Project

General

Profile

Actions

Bug #15370

closed

GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both

Added by Brian Dahlquist 9 months ago. Updated 9 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

When the WAN interface gets a DHCPv6 and a SLAAC address it will only show one or the other pretty much at random for which one shows up. If the interface bounces it might show the same one as before or it might flip to show the other, ie if it shows DHCPv6 first then after an interface bounce/change/etc. it might still show DHCPv6 or it might flip to the SLAAC address. When looking at the CLI you can clearly see both however but the GUI only reflects one or the other when it should show both. I've noticed this issue in at least 23.09 and the 24.03 beta and I'm sure this probably impacts non-Plus versions as well.

Additionally this also causes issues for IPSec identifiers where, when using WAN IP address as the identifier, will be tied to what the GUI shows for the WAN IP address as well meaning if you have a SLAAC and DHCPv6 WAN address and something causes an interface bounce and the WAN IP "changes" then the local identifier will change too which can cause issues for IPSec tunnels.

[24.03-BETA][admin@firewall]/root: ifconfig
ix0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN
        options=48138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,HWSTATS,MEXTPG>
        ether xx:xx:xx:56:41:40
        inet xx.xx.xx.206 netmask 0xfffffc00 broadcast xx.xx.xx.255
        inet6 fe80::xxxx:xxxx:fe56:4140%ix0 prefixlen 64 scopeid 0x1
        inet6 2001:1111:1111:xxx::48 prefixlen 128 pltime 3600 vltime 3600
        inet6 2001:1111:1111:xxx:xxxx:xxxx:fe56:4140 prefixlen 64 autoconf pltime 3600 vltime 3600
        media: Ethernet 5000Base-T (5000Base-T <full-duplex,rxpause,txpause>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>



Files

WAN Example 1.jpg (17.6 KB) WAN Example 1.jpg Brian Dahlquist, 03/31/2024 11:24 AM
WAN Example 2.jpg (50.3 KB) WAN Example 2.jpg Brian Dahlquist, 03/31/2024 11:26 AM
WAN Example - After Changes.jpg (51.2 KB) WAN Example - After Changes.jpg Brian Dahlquist, 03/31/2024 11:39 AM
Actions #1

Updated by Brian Dahlquist 9 months ago

After making a change to WAN interface and hitting save (just unchecked and rechecked a box):
I also noticed the changes/issue shows on the login page over SSH as well where what's shown for WAN address reflects what's "top" when doing ifconfig below the link local inet6 address.

[24.03-BETA][admin@firewall]/root: ifconfig
ix0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN
        options=48138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,HWSTATS,MEXTPG>
        ether xx:xx:xx:56:41:40
        inet xx.xx.xx.206 netmask 0xfffffc00 broadcast xx.xx.xx.255
        inet6 fe80::xxxx:xxxx:fe56:4140%ix0 prefixlen 64 scopeid 0x1
        inet6 2001:1111:1111:xxx:xxxx:xxxx:fe56:4140 prefixlen 64 autoconf pltime 3600 vltime 3600
        inet6 2001:1111:1111:f20::48 prefixlen 128 pltime 3600 vltime 3600
        media: Ethernet 5000Base-T (5000Base-T <full-duplex,rxpause,txpause>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

You'll noticed that the inet6 addresses changed places compared to the original.
Actions #2

Updated by Marcos M 9 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from Interfaces to Interfaces
  • Status changed from New to Rejected
  • Affected Plus Version deleted (24.03)

The first IPv6 GUA to be configured on the interface gets used. The order of what gets configured first is determined by DHCP and what address is added last. Other than what's configured first, I'm not sure one GUA is "more correct" to choose than another. Maybe the DHCP address could be prioritized, but that seems more like individual preference than a rule/policy to implement. If it makes more sense to do things differently, this can be reconsidered.

In general, services are restarted when the WAN IP they use changes. Regarding IPsec, the user can define a variety of static values to avoid those issues.

Actions

Also available in: Atom PDF