OPNsense-bot
commented
4 months ago Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
Describe the bug
6 VPN tunnels between 3 sites for both IPv4 and IPv6 has been up working flawlessly for many weeks in 24.1.8.
Problems started when going to 24.1.9_4 this morning. No changes made to any IPsec or firewall setting, but the update seem to create a mismatch between address families in the firewall rule for ISAKMP (port 500) for IPv6, thus mixing IPv4 with IPv6 peers, see Relevant log files below.
To Reproduce
Occurs after boot or restart under "Status Overview". It is impossible to get the 3x IPv6 tunnels all open and they will close again if they succeed to open for a short while.
IPv4 tunnels are not affected.
Expected behavior
Tunnels open in both IPv4 and IPv6, sometimes with restart in IPv6 after boot, but once open they stays open like they did in 24.1.8.
Describe alternatives you considered
Not considered any other alternative yet.
Screenshots
NA
Relevant log files
There were error(s) loading the rules: /tmp/rules.debug:131: no routing address with matching address family found. - The line in question reads [131]: pass in log on igc0 reply-to ( igc0 2.242.xxx.x ) proto udp from {2a07:3aa1:x::xx} to {any} port {500} keep state label "00eff9b1ada77af37818877b66bca707" # IPsec: Site1_Site2_IPV6
Environment
Topton 16GB DDR4 256GB NVMe, N100 i226-V DDR5 OPNsense 24.1.9_4 (amd64). Intel® N100 (4 cores, 4 threads) Network Intel® i226-V