Thread Info
  • State Not Answered
  • Replies 16 replies
  • Subscribers 5 subscribers
  • Views 2985 views
  • Users 0 members are here
Options
Suggested

WAN link manger fails to test after link restore

rfcat_vk

Hi folks,

I have been experimenting with putting a UTM in front of the XG for when I change ISPs, they use a connection method not currently supported by XG. When I have finished my experiment for the night, I restore the connection to the XG and both links show down. Edit the WAN interface gets the IP4 connection working, but not the IPv6 even though the IPv6 has an address.

editing the WAN link  manager does not help, so a restart is required which on an XG115W is painfully slow.

This is not the case in previous versions of XG.

Ian

Parents
  • 0

    Hello rfcat_vk,

    Is WAN link restored after you restarted XG115w? Or is it still in same state where IPv6 is not working?

    Can you please elaborate what kind of connection method you are referring which requires UTM to be deployed in front of ISP? And how did you restored XG link?

    If IPv6 is not working right now and appliance is in same state, please PM access id of the appliance.

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • 0 in reply to sanket.shah

    Hi Sanket,

    The reason for the UTM is because the XG in its current form does not support IPv6 PD for address assignment. My proposed ISP/RSP uses PD to assign IPv6 addresses.

    I power on the UTM and let is stabilise before before disconnecting the XG from the NBN modem and connecting the UTM.

    When I finish my testing on the UTM I restore the XG connection to the NBN modem. Neither IP4 or IPv6 restore on the XG.

    The WAN interface is edited which is previous version of XG usually resulted in all addresses working correctly. After the edited interface is saved the IP4 address (WAN link manager) shows as active, the IPv6 does not, after a short while the IPv6 address is displayed on the WAN interface, but the WAN link manager still sows IPv6 as failed.

    The only way to fix this is to restart the XG115W and hope the WAN interface does not die completely as a couple of nights previously. The restart time is very long and eventually the WAN link manger  indicates both IP4 and IPv6 are working.

    I hope this provides the details you are seeking?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to sanket.shah

    Thank you.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to sanket.shah

    Hi Sanket,

    I ran the test this afternoon. Before I restored the connection to the XG I started the tcpdump capture and both links showed as down in wan link manager.

    The disappointing thing about this exercise is that the UTM only picks up a /128 IPv6 address whereas the XG picks up a /64 from  the same /56 range.

    I had to restart the XG to regain internet access.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Sanket,

    I have found part of the problem with the testing is the keyboard sends strange characters to the XG console etc when using bluetooth, using the USB connection and the entered command work.

    Next the host should be 2001:4860:4860::64.

    Next the edit of the interface causes the ping6 to be sent, but not a DHCP request so the connection is not re-established.

    there is more of this dump if you want to review it.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks Ian for capturing TCPDUMP. Is it possible to share it over PM or here?

    "Next the edit of the interface causes the ping6 to be sent, but not a DHCP request so the connection is not re-established" - Following TCPDUMP capture won't help you confirm whether DHCP request was sent or not.

    Can you please try with following?

    tcpdump -n host 2001:4860:4860::64 or port 546 or port 547 -vv

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • 0 in reply to sanket.shah

    Tomorrow's challenge, makes good activity, weather forecast is rain, rain, rain.

    I will copy today'y result before starting testing tomorrow and sent it to you in PM. Should not having any parameters for port allowed the capture of all traffic?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    TCPDUMP which you have taken earlier will only capture traffic destined to host 2001:4860:4860::64. DHCP6 traffic won't have this as source or destination so it won't be capture.

    On a second thought, I suggest to save pcap on appliance itself so that it can be reviewed later. Please use following command (verified on your appliance) which will save pcap file in /var/sanket-logs folder.

    XG115w_XN03_SFOS 19.5.0 EAP1-Build144# tcpdump -n host 2001:4860:4860::64 or port 546 or port 547 -vv -b -w /var/sanket-logs/icmp6_dhcp6.pcap

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • 0 in reply to sanket.shah

    Okay, will do.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to sanket.shah

    Hi Sanket,

    thinking about the command line, it will not produce the results you are after because the IPv6 address is a google one and not a telstra network server.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I sent you a PM.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello Ian,

    After doing investigation from the logs and pcaps gathered on your setup, it sounds like defect.

    There might be some race condition happening between DHCP IPv6 address assignment and gateway.

    Issue is being tracked against NC-108057 internally and we will try to fix it as soon as possible.

    Meanwhile only workaround in such scenario is - reboot the appliance :-(

    Thanks a lot for all your support and cooperation. And sorry for the inconvenience caused.

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Reply
  • 0 in reply to rfcat_vk

    Hello Ian,

    After doing investigation from the logs and pcaps gathered on your setup, it sounds like defect.

    There might be some race condition happening between DHCP IPv6 address assignment and gateway.

    Issue is being tracked against NC-108057 internally and we will try to fix it as soon as possible.

    Meanwhile only workaround in such scenario is - reboot the appliance :-(

    Thanks a lot for all your support and cooperation. And sorry for the inconvenience caused.

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Children
No Data
Unfiltered HTML