Page MenuHomeVyOS Platform
Create Task
Maniphest T4319

The command "set system ipv6 disable" doesn't work as expected.
Closed, ResolvedPublicBUG
Actions

Description

If you want to disable ipv6 by using a global command "set system ipv6 disable" it doesn't work well.

For example, after executing the command "set system ipv6 disable" you can't change MTU on bridge interfaces less than 1280 because the error appears:

vyos@hh-vpn# set system ipv6 disable
[edit]
vyos@hh-vpn# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.
[edit]
vyos@hh-vpn# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@hh-vpn# exit
exit
vyos@hh-vpn:~$ reboot
Are you sure you want to reboot this system? [y/N] y

vyos@hh-vpn# set interfaces bridge br1 mtu 1000
[edit]
vyos@hh-vpn# commit
[ interfaces bridge br1 ]
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your 
business policy requires it)
- and include all the information presented below
Report time:      2022-03-23 06:37:59
Image version:    VyOS 1.3.1
Release train:    equuleus
Built by:         Sentrium S.L.
Built on:         Sat 19 Mar 2022 17:46 UTC
Build UUID:       ***
Build commit ID:  ***
Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest
Hardware vendor:  ***
Hardware model:   ***
Hardware S/N:     ***
Hardware UUID:    ***
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 171, in <module>
  apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 162, in apply
  br.update(bridge)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py", line 374, in update
  super().update(config)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1394, in update
  self.add_ipv6_eui64_address('fe80::/64')
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 687, in add_ipv6_eui64_address
  self.add_addr(f'{eui64}/{prefixlen}')
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 998, in add_addr
  self._cmd(f'ip addr add "{addr}" '
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
  return cmd(command, self.debug)
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
  raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip addr add 
"fe80::526b:8dff:feb0:6381/64" dev "br1"
returned: 
exit code: 2
noteworthy:
cmd 'ip addr add "fe80::526b:8dff:feb0:6381/64" dev "br1"'
returned (out):
returned (err):
RTNETLINK answers: Invalid argument
[[interfaces bridge br1]] failed
Commit failed
[edit]

To solve this issue you need also to use this command on each bridge interface "set interfaces bridge brX ipv6 address no-default-link-local".

It's unusual behavior the command "set system ipv6 disable".

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.3.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.2
1.3.2

Event Timeline

m.korobeinikov created this task.Mar 24 2022, 9:33 PM
m.korobeinikov updated the task description. (Show Details)Mar 24 2022, 9:37 PM
pasik added a subscriber: pasik.Mar 25 2022, 12:57 PM
c-po changed the task status from Open to In progress.Mar 25 2022, 5:41 PM
c-po claimed this task.
c-po triaged this task as Normal priority.
c-po edited projects, added VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
c-po changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).
c-po added a comment.Mar 25 2022, 6:05 PM

The root cause is that we no longer load IPv6 as a kernel module - It's now compiled in. This means that we need to disable IPv6 in a different way and not pass some options when loading the module.

c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Mar 25 2022, 6:10 PM
c-po closed this task as Resolved.Mar 25 2022, 7:47 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
n.fort added a subscriber: n.fort.Mar 30 2022, 1:08 PM

Issue found.
On freh 1.3.1-S1 intallation:

vyos@vyos:~$ conf
[edit]
vyos@vyos# del interfaces loopback
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set system ipv6 dis
disable             disable-forwarding
[edit]
vyos@vyos# set system ipv6 disable
[edit]
vyos@vyos# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.
[edit]
vyos@vyos# set int loopback lo
[edit]
vyos@vyos# commit
[ interfaces loopback lo ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2022-03-30 13:04:02
Image version:    VyOS 1.3.1-S1
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 28 Mar 2022 17:02 UTC
Build UUID:       b89ffc4c-3c7e-4d89-91de-bd89e584c532
Build commit ID:  bfd58ad202462f

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest   

Hardware vendor:  Bochs
Hardware model:   Bochs
Hardware S/N:
Hardware UUID:    98215cde-00ae-4c77-bbe0-a02646df61f7

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-loopback.py", line 61, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-loopback.py", line 52, in apply
    l.update(loopback)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/loopback.py", line 70, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1300, in update
    self.add_addr(addr)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 999, in add_addr
    self._cmd(f'ip addr add "{addr}" '
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip addr add "::1/128" dev "lo"
returned:
exit code: 2

noteworthy:
cmd 'ip addr add "::1/128" dev "lo"'
returned (out):

returned (err):
RTNETLINK answers: Permission denied

[[interfaces loopback lo]] failed
Commit failed
[edit]

Other way to reproduce:

  • Delete lo interface
  • commit
  • Load configuration file which has "set interface loopback lo" and "set system ipv6 disable"
vyos@vyos# load /config/config-lo_present-ipv6_disable.boot
Loading configuration from '/config/config-lo_present-ipv6_disable.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@vyos# compare
[edit interfaces]
+loopback lo {
+}
[edit system]
+ipv6 {
+    disable
+}
[edit]
vyos@vyos# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.  
[ interfaces loopback lo ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):

...
# Same eror message
n.fort reopened this task as Open.Mar 30 2022, 1:09 PM
c-po closed this task as Resolved.Apr 7 2022, 3:21 PM
dmbaturin mentioned this in 1.3.2.Sep 5 2022, 3:14 PM
dmbaturin mentioned this in 1.3.2.Sep 15 2022, 10:42 AM