Kernel/OPNsense loses (or fails to add) IPv6 networks while adding IPv6 link-local and primary net+address pairs - see red cells G15:G23, K27:K35, G39:G47 and K51:K59 - it consequently breaks routing.OK after removed _on_open=1 and restarted Unlike TUN interfaces, TAP interfaces do not have IPv6 link-local net+address pairs (fe80) though both have auto_linklocal option enabled - see red cells F38:G59.The table below ( updated, changed cells have blue borders) illustrates all the issues I identified in connection with the readding VIPs problem: OK, should destroy tun/tap interface on Tinc daemon restart. OK, taken into account the comment below by There are some issues with IPv6 network routes: they disappear from time to time leaving only /128 address assigned to lo0 in netstat -rn6 output which breaks routing. There is an issue with configd_ctl.py script when called on interface with primary IPv6 address: opnsense: /usr/local/etc/rc.newwanip: Failed to detect IP for TINC0 message in log.no fe80::/10 link locals are created for them. There are some issues with TAP interfaces, e.g.My first preliminary guesses are as follows: Tomorrow I will try to document every detail to show you. I spent another couple of hours experimenting with it and the problem I described seems to be a little more complex than just a configd_ctl.py call. Although it does not sound reasonable, all these factors make a difference. I suppose, you a) used tun, not tap b) used primary IPv4 (192.168.100.1 in your example) c) used same address family VIP (192.168.123.130 in your example). (see PR 1733, commit thank you for investing your time in it. Issue with losing IPv6 network routes was resolved by destroying tun/tap interface in tincd.py.(personal non-default tunables change that I made for Zerotier) Issue with link-local addresses was resolved by removing _on_open=1.Issue with readding VIPs was resolved by triggering configd_ctl.py from tincd.py.Virtual IPs should be readded each time a tun/tap interface is created. Restart Tinc daemon from the dashboard or make any changes in Tinc configuration.Add a virtual IP (alias) to the interface.Add a network and at least one host in Tinc configuration.I experienced this problem when using Tinc but it seems to be related to any tun/tap interface so I generalised it. VIPs are not readded after recreating a tun/tap interface. I have searched the existing issues and I'm convinced that mine is new. I have read the contributing guide lines. Before you add a new report, we ask you kindly to acknowledge the following:
0 kommentar(er)
