Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 32 replies
  • Subscribers 8 subscribers
  • Views 49387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 broken

dms

I run a UTM and have had stable, native ipv6 across 3 internal vlans for quite some time. However, after some of the recent firmware updates, the UTM now refuses to connect the wan interface via ipv6. Nothing else has changed, my utm config has been stable for some time, but after any reconnection of the wan interface for any reason (manual reconnect, reboot, reboot after firmware update, ISP blip, etc) I lose all internet connectivity.

Looking at my interfaces, all Lan interfaces show ipv6 addresses correctly but the wan interface simply won't pick up its address....to the point where the interface is shown as DOWN and there is no connectivity whatsoever across ipv6 or ipv4.

A combination of black magic, wearing yellow underpants and chanting seems to bring it back....seriously it's some unknown combination of forcing the connection to reset, rebooting the UTM and disabling/enabling ipv6 will bring it back. But only until the connection resets and then boom, no internet again.

I've been forced to disable ipv6 permanently on my network because this is a massive issue. Other similar sounding posts talk about having to rebuild the wan interface but that's a massive job, isn't it?

Does anyone have any suggestions? Should I start from scratch, clean install UTM and then reload my current config or will that not help? Any help would be appreciated as it's a real pain as it currently stands.



This thread was automatically locked due to age.
Parents
  • 0

    also having IPv6 Problems now. After Prefix changes ipv6 is not working until I manually turn off/on IPv6. Didn't have that before I think...

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben

    I have  similar problem, not related to PPPoE.

     

    https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/97554/radvd-does-not-seem-to-be-working

     

    In the IPv6 Logs, it looks like there is an issue with RADVD. RADVD is what tells the world to ultimately send packets bound for your prefix to your /128 on what is usually the outside interface. 

     

    This is what the logs look like:

     

    ipv6_watchdog[15628]: Starting IPv6 address watchdog
    ipv6_watchdog[15628]: JSON "eth1", "up", { "gateway6": "::", "network6":"1"}
    ipv6_watchdog[15628]: JSON "eth1", "up", { "address6": "::", "netmask6": "0", "network6":"1" }
    ipv6_watchdog[15628]: Start of monitoring interface eth1(ifidx 3)
    ipv6_watchdog[15628]: RA flags changed for interface eth1(ifidx 3): NONE -> SENT,OTHER,MANAGED,READY
    ipv6_watchdog[15628]: Installing default route via fe80::201:5cff:fe7b:7446 for interface eth1(ifidx 3)
    ipv6_watchdog[15628]: RA flags changed for interface eth1(ifidx 3): SENT,OTHER,MANAGED,READY -> SENT,RCVD,OTHER,MANAGED,READY
    ipv6_watchdog[15628]: Interface eth1(ifidx 3) was of type NONE, changed type to NA
    ipv6_watchdog[15628]: JSON "eth1", "up", { "gateway6": "fe80::201:5cff:fe7b:7446", "network6":"1"}
    ipv6_watchdog[15628]: Started dhclient6 -N (pid 15938)
    radvd[16504]: version 1.9.2 started
    radvd[16507]: sendmsg: Operation not permitted
    radvd[16507]: attempting to reread config file
    radvd[16507]: resuming normal operation
    [the last two events repeat endlessly...]

     

    Sometimes "Operation not permitted" occurs when I restart IPv6, sometimes not. So it looks to m like RADVD is the culprit. Right now, I can use NAT for IPv6 to maintain IPv6 functionality, but I hope they fix this in the next update.

Reply
  • 0 in reply to Ben

    I have  similar problem, not related to PPPoE.

     

    https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/97554/radvd-does-not-seem-to-be-working

     

    In the IPv6 Logs, it looks like there is an issue with RADVD. RADVD is what tells the world to ultimately send packets bound for your prefix to your /128 on what is usually the outside interface. 

     

    This is what the logs look like:

     

    ipv6_watchdog[15628]: Starting IPv6 address watchdog
    ipv6_watchdog[15628]: JSON "eth1", "up", { "gateway6": "::", "network6":"1"}
    ipv6_watchdog[15628]: JSON "eth1", "up", { "address6": "::", "netmask6": "0", "network6":"1" }
    ipv6_watchdog[15628]: Start of monitoring interface eth1(ifidx 3)
    ipv6_watchdog[15628]: RA flags changed for interface eth1(ifidx 3): NONE -> SENT,OTHER,MANAGED,READY
    ipv6_watchdog[15628]: Installing default route via fe80::201:5cff:fe7b:7446 for interface eth1(ifidx 3)
    ipv6_watchdog[15628]: RA flags changed for interface eth1(ifidx 3): SENT,OTHER,MANAGED,READY -> SENT,RCVD,OTHER,MANAGED,READY
    ipv6_watchdog[15628]: Interface eth1(ifidx 3) was of type NONE, changed type to NA
    ipv6_watchdog[15628]: JSON "eth1", "up", { "gateway6": "fe80::201:5cff:fe7b:7446", "network6":"1"}
    ipv6_watchdog[15628]: Started dhclient6 -N (pid 15938)
    radvd[16504]: version 1.9.2 started
    radvd[16507]: sendmsg: Operation not permitted
    radvd[16507]: attempting to reread config file
    radvd[16507]: resuming normal operation
    [the last two events repeat endlessly...]

     

    Sometimes "Operation not permitted" occurs when I restart IPv6, sometimes not. So it looks to m like RADVD is the culprit. Right now, I can use NAT for IPv6 to maintain IPv6 functionality, but I hope they fix this in the next update.

Children
No Data
Unfiltered HTML