IPv6 routes to delegated prefixes get lost occasionally

[wisnerca]

I get a /60 from Comcast via prefix delegation (let's assume abcd:abcd:abcd:abcd::/60). I use a few of the /64 subnets on various LAN/OPT interfaces. I ALSO have abcd:abcd:abcd:abcd:f::/64 routed to a VPN server that runs on another box. I have a static route to my vpn server to take care of this.

This setup works for a few days, then the route disappears from the routing table in "netstat -r" and IPv6 no longer works on my vpn links. Enabling and disabling the static route in the gui brings it back.

My theory is that the dhcpv6 lease from Comcast is getting refreshed, and that clears out my routing table. There should probably be a hook somewhere that re-adds the ipv6 static routes but is missing.

[fichtner]

Just to be clear, it's a DHCPv6 WAN with automatic IPv6 tracking for LAN/OPT set? And the /60 prefix changes or remains static? The static route part refresh throws me off.

[wisnerca]

Just to be clear, it's a DHCPv6 WAN with automatic IPv6 tracking for LAN/OPT set? And the /60 prefix changes or remains static? The static route part refresh throws me off.

The wan is DHCPv6 requesting a /60 PD. The LAN/OPT use IPv6 tracking. Unfortunately it seems that neither static routes nor NPTv6 support tracking, so I just set it manually since my delegation only changes if the RRD data changes. Hopefully in the future there will be support for tracking in this and firewall rules, but this isn't the issue since my /60 didn't change when the route disappears.

The purpose of the static route is so that my wireguard server (connected to LAN) can hand out IPv6 addresses.

Here is the routing table when it is working properly: Internet6: Destination Gateway Flags Netif Expire default fe80::201:5cff:fe6 UG vmx1 localhost link#3 UH lo0 router link#2 UHS lo0 abcd:abcd:abcd:f371link#1 U vmx0 router link#1 UHS lo0 abcd:abcd:abcd:f372link#7 U vmx0_vla router link#7 UHS lo0 abcd:abcd:abcd:f373link#11 U vmx0_vla router link#11 UHS lo0 abcd:abcd:abcd:f37fabcd:abcd:abcd:f371 UGS vmx0 fe80::%vmx0/64 link#1 U vmx0 fe80::1:1%vmx0 link#1 UHS lo0 fe80::%vmx1/64 link#2 U vmx1 fe80::3a2c:4aff:fe link#2 UHS lo0 fe80::%lo0/64 link#3 U lo0 fe80::1%lo0 link#3 UHS lo0 fe80::%vmx0_vlan2/ link#7 U vmx0_vla fe80::1:1%vmx0_vla link#7 UHS lo0 fe80::%vmx0_vlan10 link#8 U vmx0_vla fe80::20c:29ff:fed link#8 UHS lo0 fe80::%vmx0_vlan4/ link#9 U vmx0_vla fe80::20c:29ff:fed link#9 UHS lo0 fe80::%vmx0_vlan5/ link#10 U vmx0_vla fe80::20c:29ff:fed link#10 UHS lo0 fe80::%vmx0_vlan32 link#11 U vmx0_vla fe80::1:1%vmx0_vla link#11 UHS lo0 fe80::%vmx0_vlan6/ link#12 U vmx0_vla fe80::20c:29ff:fed link#12 UHS lo0 fe80::%vmx0_vlan7/ link#13 U vmx0_vla fe80::20c:29ff:fed link#13 UHS lo0 root@router:~ #

Here's after the routes get lost: Internet6: Destination Gateway Flags Netif Expire default fe80::201:5cff:fe6 UG vmx1 localhost link#3 UH lo0 router link#2 UHS lo0 abcd:abcd:abcd:f371link#1 U vmx0 router link#1 UHS lo0 abcd:abcd:abcd:f372link#7 U vmx0_vla router link#7 UHS lo0 abcd:abcd:abcd:f373link#11 U vmx0_vla router link#11 UHS lo0 fe80::%vmx0/64 link#1 U vmx0 fe80::1:1%vmx0 link#1 UHS lo0 fe80::%vmx1/64 link#2 U vmx1 fe80::3a2c:4aff:fe link#2 UHS lo0 fe80::%lo0/64 link#3 U lo0 fe80::1%lo0 link#3 UHS lo0 fe80::%vmx0_vlan2/ link#7 U vmx0_vla fe80::1:1%vmx0_vla link#7 UHS lo0 fe80::%vmx0_vlan10 link#8 U vmx0_vla fe80::20c:29ff:fed link#8 UHS lo0 fe80::%vmx0_vlan4/ link#9 U vmx0_vla fe80::20c:29ff:fed link#9 UHS lo0 fe80::%vmx0_vlan5/ link#10 U vmx0_vla fe80::20c:29ff:fed link#10 UHS lo0 fe80::%vmx0_vlan32 link#11 U vmx0_vla fe80::1:1%vmx0_vla link#11 UHS lo0 fe80::%vmx0_vlan6/ link#12 U vmx0_vla fe80::20c:29ff:fed link#12 UHS lo0 fe80::%vmx0_vlan7/ link#13 U vmx0_vla fe80::20c:29ff:fed link#13 UHS lo0

[wisnerca]

If I add this to the end of /usr/local/opnsense/scripts/dhcp/prefixes.php, the issue seems to go away, but I'm not sure if this will have any side effects: mwexecf('/usr/local/etc/rc.routing_configure');

[fichtner]

Timeout.