Bug #15370
closedGUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
0%
Description
When the WAN interface gets a DHCPv6 and a SLAAC address it will only show one or the other pretty much at random for which one shows up. If the interface bounces it might show the same one as before or it might flip to show the other, ie if it shows DHCPv6 first then after an interface bounce/change/etc. it might still show DHCPv6 or it might flip to the SLAAC address. When looking at the CLI you can clearly see both however but the GUI only reflects one or the other when it should show both. I've noticed this issue in at least 23.09 and the 24.03 beta and I'm sure this probably impacts non-Plus versions as well.
Additionally this also causes issues for IPSec identifiers where, when using WAN IP address as the identifier, will be tied to what the GUI shows for the WAN IP address as well meaning if you have a SLAAC and DHCPv6 WAN address and something causes an interface bounce and the WAN IP "changes" then the local identifier will change too which can cause issues for IPSec tunnels.
[24.03-BETA][admin@firewall]/root: ifconfig ix0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 description: WAN options=48138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,HWSTATS,MEXTPG> ether xx:xx:xx:56:41:40 inet xx.xx.xx.206 netmask 0xfffffc00 broadcast xx.xx.xx.255 inet6 fe80::xxxx:xxxx:fe56:4140%ix0 prefixlen 64 scopeid 0x1 inet6 2001:1111:1111:xxx::48 prefixlen 128 pltime 3600 vltime 3600 inet6 2001:1111:1111:xxx:xxxx:xxxx:fe56:4140 prefixlen 64 autoconf pltime 3600 vltime 3600 media: Ethernet 5000Base-T (5000Base-T <full-duplex,rxpause,txpause>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Files
Updated by Brian Dahlquist 9 months ago
After making a change to WAN interface and hitting save (just unchecked and rechecked a box):
I also noticed the changes/issue shows on the login page over SSH as well where what's shown for WAN address reflects what's "top" when doing ifconfig below the link local inet6 address.
[24.03-BETA][admin@firewall]/root: ifconfig ix0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 description: WAN options=48138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,HWSTATS,MEXTPG> ether xx:xx:xx:56:41:40 inet xx.xx.xx.206 netmask 0xfffffc00 broadcast xx.xx.xx.255 inet6 fe80::xxxx:xxxx:fe56:4140%ix0 prefixlen 64 scopeid 0x1 inet6 2001:1111:1111:xxx:xxxx:xxxx:fe56:4140 prefixlen 64 autoconf pltime 3600 vltime 3600 inet6 2001:1111:1111:f20::48 prefixlen 128 pltime 3600 vltime 3600 media: Ethernet 5000Base-T (5000Base-T <full-duplex,rxpause,txpause>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
You'll noticed that the inet6 addresses changed places compared to the original.
Updated by Marcos M 9 months ago
- Project changed from pfSense Plus to pfSense
- Category changed from Interfaces to Interfaces
- Status changed from New to Rejected
- Affected Plus Version deleted (
24.03)
The first IPv6 GUA to be configured on the interface gets used. The order of what gets configured first is determined by DHCP and what address is added last. Other than what's configured first, I'm not sure one GUA is "more correct" to choose than another. Maybe the DHCP address could be prioritized, but that seems more like individual preference than a rule/policy to implement. If it makes more sense to do things differently, this can be reconsidered.
In general, services are restarted when the WAN IP they use changes. Regarding IPsec, the user can define a variety of static values to avoid those issues.