Sorry for top post.
Are you doing any filtering of ICMP6 with PF?
I don't think so, it is the standard rule set:
# pfctl -s rules
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
I assume your router is also doing rad to hand out slaac to clients?
The router is doing router advertisements and slaacd handels it on the
OpenBSD side.
# rcctl stop slaacd
# slaacd -vd
IMSG_OPEN_ICMP6SOCK
open_icmp6sock: 0
iface_state_transition[vio0] IF_DOWN -> IF_INIT, timo: 4
send_solicitation(1)
send_solicitation(1)
ICMPv6 type(134), code(0) from fe80::2a0:57ff:fe3a:ac77%vio0 of length 112
configure_dfr: 1
dfr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
PROPOSAL_CONFIGURED, timo: 1788
gen_dfr_proposal: iface 1: fe80::2a0:57ff:fe3a:ac77%vio0
configure_address: 1
iface_state_transition[vio0] IF_INIT -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
PROPOSAL_CONFIGURED, timo: 604788
gen_address_proposal: iface 1: fd00:172:17:170:be24:11ff:fe10:5272
configure_address: 1
iface_state_transition[vio0] IF_BOUND -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
PROPOSAL_CONFIGURED, timo: 61448
gen_address_proposal: iface 1: fd00:172:17:170:5689:59a3:3153:d825
rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
PROPOSAL_CONFIGURED, timo: 1788
gen_rdns_proposal: iface 1: fe80::2a0:57ff:fe3a:ac77%vio0
failed to send route message: File exists
configure_interface: vio0
Setting MTU to 1500
configure_interface: vio0
RTM_NEWADDR: vio0[1]
RTM_CHGADDRATTR: fd00:172:17:170:5689:59a3:3153:d825 - autoconf temporary
Maybe I should let slaacd run in the foreground till IPv6 stops working
and see if that give out clues.
Jason.
Sent from my iPhone
On 23 Jun 2024, at 2:27 AM, Thomas Bohl <openbsd-misc-518...@aloof.de> wrote:
Hello,
I'm using ULAs for my local IPv6 networks. The hosts have internet access via
the router doing NPTv6.
After around 20 to 24 hours of uptime the OpenBSD hosts (three in total) are no
longer able to reach the IPv6 internet. A restart of the affected hosts usually
helps. In rare cases a double restart is required. Linux and Windows don't show
this problem.
Any ideas? What information should I provide in order to debug this further?
# uname -a
OpenBSD mail1 7.5 GENERIC#79 amd64
# cat /etc/hostname.vio0
# BEGIN ANSIBLE MANAGED BLOCK IPv6
inet6 -soii
inet6 autoconf
# END ANSIBLE MANAGED BLOCK IPv6
# BEGIN ANSIBLE MANAGED BLOCK IPv4
inet 172.17.17.2 255.255.255.252
!route add default 172.17.17.1
# END ANSIBLE MANAGED BLOCK IPv4
When things are working:
# uptime
5:11PM up 9 mins, 1 user, load averages: 0.00, 0.01, 0.00
# ifconfig vio0
vio0:
flags=648843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,INET6_NOSOII>
mtu 1500
lladdr bc:24:11:10:52:72
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::be24:11ff:fe10:5272%vio0 prefixlen 64 scopeid 0x1
inet 172.17.17.2 netmask 0xfffffffc broadcast 172.17.17.3
inet6 fd00:172:17:170:be24:11ff:fe10:5272 prefixlen 64 autoconf pltime
604644 vltime 2591844
inet6 fd00:172:17:170:1fa3:a3db:db4a:707d prefixlen 64 autoconf
temporary pltime 74422 vltime 172248
# ping6 -vn -c 3 google.com
PING google.com (fd00:172:17:170:1fa3:a3db:db4a:707d -->
2a00:1450:4005:801::200e): 56 data bytes
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=0 hlim=114 time=27.533 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=1 hlim=114 time=30.263 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=2 hlim=114 time=30.143 ms
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 27.533/29.313/30.263/1.260 ms
# traceroute6 -vn google.com
traceroute6 to google.com (2a00:1450:4005:801::200e), 64 hops max, 60 byte
packets
1 fd00:172:17:170:2a0:57ff:fe3a:ac77 68 bytes to
fd00:172:17:170:1fa3:a3db:db4a:707d 0.227 ms 0.159 ms 0.136 ms
2 2a02:810d:1:bf::3 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 13.606
ms 2a02:810d:1:bf::2 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 15.823 ms
2a02:810d:1:bf::3 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 14.467 ms
3 * * *
4 * * *
5 * * *
6 2001:4860:1:1::2a4 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 16.263
ms 12.806 ms 14.327 ms
7 * 2001:4860:0:1::839f 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
15.828 ms *
8 * * *
9 2001:4860::c:4003:4958 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
27.715 ms 29.765 ms 30.264 ms
10 2001:4860::c:4002:f990 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
31.119 ms 2001:4860::c:4002:f991 152 bytes to
fd00:172:17:170:1fa3:a3db:db4a:707d 29.906 ms 2001:4860::c:4002:f990 152 bytes
to fd00:172:17:170:1fa3:a3db:db4a:707d 36.316 ms
11 2001:4860::c:4001:ebf 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
29.679 ms 2001:4860::c:4002:7869 152 bytes to
fd00:172:17:170:1fa3:a3db:db4a:707d 33.901 ms 31.045 ms
12 2001:4860::9:4001:ecb 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
29.68 ms 2001:4860::9:4001:ec0 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
29.575 ms 2001:4860::9:4001:ecb 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
36.681 ms
13 2001:4860:0:1::6b65 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 29.283
ms * *
14 2001:4860:0:1::6b65 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 30.595
ms 2a00:1450:4005:801::200e 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
40.122 ms 2001:4860:0:1::6b65 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d
30.369 ms
# route -n show -inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu
Prio Iface
default fe80::2a0:57ff:fe3a:ac77%vio0 UGS 0 8 - 8
vio0
::/96 ::1 UGRS 0 0 32768 8
lo0
::1 ::1 UHhl 10 20 32768 1
lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0
32768 8 lo0
2002::/24 ::1 UGRS 0 0 32768
8 lo0
2002:7f00::/24 ::1 UGRS 0 0
32768 8 lo0
2002:e000::/20 ::1 UGRS 0 0
32768 8 lo0
2002:ff00::/24 ::1 UGRS 0 0
32768 8 lo0
fd00:172:17:170::/64 fd00:172:17:170:be24:11ff:fe10:5272 UCPn 0
1 - 4 vio0
fd00:172:17:170::/64 fd00:172:17:170:1fa3:a3db:db4a:707d UCPn 0
0 - 4 vio0
fd00:172:17:170:1fa3:a3db:db4a:707d bc:24:11:10:52:72
UHLl 0 193 - 1 vio0
fd00:172:17:170:be24:11ff:fe10:5272 bc:24:11:10:52:72
UHLl 0 0 - 1 vio0
fe80::/10 ::1 UGRS 0 1 32768
8 lo0
fec0::/10 ::1 UGRS 0 0 32768
8 lo0
fe80::%vio0/64 fe80::be24:11ff:fe10:5272%vio0 UCn 1 0 -
4 vio0
fe80::2a0:57ff:fe3a:ac77%vio0 00:a0:57:3a:ac:77 UHLch
1 91 - 3 vio0
fe80::be24:11ff:fe10:5272%vio0 bc:24:11:10:52:72 UHLl
0 8 - 1 vio0
fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768
1 lo0
ff01::/16 ::1 UGRS 0 1 32768
8 lo0
ff01::%vio0/32 fe80::be24:11ff:fe10:5272%vio0 Um 0 2 -
4 vio0
ff01::%lo0/32 fe80::1%lo0 Um 0 1
32768 4 lo0
ff02::/16 ::1 UGRS 0 1 32768
8 lo0
ff02::%vio0/32 fe80::be24:11ff:fe10:5272%vio0 Um 0 5 -
4 vio0
ff02::%lo0/32 fe80::1%lo0 Um 0 1
32768 4 lo0
######
And when things don't work:
# uptime
5:12PM up 1 day, 1:53, 1 user, load averages: 0.00, 0.00, 0.00
# ifconfig vio0
vio0:
flags=648843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,INET6_NOSOII>
mtu 1500
lladdr bc:24:11:10:52:72
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::be24:11ff:fe10:5272%vio0 prefixlen 64 scopeid 0x1
inet 172.17.17.2 netmask 0xfffffffc broadcast 172.17.17.3
inet6 fd00:172:17:170:be24:11ff:fe10:5272 prefixlen 64 autoconf pltime
604500 vltime 2591700
inet6 fd00:172:17:170:60b3:77d:dae4:601a prefixlen 64 deprecated
autoconf temporary pltime 0 vltime 80513
inet6 fd00:172:17:170:5e06:a3a:7788:d154 prefixlen 64 autoconf
temporary pltime 45077 vltime 160314
# ping6 -vn -c 10 google.com
PING google.com (fd00:172:17:170:5e06:a3a:7788:d154 -->
2a00:1450:4005:801::200e): 56 data bytes
32 bytes from fe80::2a0:57ff:fe3a:ac77%vio0: Neighbor Advertisement
32 bytes from fe80::2a0:57ff:fe3a:ac77%vio0: Neighbor Solicitation
--- google.com ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
# traceroute6 -vn google.com
traceroute6 to google.com (2a00:1450:4005:801::200e), 64 hops max, 60 byte
packets
1 fd00:172:17:170:2a0:57ff:fe3a:ac77 68 bytes to
fd00:172:17:170:5e06:a3a:7788:d154 0.25 ms 0.163 ms 0.145 ms
32 bytes from fe80::2a0:57ff:fe3a:ac77%vio0 to fe80::be24:11ff:fe10:5272: icmp
type 136 (OUT-OF-RANGE) code 0
0000: fe800000 00000000 02a057ff fe3aac77
0010: 020100a0 573aac77 2a001450 40050801
32 bytes from fe80::2a0:57ff:fe3a:ac77%vio0 to fe80::be24:11ff:fe10:5272: icmp
type 135 (OUT-OF-RANGE) code 0
0000: fe800000 00000000 be2411ff fe105272
0010: 010100a0 573aac77 2a001450 40050801
64 * * *
# route -n show -inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu
Prio Iface
default fe80::2a0:57ff:fe3a:ac77%vio0 UGS 0 123 - 8
vio0
::/96 ::1 UGRS 0 0 32768 8
lo0
::1 ::1 UHhl 10 20 32768 1
lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0
32768 8 lo0
2002::/24 ::1 UGRS 0 0 32768
8 lo0
2002:7f00::/24 ::1 UGRS 0 0
32768 8 lo0
2002:e000::/20 ::1 UGRS 0 0
32768 8 lo0
2002:ff00::/24 ::1 UGRS 0 0
32768 8 lo0
fd00:172:17:170::/64 fd00:172:17:170:be24:11ff:fe10:5272 UCPn 1
2 - 4 vio0
fd00:172:17:170::/64 fd00:172:17:170:60b3:77d:dae4:601a UCPn 0
0 - 4 vio0
fd00:172:17:170::/64 fd00:172:17:170:5e06:a3a:7788:d154 UCPn 0
0 - 4 vio0
fd00:172:17:170:4727:605a:938:42 link#1 UHLc
0 4 - 3 vio0
fd00:172:17:170:5e06:a3a:7788:d154 bc:24:11:10:52:72 UHLl
0 9 - 1 vio0
fd00:172:17:170:60b3:77d:dae4:601a bc:24:11:10:52:72 UHLl
0 113 - 1 vio0
fd00:172:17:170:be24:11ff:fe10:5272 bc:24:11:10:52:72
UHLl 0 0 - 1 vio0
fe80::/10 ::1 UGRS 0 1 32768
8 lo0
fec0::/10 ::1 UGRS 0 0 32768
8 lo0
fe80::%vio0/64 fe80::be24:11ff:fe10:5272%vio0 UCn 1 0 -
4 vio0
fe80::2a0:57ff:fe3a:ac77%vio0 00:a0:57:3a:ac:77 UHLch
1 5196 - 3 vio0
fe80::be24:11ff:fe10:5272%vio0 bc:24:11:10:52:72 UHLl
0 262 - 1 vio0
fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768
1 lo0
ff01::/16 ::1 UGRS 0 1 32768
8 lo0
ff01::%vio0/32 fe80::be24:11ff:fe10:5272%vio0 Um 0 3 -
4 vio0
ff01::%lo0/32 fe80::1%lo0 Um 0 1
32768 4 lo0
ff02::/16 ::1 UGRS 0 1 32768
8 lo0
ff02::%vio0/32 fe80::be24:11ff:fe10:5272%vio0 Um 0 7 -
4 vio0
ff02::%lo0/32 fe80::1%lo0 Um 0 1
32768 4 lo0
# ping6 -n -c 3 fe80::2a0:57ff:fe3a:ac77%vio0
PING fe80::2a0:57ff:fe3a:ac77%vio0 (fe80::2a0:57ff:fe3a:ac77%vio0): 56 data
bytes
64 bytes from fe80::2a0:57ff:fe3a:ac77%vio0: icmp_seq=0 hlim=64 time=0.395 ms
64 bytes from fe80::2a0:57ff:fe3a:ac77%vio0: icmp_seq=1 hlim=64 time=0.273 ms
64 bytes from fe80::2a0:57ff:fe3a:ac77%vio0: icmp_seq=2 hlim=64 time=0.286 ms
--- fe80::2a0:57ff:fe3a:ac77%vio0 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.273/0.318/0.395/0.055 ms
