Project

General

Profile

Actions

Bug #6507

closed

GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot

Added by Daniel Hoffend over 8 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Interfaces
Target version:
Start date:
06/20/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

Setup

The WAN Interface of my pfsense firewall is connected to our homenetwork. The "real" wan connection (dsl router) advertises a prefix to the local network. The pfSense is configured to use IPv6+DHCP6 to autoconfigure the interface. A GRE Tunnel is configured to a remote IPv6 endpoint in a datacenter (no ipsec, no vpn, just plain gre). This works quite fine up to the point where the pfSense firewall gets rebooted.

Problem

During bootup pfsense tries to online and configure the gre interface. The script rc.bootup / interfaces.inc tries to lookup local IPv6 address to correctly configure the local site. I guess that at this point the IPv6 address isn't yet assigned and therefore the lookup will fail.

System Log

Jun 21 00:09:41 wanpf1 php-cgi: rc.bootup: Accept router advertisements on interface vtnet0_vlan41 
Jun 21 00:09:41 wanpf1 php-cgi: rc.bootup: Accept router advertisements on interface vtnet0_vlan42 
Jun 21 00:09:42 wanpf1 php-cgi: rc.bootup: The command '/sbin/ifconfig gre0 inet6 tunnel  'fc00::21'' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments' 
Jun 21 00:09:42 wanpf1 php-cgi: rc.bootup: The command '/sbin/ifconfig gre1 inet6 tunnel  'fc00::22'' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments' 
[...]
Jun 21 00:09:43 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fe88:c1d8 for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fe88:c1d8 for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Starting dhcp6 client for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Starting dhcp6 client for interface opt1(vtnet0_vlan42)
[...]
Jun 21 00:09:44 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fee0:a429 for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fee0:a429 for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Starting dhcp6 client for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Starting dhcp6 client for interface wan(vtnet0_vlan41)

Workaround

After manually adding the tunnel configuration post-boot or just edit+save the gre interface correctly configures the interface. So basically it works, but it's not reboot-save.

Additional

What I haven't tested yet but will do would be
  • What happens to gre interfaces if you receivce a new RA from your upstream neighbour
  • Can you use a hostname as remote endpoint? This would enable dynamic endpoints (similar to the IPSEC configuration where the ipsec configuration gets updated to the new endpoint on dyndns change). btw. the combination of ipsec+gre is a great one. You can have use the GRE Tunnel to setup dynamic routing updates or complex routing scenarios without the need to update fixed ipsec network lists ... but that's a different story.

Versions tested

2.3.1_5


Related issues

Related to Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfacesClosedViktor Gurov

Actions
Has duplicate Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changesDuplicate04/27/2021

Actions
Actions #1

Updated by Daniel Hoffend over 8 years ago

My test setup contains 2 gre tunnels, but to reproduce the issue 1 gre tunnel is sufficient.

Tunnel1

  • Local IPv6 address on vtnet0_vlan41 (fc01::xxxx)
  • Remote IPv6 address (fc00::21 reachable via fc01::1 / link-local ipv6 address)
  • Static Route to fc00::21 to next-hop on vtnet0_vlan41

Tunnel2

  • Local IPv6 address on vtnet0_vlan42 (fc02::xxxx)
  • Remote IPv6 address (fc00::22 reachable via fc02::1 / link-local ipv6 address)
  • Static Route to fc00::22 to next-hop on vtnet0_vlan42
Actions #2

Updated by Chris Buechler over 8 years ago

  • Target version deleted (2.3.1-p2)
Actions #3

Updated by Chris Buechler over 8 years ago

  • Subject changed from GRE Tunnel over IPv6 doesn't receive the complete tunnel configuration during rc.bootp to GRE tunnel on dynamic IPv6 interface not brought up during boot
  • Status changed from New to Confirmed
  • Affected Version changed from 2.3.x to All
Actions #4

Updated by Daniel Hoffend over 8 years ago

Any idea? Is there any hook we can bind to? Like change of interface ip addresses? Which could get our tunnels reconfigured?

Actions #5

Updated by Daniel Hoffend over 8 years ago

IMO this function should be combined with the ipsec tunnel reload. This way you can combine point2point ipsec connections and gre tunnels for dynamic routing.

Once the local ip address or the remote tunnel endpoint changes ipsec and gre can be reconfigured to point into the same direction.

Actions #6

Updated by Daniel Hoffend about 8 years ago

I've tried to dig into this again. There some things I've noticed.

1) it looks like the binary "check_reload_status" is triggering ipsec, openvpn or dyndns reloads. It also should trigger rc.newwanip and rc.newwanipv6

2) The rc.newwanip script triggers the function interface_gre_configure()

3) The rc.newwanipv6 script doesn't include this function call. Also looking into the system logs the script itself never gets executed. I see the rc.newwanip gets triggered to change ipv6 routes but apparently the v6 script is never called when the interface received its dhcpv6 address.

I'm looking to the right place to trigger the gre interface reconfiguration after the interface got it's first ipv6 address or when the v6 address has changed (like ra from the upstream gateway).

Actions #7

Updated by Viktor Gurov almost 4 years ago

  • Affected Version changed from All to 2.5.0

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63

TODO:
correctly restart tunnels on track interface

Actions #8

Updated by Renato Botelho almost 4 years ago

  • Status changed from Confirmed to Pull Request Review
  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0
  • Affected Version changed from 2.5.0 to All
Actions #9

Updated by Renato Botelho almost 4 years ago

  • Target version changed from 2.5.0 to CE-Next
Actions #10

Updated by Jim Pingle over 3 years ago

  • Has duplicate Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes added
Actions #11

Updated by Jim Pingle over 3 years ago

  • Subject changed from GRE tunnel on dynamic IPv6 interface not brought up during boot to GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot

Updating subject to reflect that the PR corrects both GRE and GIF.

Actions #12

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Target version changed from CE-Next to 2.6.0
  • Plus Target Version set to 21.09

PR has been merged. Thanks!

Actions #13

Updated by Viktor Gurov over 3 years ago

  • % Done changed from 0 to 100
Actions #15

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Pull Request Review
Actions #16

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Actions #17

Updated by Viktor Gurov about 3 years ago

  • Related to Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces added
Actions #18

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions #19

Updated by Jim Pingle almost 3 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF