search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.34k stars 749 forks source link

IPv6 (only) WWAN not configurable/working #4481

Closed martinvogt-tinc closed 3 years ago

martinvogt-tinc commented 3 years ago

Hello,

i want to connect an OPNSense 20.7.5 via IPv6 only to the Deutsche Telekom(DTAG) LTE network. DTAG offers three different types of IPv6 connectivity via LTE in Germany.

  1. Normal Dualstack access via APN internet.telekom
  2. DNS64 and NAT64 via APN internet.v6.telekom
  3. Fixed IPv6 Prefix (IPv6 only) via APN festip.telekom Flyer Feste IPv6-Adresse

First Problem: I can't obtian an IPv6 address with OPNSense in all three cases. If i try it with my Lenovo linux notebook i can use IPv6 in all three cases. I can only use the IPv4 on LTE connections with OPNSense. Second Problem: OPNSense switches the WAN Interface back to an ethernet interface when i switch away IPv4 from PPP to disabled. So at the moment from my point of view there is no way to configure IPv6 only on WWAN.

On my linux laptop the packets for obtaining an address for case three looks like this:

23:00:18.188564 IP6 fe80::1 > ff02::2: ICMP6, router solicitation, length 8
23:00:18.243376 IP6 fe80::5 > fe80::1: ICMP6, router advertisement, length 48
23:00:18.244467 IP6 fe80::1.546 > ff02::1:2.547: dhcp6 inf-req
23:00:18.293240 IP6 fe80::5.547 > fe80::1.546: dhcp6 reply

The network config then looks like this:

3: wwan0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether b6:c4:f1:f4:08:73 brd ff:ff:ff:ff:ff:ff
    inet6 2a01:598:XXXX:af00:5721:e283:f272:8e50/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::1/120 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::8663:2804:4963:a42c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

On the OPNSense WAN interface i can only see the following packets:

tcpdump -i ppp0 -nn ip6
23:11:16.923662 IP6 fe80::20d:b9ff:fe3f:73b0.546 > ff02::1:2.547: dhcp6 solicit
23:11:48.910189 IP6 fe80::20d:b9ff:fe3f:73b0.546 > ff02::1:2.547: dhcp6 solicit
23:12:53.420699 IP6 fe80::20d:b9ff:fe3f:73b0.546 > ff02::1:2.547: dhcp6 solicit
23:14:52.385718 IP6 fe80::20d:b9ff:fe3f:73b0.546 > ff02::1:2.547: dhcp6 solicit
23:16:44.998668 IP6 fe80::20d:b9ff:fe3f:73b0.546 > ff02::1:2.547: dhcp6 solicit

The XML config of the WAN looks like this:

<wan>
<if>ppp0</if>
<descr>WAN</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>ppp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
<dhcp6usev4iface>1</dhcp6usev4iface>
<adv_dhcp6_interface_statement_send_options/>
<adv_dhcp6_interface_statement_request_options/>
<adv_dhcp6_interface_statement_information_only_enable/>
<adv_dhcp6_interface_statement_script/>
<adv_dhcp6_id_assoc_statement_address_enable/>
<adv_dhcp6_id_assoc_statement_address/>
<adv_dhcp6_id_assoc_statement_address_id/>
<adv_dhcp6_id_assoc_statement_address_pltime/>
<adv_dhcp6_id_assoc_statement_address_vltime/>
<adv_dhcp6_id_assoc_statement_prefix_enable/>
<adv_dhcp6_id_assoc_statement_prefix/>
<adv_dhcp6_id_assoc_statement_prefix_id/>
<adv_dhcp6_id_assoc_statement_prefix_pltime/>
<adv_dhcp6_id_assoc_statement_prefix_vltime/>
<adv_dhcp6_prefix_interface_statement_sla_len/>
<adv_dhcp6_authentication_statement_authname/>
<adv_dhcp6_authentication_statement_protocol/>
<adv_dhcp6_authentication_statement_algorithm/>
<adv_dhcp6_authentication_statement_rdm/>
<adv_dhcp6_key_info_statement_keyname/>
<adv_dhcp6_key_info_statement_realm/>
<adv_dhcp6_key_info_statement_keyid/>
<adv_dhcp6_key_info_statement_secret/>
<adv_dhcp6_key_info_statement_expire/>
<adv_dhcp6_config_advanced/>
<adv_dhcp6_config_file_override/>
<adv_dhcp6_config_file_override_path/>
</wan>

It doesn't change anything if i switch the dhcp6usev4iface parameter.

So i think, that OPNSense doesn't send the right requests to the LTE network.

My LTE Modem:

Manufacturer: Huawei Technologies Co., Ltd.
Model: ME909s-120
Revision: 11.617.15.00.00
+GCAP: +CGSM,+DS,+ES

My OPNSense Version:

OPNsense 20.7.5-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
OpenSSL 1.1.1h 22 Sep 2020

My Hardware:

# dmidecode 3.3
Scanning /dev/mem for entry point.
SMBIOS 2.8 present.
9 structures occupying 375 bytes.
Table at 0x7FE43020.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: coreboot
        Version: v4.11.0.6
        Release Date: 04/26/2020
        ROM Size: 2 MB
        Characteristics:
                PCI is supported
                PC Card (PCMCIA) is supported
                BIOS is upgradeable
                Selectable boot is supported
                ACPI is supported
                Targeted content distribution is supported
        BIOS Revision: 4.11
        Firmware Revision: 0.0

Handle 0x0001, DMI type 1, 27 bytes
System Information
        Manufacturer: PC Engines
        Product Name: apu1
        Version: 1.0
        Serial Number: -64
        UUID: Not Settable
        Wake-up Type: Reserved
        SKU Number: 4 GB
        Family: Not Specified

Handle 0x0002, DMI type 2, 14 bytes
Base Board Information
        Manufacturer: PC Engines
        Product Name: apu1
        Version: 1.0
        Serial Number: -64
        Asset Tag: Not Specified
        Features: None
        Location In Chassis: Not Specified
        Chassis Handle: 0x0003
        Type: Unknown

Handle 0x0003, DMI type 3, 22 bytes
Chassis Information
        Manufacturer: PC Engines
        Type: Desktop
        Lock: Not Present
        Version: Not Specified
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Boot-up State: Safe
        Power Supply State: Safe
        Thermal State: Safe
        Security Status: None
        OEM Information: 0x00000000
        Height: Unspecified
        Number Of Power Cords: Unspecified
        Contained Elements: 0
        SKU Number: Not Specified

Handle 0x0004, DMI type 4, 42 bytes
Processor Information
        Socket Designation: Not Specified
        Type: Central Processor
        Family: Pentium Pro
        Manufacturer: AuthenticAMD
        ID: 20 0F 50 00 FF FB 8B 17
        Signature: Type 0, Family 20, Model 2, Stepping 0
        Flags:
                FPU (Floating-point unit on-chip)
                VME (Virtual mode extension)
                DE (Debugging extension)
                PSE (Page size extension)
                TSC (Time stamp counter)
                MSR (Model specific registers)
                PAE (Physical address extension)
                MCE (Machine check exception)
                CX8 (CMPXCHG8 instruction supported)
                APIC (On-chip APIC hardware supported)
                SEP (Fast system call)
                MTRR (Memory type range registers)
                PGE (Page global enable)
                MCA (Machine check architecture)
                CMOV (Conditional move instruction supported)
                PAT (Page attribute table)
                PSE-36 (36-bit page size extension)
                CLFSH (CLFLUSH instruction supported)
                MMX (MMX technology supported)
                FXSR (FXSAVE and FXSTOR instructions supported)
                SSE (Streaming SIMD extensions)
                SSE2 (Streaming SIMD extensions 2)
                HTT (Multi-threading)
        Version: AMD G-T40E Processor
        Voltage: Unknown
        External Clock: Unknown
        Max Speed: Unknown
        Current Speed: Unknown
        Status: Unpopulated
        Upgrade: Unknown
        L1 Cache Handle: Not Provided
        L2 Cache Handle: Not Provided
        L3 Cache Handle: Not Provided
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Core Count: 2
        Core Enabled: 2
        Characteristics: None

Handle 0x0005, DMI type 32, 11 bytes
System Boot Information
        Status: No errors detected

Handle 0x0006, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: None
        Maximum Capacity: 4 GB
        Error Information Handle: Not Provided
        Number Of Devices: 1

Handle 0x0007, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0006
        Error Information Handle: Not Provided
        Total Width: 64 bits
        Data Width: 64 bits
        Size: 4 GB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: CHANNEL A
        Type: DDR3
        Type Detail: Synchronous
        Speed: 1333 MT/s
        Manufacturer: Not Specified
        Serial Number: 00000000
        Asset Tag: Not Specified
        Part Number: Not Specified
        Rank: 1
        Configured Memory Speed: 533 MT/s
        Minimum Voltage: 1.5 V
        Maximum Voltage: 1.5 V
        Configured Voltage: Unknown

Handle 0x0008, DMI type 127, 4 bytes
End Of Table
OPNsense-bot commented 3 years ago

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

hansenpansen commented 2 years ago

Dear @AdSchellevis, is there help wanted on this subject?

I am running into the same issue. I am trying to use OPNsense via a LTE in Germany with Telekom/Congstar provider.

AdSchellevis commented 2 years ago

@hansenpansen we do accept pull requests both on the documentation and core system, quite some of these issues are related to settings, which for our community support time doesn't have a high priority.