search

coolhva / usg-kpn-ftth

USG configuration for KPN FTTH
124 stars 29 forks source link

Internet connectivity is lost during provisioning #40

Open Goz3rr opened 3 years ago

Goz3rr commented 3 years ago

Whenever the USG has to reprovision (for example, after you change a port forwarding setting) internet connectivity will drop. It starts after about 1 minute and then takes a few minutes to come back up. Trying to ping from the USG will result in Network is unreachable and the pppoe2 interface disappears from show interfaces. This has only started happening since I updated to the kpn.sh script, the older setroutes.sh and setvpn.sh script did not have this issue and kept internet connectivity during provisioning.

I assume this is because of pppoe2 being disconnected to set the MTU, is there a reason this has to be done now while it didn't before? Can't you just set it from the config.gateway.json?

coolhva commented 2 years ago

Sorry for the late reply, the issue is that some USG don't like the MTU in the json. You can set the MTU in the JSON and check if that solves it. You do not need to change the kpn.sh as it will check if the MTU exists.

so MTU for ETH0 is 1512 and for ETH0 VIF 6 is 1508, see this commit for details:

https://github.com/coolhva/usg-kpn-ftth/commit/b402b39b41c080702dae7c7597e0dfd15ac50b8b#diff-65c9fe36cffa3ad97c0f1bc1c5754aa7eb8bd76bd757aa4097775b2986c1c6a6 <-- do not download this file, please look to see where I added the MTU values and do this on your own json file (latest version).

kraaijmakers commented 2 years ago

Just wanted to let you know here it works after changing the MTU lines back into the current config :)

MadDog2K commented 2 years ago

@kraaijmakers what USG (3P or Pro), what USG firmware version and what Controller version are you using where it works for you to have MTU defined in the JSON ?

I couldn’t get it to work on my 3P with 4.4.56 and controller 6.5.5

kraaijmakers commented 2 years ago

Hey I used the same version of the USG 3P. Controller 6.5.55, here's my current config, hope it helps

{
    "system": {
        "offload": {
            "ipv4": {
                     "forwarding": "enable",
                     "gre": "enable",
                     "pppoe": "enable",
                     "vlan": "enable"
            },
            "ipv6": {
                    "forwarding": "enable",
                    "pppoe": "enable",
                    "vlan": "disable"
            }
        }
    },
    "firewall": {
        "ipv6-name": {
            "WANv6_LOCAL" : {
                "rule": {
                    "1": {
                        "action": "accept",
                        "description": "Allow ICMPv6",
                        "log": "enable",
                        "protocol": "icmpv6"
                    },
                    "2": {
                        "action": "accept",
                        "description": "DHCPv6",
                        "destination": {
                                "port": "546"
                        },
                        "protocol": "udp",
                        "source": {
                                "port": "547"
                        }
                    }
                }
            },
            "WANv6_IN" : {
                "rule": {
                    "1": {
                            "action": "accept",
                            "description": "Allow ICMPv6",
                            "log": "enable",
                            "protocol": "icmpv6"
                    }
                }
            }
        }
    },
    "interfaces": {
        "ethernet": {
            "eth0": {
                "mtu": "1512",
                "dhcp-options": {
                    "default-route": "no-update",
                    "default-route-distance": "1",
                    "name-server": "no-update"
                },
                "description": "WAN",
                "vif": {
                    "4": {
                        "address": [
                            "dhcp"
                        ],
                        "description": "IPTV",
                        "dhcp-options": {
                            "client-option": [
                                "send vendor-class-identifier &quot;IPTV_RG&quot;;",
                                "request subnet-mask, routers, rfc3442-classless-static-routes;"
                            ],
                            "default-route": "no-update",
                            "default-route-distance": "210",
                            "name-server": "no-update"
                        },
                        "ip": {
                            "source-validation": "loose"
                        },
                        "mtu": "1500"
                    },
                    "6": {
                        "mtu": "1508",
                        "firewall": {
                            "in": {
                                "ipv6-name": "WANv6_IN",
                                "name": "WAN_IN"
                            },
                            "local": {
                                "ipv6-name": "WANv6_LOCAL",
                                "name": "WAN_LOCAL"
                            },
                            "out": {
                                "ipv6-name": "WANv6_OUT",
                                "name": "WAN_OUT"
                            }
                        },
                        "pppoe": {
                            "2": {
                                "dhcpv6-pd": {
                                    "no-dns": "''",
                                    "pd": {
                                        "0": {
                                            "interface": {
                                                "eth1": {
                                                    "prefix-id": ":1",
                                                    "service": "slaac"
                                                }
                                            },
                                            "prefix-length": "/48"
                                        }
                                    },
                                    "rapid-commit": "disable"
                                },
                                "firewall": {
                                    "in": {
                                        "ipv6-name": "WANv6_IN",
                                        "name": "WAN_IN"
                                    },
                                    "local": {
                                        "ipv6-name": "WANv6_LOCAL",
                                        "name": "WAN_LOCAL"
                                    },
                                    "out": {
                                        "ipv6-name": "WANv6_OUT",
                                        "name": "WAN_OUT"
                                    }
                                },
                                "ipv6": {
                                    "address": {
                                        "autoconf": "''"
                                    },
                                    "dup-addr-detect-transmits": "1",
                                    "enable": "''"
                                },
                                "default-route": "auto",                                
                                "mtu": "1500",
                                "name-server": "auto",
                                "password": "kpn",
                                "user-id": "kpn"
                            }
                        }
                    }
                }
            },
            "eth1": {
                "description": "LAN",
                "ipv6": {
                    "address": {
                        "autoconf": "''"
                    },
                    "dup-addr-detect-transmits": "1",
                    "router-advert": {
                        "cur-hop-limit": "64",
                        "link-mtu": "0",
                        "managed-flag": "true",
                        "max-interval": "600",
                        "name-server": [
                            "2606:4700:4700::1111",
                            "2606:4700:4700::1001"
                        ],
                        "other-config-flag": "false",
                        "prefix": {
                            "::/64": {
                                "autonomous-flag": "true",
                                "on-link-flag": "true",
                                "valid-lifetime": "2592000"
                            }
                        },
                        "radvd-options": "RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {};",
                        "reachable-time": "0",
                        "retrans-timer": "0",
                        "send-advert": "true"
                    }
                }
            }
    }
    },
    "protocols": {
        "igmp-proxy": {
            "interface": {
                "eth0.4": {
                    "alt-subnet": [
                        "0.0.0.0/0"
                    ],
                    "role": "upstream",
                    "threshold": "1"
                },
                "eth1.661": {
                    "alt-subnet": [
                        "0.0.0.0/0"
                    ],
                    "role": "downstream",
                    "threshold": "1"
                },
                "eth2": {
                    "alt-subnet": [
                        "0.0.0.0/0"
                    ],
                    "role": "downstream",
                    "threshold": "1"
                },
                "eth1": {
                    "role": "disabled",
                    "threshold": "1"
                },
                "eth1.7": {
                    "role": "disabled",
                    "threshold": "1"
                }
            }
        },
        "static": {
            "interface-route6": {
                "::/0": {
                    "next-hop-interface": {
                        "pppoe2": "''"
                    }
                }
            }
        }
    },
    "port-forward": {
        "wan-interface": "pppoe2"
    },
    "service": {
        "dns": {
            "forwarding": {
                "except-interface": [
                    "pppoe2"
                ]
            }
        },
        "nat": {
            "rule": {
                "5000": {
                    "description": "MASQ all traffic to IPTV network",
                    "destination": {
                        "address": "0.0.0.0/0"
                    },
                    "log": "disable",
                    "outbound-interface": "eth0.4",
                    "protocol": "all",
                    "type": "masquerade"
                },
                "6001": {
                    "outbound-interface": "pppoe2"
                },
                "6002": {
                    "outbound-interface": "pppoe2"
                },
                "6003": {
                    "outbound-interface": "pppoe2"
                }
            }
        }
    }
}
MadDog2K commented 2 years ago

Hi @kraaijmakers After re-testing, it indeed seems to work just fine now. I probably had something else messed up before 😇 Thanks!

hapklaar commented 1 year ago

Sorry for the late reply, the issue is that some USG don't like the MTU in the json. You can set the MTU in the JSON and check if that solves it. You do not need to change the kpn.sh as it will check if the MTU exists.

so MTU for ETH0 is 1512 and for ETH0 VIF 6 is 1508, see this commit for details:

b402b39#diff-65c9fe36cffa3ad97c0f1bc1c5754aa7eb8bd76bd757aa4097775b2986c1c6a6 <-- do not download this file, please look to see where I added the MTU values and do this on your own json file (latest version).

This works for me as well. Never knew the outage during provisioning was related to this script! Is there a reason why these MTU settings are not in the current config.gateway.json version?

kevintuhumury commented 1 year ago

This has worked perfectly fine for me as well, but since the latest Unifi Network (version 7.2.92) having those two mtu keys in the config.gateway.json causes internet to completely drop.

I have an USG 3P version 4.4.56 btw.

Anyone already upgraded to that Network version and having the same issue?

fwieringen commented 5 months ago

Added the mtu lines to my config and this also worked for me. No more lost internet connections for like 3 minutes every time something reprovisions.