TrueNAS CORE jail does not start with link local + scope as the IPv6 default gateway
Description
Problem/Justification
Impact
duplicates
is duplicated by
Activity
Michelle Johnson December 15, 2021 at 3:00 PM
This issue is a duplicate of https://jira.ixsystems.com/browse/NAS-113434 and is closed to allow focus to remain on the original issue submittal.
Michelle Johnson December 15, 2021 at 2:53 PM(edited)
Thank you for your submission !
The original ticket https://jira.ixsystems.com/browse/NAS-113434 is still open, so there must have been some misunderstanding. I'm closing this ticket with a link to the original, and adding a link to this duplicate issue ticket to the original. This is being done to focus effort in the existing ticket.
Your issue is in our queue for review now. An engineering representative will update with further questions and details in the near future.
Louis December 14, 2021 at 7:22 PM
Hello,
I am trying to setup a 12U7 system. However the IPV6 communication between TrueNas and the firewall (pfSense running FreeBSd 12.3) ,does NOT WORK at all!
Minimal not for static addresses, not sure about DHCP and SLAAC jet, however also some tests in that direction failed!
The IPV6-commmunication always starts with the Neighbor Solicitation (135), and that communication essential for the start of IPV6, fails if the communication is initiated from the TrueNas side.
(Note it does work when initiated from the pfSence / router side)
The problem is that pfSence / the router simply can not answer the Neighbor Solicitation as send by TrueNas, because of wrong return addresses
Note that I observed this problem with both the TrueNas host as well as TrueNas Jails.
Where the TrueNas host is connected via a vlan this way "vlan-x =>" ix0 => TrueNas Host
And the Jails like this ix0 => vlan-y => bridge-y => vnet0 => jail
IMHO lack of proper IPV6 communication IPV6 very severe !!
In fact it is blocking for me!!
The problem is easy to reproduce, however if necessary I can provide wireshark traces.
Patrick M. Hausen December 14, 2021 at 6:34 PM
The linked issue was closed by engineering. In my opinion prematurely. You don't need a debug, because this is not specific to my installation.
To reproduce:
Fresh installation of CORE
Create jail
Use a static GUA for IPv6
Use GUA as default gateway
Start jail - working
Now:Replace GUA default gateway with link local plus scope
Start jail
Observe error
That's it. If you have any more questions I am more than willing to answer them - must have missed your request for a debug.
Hi folks,
when specifying the default gateway for a statically configured jail with IPv6 as link local address + scope - which is common (even considered best by some) practice, the jail fails to start.
See screenshot for configuration, please. The error message is this:
root@freenas[~]# iocage start rdp
Starting rdp
+ Started OK
+ Using devfs_ruleset: 1003 (iocage generated default)
+ Configuring VNET FAILED
route: writing to routing socket: Network is unreachable
add net default: gateway fe80::3eec:efff:fe00:5430%epair0b fib 0: Network is unreachable
My guess is that in the resulting jail the link local address is missing. That would require the auto_linklocal flag in addition to the address. The UI won't let me enter that.
Kind regards,
Patrick
P.S. This is a duplicate of - I'll add more information in the next comment.