Project

General

Profile

Actions

Bug #6507

closed

GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot

Added by Daniel Hoffend almost 8 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Interfaces
Target version:
Start date:
06/20/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

Setup

The WAN Interface of my pfsense firewall is connected to our homenetwork. The "real" wan connection (dsl router) advertises a prefix to the local network. The pfSense is configured to use IPv6+DHCP6 to autoconfigure the interface. A GRE Tunnel is configured to a remote IPv6 endpoint in a datacenter (no ipsec, no vpn, just plain gre). This works quite fine up to the point where the pfSense firewall gets rebooted.

Problem

During bootup pfsense tries to online and configure the gre interface. The script rc.bootup / interfaces.inc tries to lookup local IPv6 address to correctly configure the local site. I guess that at this point the IPv6 address isn't yet assigned and therefore the lookup will fail.

System Log

Jun 21 00:09:41 wanpf1 php-cgi: rc.bootup: Accept router advertisements on interface vtnet0_vlan41 
Jun 21 00:09:41 wanpf1 php-cgi: rc.bootup: Accept router advertisements on interface vtnet0_vlan42 
Jun 21 00:09:42 wanpf1 php-cgi: rc.bootup: The command '/sbin/ifconfig gre0 inet6 tunnel  'fc00::21'' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments' 
Jun 21 00:09:42 wanpf1 php-cgi: rc.bootup: The command '/sbin/ifconfig gre1 inet6 tunnel  'fc00::22'' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments' 
[...]
Jun 21 00:09:43 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fe88:c1d8 for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fe88:c1d8 for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Starting dhcp6 client for interface opt1(vtnet0_vlan42)
Jun 21 00:09:43 wanpf1 rtsold: Starting dhcp6 client for interface opt1(vtnet0_vlan42)
[...]
Jun 21 00:09:44 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fee0:a429 for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Recieved RA specifying route fe80::5054:ff:fee0:a429 for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Starting dhcp6 client for interface wan(vtnet0_vlan41)
Jun 21 00:09:44 wanpf1 rtsold: Starting dhcp6 client for interface wan(vtnet0_vlan41)

Workaround

After manually adding the tunnel configuration post-boot or just edit+save the gre interface correctly configures the interface. So basically it works, but it's not reboot-save.

Additional

What I haven't tested yet but will do would be
  • What happens to gre interfaces if you receivce a new RA from your upstream neighbour
  • Can you use a hostname as remote endpoint? This would enable dynamic endpoints (similar to the IPSEC configuration where the ipsec configuration gets updated to the new endpoint on dyndns change). btw. the combination of ipsec+gre is a great one. You can have use the GRE Tunnel to setup dynamic routing updates or complex routing scenarios without the need to update fixed ipsec network lists ... but that's a different story.

Versions tested

2.3.1_5


Related issues

Related to Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfacesClosedViktor Gurov

Actions
Has duplicate Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changesDuplicate04/27/2021

Actions
Actions

Also available in: Atom PDF