Unable to remove IPv6 route

opnsense / core

OPNsense GUI, API and systems backend

https://opnsense.org/

BSD 2-Clause "Simplified" License

3.26k stars 725 forks source link

Unable to remove IPv6 route #4721

Closed maurice-w closed 3 years ago

maurice-w commented 3 years ago

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I am convinced that mine is new.

Describe the bug

IPv6 routes don't get removed when using the 'remove route' feature in the web GUI.

To Reproduce

Steps to reproduce the behavior:

Go to 'System: Routes: Status'
Click on the bin icon next to one of the IPv6 routes
Click 'Yes' in the confirmation dialogue
See error: route doesn't get removed

Expected behavior

Route gets removed.

Describe alternatives you considered

Remove the route manually via shell command.

Environment

OPNsense 21.7.a_6 (amd64, OpenSSL). Hyper-V Server 2019

AdSchellevis commented 3 years ago

@maurice-w https://github.com/opnsense/core/commit/aa167350b27557bab1a816bdc0a80febeb712a0c should fix it, it seems I forgot to test with ipv6

maurice-w commented 3 years ago

Thanks, that fixed it!

But I noticed another limitation: You can't remove routes which are directly assigned to an interface (no gateway).

I noticed this when doing some tests with the Tayga plugin, which creates routes like this: route -6 add 2001:db8::/96 -interface nat64 route -4 add 192.0.2.0/24 -interface nat64

These routes show up in 'System: Routes: Status', but neither of them can be removed using the GUI.

They can be removed via shell like this: route -6 delete 2001:db8::/96 route -4 delete 192.0.2.0/24

This is kind of an edge case, I leave it up to you whether it's considered unsupported or fix-worthy.

AdSchellevis commented 3 years ago

@maurice-w https://github.com/opnsense/core/commit/219e63fe651b785d3e0f49f94af8b39c6db9948c should remove the limitation.

maurice-w commented 3 years ago

Thanks for the effort @AdSchellevis, but tunnel interfaces don't have a MAC address. The netstat -rWn output for such routes looks like this:

Destination              Gateway             Flags       Use    Mtu    Netif Expire
2001:db8:1:2::a          wg0                 UHS           8   1420      wg0
2001:db8:64::/96         nat64               US            0   1500    nat64

AdSchellevis commented 3 years ago

@maurice-w I should reverse it indeed, check for a valid ip address and omit if it's not. will do so in the next commit

maurice-w commented 3 years ago

Did a quick test and it works. Thanks a lot!