Is there anything that destroys wan_*?



  • Send the PM is ok like that



  • What screen shots would you like? It is really simple setup. Just choose 6to4 Tunnel in WAN config and created an allow all rule in LAN for IPv6.



  • Really just gitsync to the latest code and retry.
    I put your configuration on test vm and it just works!



  • It usually makes no difference, but I am running the 32bit version.
    I tried gitsync and I even removed ipv6 config and rebooted and re-setup. It is now not creating an IP address on LAN either. Very strange.



  • Used a spare public IP and tested with latest build and a git sycn on 32bit. Basic config .. set public ip on WAN and set a static with a free on in the net. Made sure traffic could pass. Result is that IPv6 does not work. LAN does not set IPv6 and WAN does not create the wan_stf interface. IPv6 using 6to4 tunnel fail. Testing 64bit now with same setup.



  • Did get errors:

    
    php: : The command '/sbin/ifconfig wan_stf inet6 2002:4658:b479:: prefixlen 16' returned exit code '1', the output was 'ifconfig: interface wan_stf does not exist'
    
    

    and then of course:

    php: : The command '/sbin/route change -inet6 default '2002:c058:6301::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2002:c058:6301::: Network is unreachable'
    


  • 64bit pfSense also failed to create wan_stf. Here are the errors:

    php: : The command '/sbin/ifconfig wan_stf inet6 2002:4658:b479:: prefixlen 16' returned exit code '1', the output was 'ifconfig: interface wan_stf does not exist'
    

    and

    php: : The command '/sbin/route change -inet6 default '2002:c058:6301::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2002:c058:6301::: Network is unreachable'
    

    There was an error on boot about renaming the interface, but it went by quickly and I cannot capture it.

    update:
    okay it says that rename expect 1 parameter to be a string.



  • Have you ever tried to execute that manually in Diagnostis->Command Prompt->PHP Execute?

    $tmpstfiface = pfSense_interface_create("stf");
    var_dump($tmpstfiface);



  • nope .. but i did a scroll lock on the error and got this.
    pfSense_interface_rename() expects parameter 1 to be string, array given in /etc/inc/interfaces.inc on line 3313.

    That line reads: pfSense_interface_rename($tmpstfiface, $stfiface);
    Parameter 1 I think is $tmpstfiface and is getting set by $tmpstfiface = pfSense_interface_create("stf");
    if not then it is the $stfiface set by $stfiface = "{$interface}_stf";

    But which ever one it is, its creating an array and not a string.

    Update:
    With parameters set to "wan" and "wan_stf", I no longer get the errors booting up, but it looks like stf is never created or renaming fails as I keep getting:

    
    The command '/sbin/ifconfig wan_stf inet6 2002:4658:b479:: prefixlen 16' returned exit code '1', the output was 'ifconfig: interface wan_stf does not exist'
    
    


  • The $tmpstfiface variable is an array due to the fact that the "pfSense_interface_create" function returns an array (with the key "error" and value "Could not create interface") when an error occurs.

    Try without using the "pfSense_interface_create" function by executing "ifconfig stf create" and see what happens.



  • It is actually returning the string "Array" … I put in a log_error command to return the value of $tmpstfiface.



  • Directly printing an array returns the string "Array".



  • Okay .. how can I convert that from array to string to print the error? no other error is being shown.



  • Use either "$output = var_export($var, true);" or "$output = print_r($var, true);" before feeding the $output variable to the log_error function. But I would be more interested in what happens when you execute "ifconfig stf create" on the command line, as the array contents will very likely only be "array( 'error' => "Could not create interface", )".



  • It creates sft0 when I issue that command.



  • okay, got it to show what it is putting in there. It is putting in a '1'.
    When I hard code it to pfSense_interface_rename("stf0", $stfiface); everything works!!!
    So, I am not sure why the pfSense_interface_create("stf"); is returning a 1 since it is created, but unsure why it is erroring out.



  • I can also confirm that if you do:
    ifconfig stf create
    ifconfig stf0 name wan_stf
    from the console, that the existing code works like a charm. It does not survive reboot though unless you do this yourself.



  • I found out why :)
    Pushed a fix for this. The module for stf interface is not loaded that is why ifconfig works while pfSense calls do not!

    Upgrade/gitsync to latest code since there have been fixes for all your issues.



  • That is awesome!!! … Thanks Ermal it is working like a charm now.


Log in to reply