OSPFv3 doesn't come up
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	drixter
	Sep 1 2025, 4:47 PM

Description

After migration from 1.3.8 to 1.4.3 the OSPFv3 configuration looks ok, but daemon is not able to send Hello messages.

Config:
GRE tunnel betwen IPv4 hosts which covers IPv6 inside, and OSPFv3 is expected run there, similar config on 1.3.8 works OK.

set interfaces tunnel tun2 address '[cenzor]'
set interfaces tunnel tun2 description '[cenzor]'
set interfaces tunnel tun2 enable-multicast
set interfaces tunnel tun2 encapsulation 'gre'
set interfaces tunnel tun2 mtu '1468'
set interfaces tunnel tun2 remote '[cenzor]'
set interfaces tunnel tun2 source-address '[cenzor]'
set policy route change-mss interface 'tun2'
set protocols ospfv3 interface tun2 area '0.0.0.0'
set protocols ospfv3 interface tun2 cost '10'
set protocols ospfv3 interface tun2 dead-interval '40'
set protocols ospfv3 interface tun2 hello-interval '10'
set protocols ospfv3 interface tun2 instance-id '0'
set protocols ospfv3 interface tun2 network 'point-to-point'
set protocols ospfv3 interface tun2 priority '1'
set protocols ospfv3 interface tun2 retransmit-interval '5'
set protocols ospfv3 interface tun2 transmit-delay '1'
set service lldp interface tun2

tun2: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1468

inet6 [cenzor]  prefixlen 64  scopeid 0x0<global>
inet6 fe80::f405:63ff:fef9:9799  prefixlen 64  scopeid 0x20<link>
unspec 50-34-05-83-00-00-40-CD-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
RX packets 146  bytes 11152 (10.8 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 10  bytes 816 (816.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Sep 01 16:43:29 ospf6d[1266]: [QDEV2-4Y01P] sendmsg failed: source: fe80::f405:63ff:fef9:9799 Dest: ff02::5 ifindex: 9: Network is unreachable (101)
Sep 01 16:43:29 ospf6d[1266]: [YRWJS-7QHSG][EC 100663307] Could not send entire message

The source LinkLocal is correct, it's exactly the same exposed by ifconfig, if addtional information are needed, let me know.

Thanks,

Details

Version: 1.4.3
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Event Timeline

drixter created this task.Sep 1 2025, 4:47 PM

drixter renamed this task from OPFv3 doesn't come up to OSPFv3 doesn't come up.

drixter updated the task description. (Show Details)

pasik subscribed.Sep 1 2025, 4:53 PM

Manually adding route:
ip -6 r a ff00::/8 dev tun2

Make OSPFv3 functional, but for one tunnel, I've more than one so this workaround don't apply in all cases.

Looking deeper.

Both tunnel have multicast enabled:

tun2: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1468
tun3: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1468

Finally VyOS-style static route help:

set protocols static route6 ff00::/8 interface tun2
set protocols static route6 ff00::/8 interface tun3

But I'm not sure that is proper way to make it working. OSPFv3 on both tunnel now is up.

ip -6 r s ff00::/8
ff00::/8 nhid 19 proto static metric 20 pref medium

nexthop dev tun3 weight 1
nexthop dev tun2 weight 1

Viacheslav triaged this task as High priority.Sep 1 2025, 11:08 PM

Viacheslav edited projects, added VyOS 1.4 Sagitta (1.4.4); removed VyOS 1.4 Sagitta.

hedrok subscribed.Oct 6 2025, 6:55 PM

Hello!

Couldn't reproduce the issue on 1.4 (Sagitta) or Rolling with simple topolgy R-01.eth1 -- R-02.eth1:

R-01:

set interfaces ethernet eth1 address 198.51.100.2/24
set interfaces tunnel tun2 address '3fff::1/20'
set interfaces tunnel tun2 description 'R-01 tun2'
set interfaces tunnel tun2 enable-multicast
set interfaces tunnel tun2 encapsulation 'gre'
set interfaces tunnel tun2 mtu '1468'
set interfaces tunnel tun2 remote '198.51.100.3'
set interfaces tunnel tun2 source-address '198.51.100.2'
set policy route change-mss interface tun2

set protocols ospfv3 interface tun2 area '0.0.0.0'
set protocols ospfv3 interface tun2 cost '10'
set protocols ospfv3 interface tun2 dead-interval '40'
set protocols ospfv3 interface tun2 hello-interval '10'
set protocols ospfv3 interface tun2 instance-id '0'
set protocols ospfv3 interface tun2 network 'point-to-point'
set protocols ospfv3 interface tun2 priority '1'
set protocols ospfv3 interface tun2 retransmit-interval '5'
set protocols ospfv3 interface tun2 transmit-delay '1'

R-02:

set interfaces ethernet eth1 address 198.51.100.3/24
set interfaces tunnel tun3 address '3fff::2/20'
set interfaces tunnel tun3 description 'R-02 tun2'
set interfaces tunnel tun3 enable-multicast
set interfaces tunnel tun3 encapsulation 'gre'
set interfaces tunnel tun3 mtu '1468'
set interfaces tunnel tun3 remote '198.51.100.2'
set interfaces tunnel tun3 source-address '198.51.100.3'
set policy route change-mss interface tun3

set protocols ospfv3 interface tun3 area '0.0.0.0'
set protocols ospfv3 interface tun3 cost '10'
set protocols ospfv3 interface tun3 dead-interval '40'
set protocols ospfv3 interface tun3 hello-interval '10'
set protocols ospfv3 interface tun3 instance-id '0'
set protocols ospfv3 interface tun3 network 'point-to-point'
set protocols ospfv3 interface tun3 priority '1'
set protocols ospfv3 interface tun3 retransmit-interval '5'
set protocols ospfv3 interface tun3 transmit-delay '1'

If you could reproduce the issue on clean setup and provide full configuration commands that would be extremely helpful.

Also output of the the following commands (before manually added ff00::/8 routes) could be helpful:

route -6
ip link
ip route get ff02::5

Thank you!

route -6:

Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref  Use If
2001:67c:21ec:4010::/64        ::                         U    256 1      0 tun2
2001:67c:21ec:41d0::/64        ::                         U    256 2      0 tun3
2001:67c:21ec:9999::9/128      ::                         !n   256 3      0 lo
2a0f:5707:ba01:1000::/64       ::                         U    256 2      0 eth1
fe80::/64                      ::                         !n   256 1      0 lo
fe80::/64                      ::                         U    256 1      0 eth0
fe80::/64                      ::                         U    256 2      0 eth1
fe80::/64                      ::                         U    256 1      0 tun3
fe80::/64                      ::                         U    256 1      0 tun2
::/0                           ::                         !n   -1  1      0 lo
::1/128                        ::                         Un   0   4      0 lo
2001:67c:21ec:4010::/128       ::                         Un   0   3      0 tun2
2001:67c:21ec:4010::1/128      ::                         Un   0   4      0 tun2
2001:67c:21ec:41d0::/128       ::                         Un   0   3      0 tun3
2001:67c:21ec:41d0::2/128      ::                         Un   0   5      0 tun3
2001:67c:21ec:9999::9/128      ::                         Un   0   4      0 lo
2a0f:5707:ba01:1000::/128      ::                         Un   0   3      0 eth1
2a0f:5707:ba01:1000::1/128     ::                         Un   0   4      0 eth1
fe80::/128                     ::                         Un   0   3      0 lo
fe80::/128                     ::                         Un   0   3      0 eth0
fe80::/128                     ::                         Un   0   3      0 tun3
fe80::/128                     ::                         Un   0   3      0 tun2
fe80::/128                     ::                         Un   0   3      0 eth1
fe80::200:ff:fe00:0/128        ::                         Un   0   6      0 lo
fe80::20c:29ff:fe25:cfc1/128   ::                         Un   0   3      0 eth0
fe80::20c:29ff:fe25:cfcb/128   ::                         Un   0   3      0 eth1
fe80::f405:63ff:fef9:9799/128  ::                         Un   0   2      0 tun2
fe80::f88f:fcff:feb2:2d3d/128  ::                         Un   0   3      0 tun3
ff00::/8                       ::                         U    256 1      0 eth0
ff00::/8                       ::                         U    256 3      0 eth1
::/0                           ::                         !n   -1  1      0 lo

ip link:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:25:cf:c1 brd ff:ff:ff:ff:ff:ff
    alias Orange
    altname enp2s1
    altname ens33
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:25:cf:cb brd ff:ff:ff:ff:ff:ff
    alias LAN
    altname enp2s2
    altname ens34
4: pim6reg@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/pimreg
5: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
6: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
7: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: tun3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre X.X.X.X peer Y.Y.Y.Y
    alias Core: r0-poz
9: tun2@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre X.X.X.X peer Z.Z.Z.Z
    alias Core: r0-wro

ip route get ff02::5:

multicast ff02::5 from :: dev eth0 table local proto kernel src fe80::20c:29ff:fe25:cfc1 metric 256 pref medium

Thanks for quick reply.

Unfortunately everything as expected except for you don't have ff00::/8 on tun2 somewhy...
Whatever I do, I still have it on tun2, all status of interface and options are the same.

Could you please also give output of the following:

ip -6 maddr show dev tun2
show version
apt list vyos-1x

With that I'll try to reproduce the issue on exact same version that you have.

Maybe there are some additional configuration commands that influence tun2 and weren't listed in the first message?..

show configuration commands | grep tun2

ip -6 maddr show dev tun2

9:      tun2
        inet6 ff02::5
        inet6 ff02::1
        inet6 ff01::1

ip -6 maddr show dev tun3

8:      tun3
        inet6 ff02::5
        inet6 ff02::1
        inet6 ff01::1

show version

Version:          VyOS 1.4.3
Release train:    sagitta
Release flavor:   generic

Built by:         autobuild@vyos.net
Built on:         Mon 07 Jul 2025 14:34 UTC
Build UUID:       b0ae922b-2396-42b7-bb82-a1ebf406306d
Build commit ID:  f327543504e3da-dirty

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-56 4d dc ab 77 76 b0 51-55 8b a1 06 f0 25 cf c1
Hardware UUID:    abdc4d56-7677-51b0-558b-a106f025cfc1

Copyright:        VyOS maintainers and contributors

apt list vyos-1x

Listing... Done
vyos-1x/now 1.4.2-196-g2a2df0c2f amd64 [installed,local]

show configuration commands | grep tun2

set firewall ipv6 forward filter rule 5 inbound-interface name 'tun2'
set firewall ipv6 forward filter rule 15 outbound-interface name 'tun2'
set interfaces tunnel tun2 address '2001:67c:21ec:4010::1/64'
set interfaces tunnel tun2 description 'Core: r0-wro'
set interfaces tunnel tun2 enable-multicast
set interfaces tunnel tun2 encapsulation 'gre'
set interfaces tunnel tun2 mtu '1468'
set interfaces tunnel tun2 remote 'Y.Y.Y.Y'
set interfaces tunnel tun2 source-address 'X.X.X.X'
set policy route change-mss interface 'tun2'
set protocols ospfv3 interface tun2 area '0.0.0.0'
set protocols ospfv3 interface tun2 cost '10'
set protocols ospfv3 interface tun2 dead-interval '40'
set protocols ospfv3 interface tun2 hello-interval '10'
set protocols ospfv3 interface tun2 instance-id '0'
set protocols ospfv3 interface tun2 mtu-ignore
set protocols ospfv3 interface tun2 network 'point-to-point'
set protocols ospfv3 interface tun2 priority '1'
set protocols ospfv3 interface tun2 retransmit-interval '5'
set protocols ospfv3 interface tun2 transmit-delay '1'
set service lldp interface tun2

show configuration commands | grep tun3

set firewall ipv6 forward filter rule 10 inbound-interface name 'tun3'
set firewall ipv6 forward filter rule 20 outbound-interface name 'tun3'
set interfaces tunnel tun3 address '2001:67c:21ec:41d0::2/64'
set interfaces tunnel tun3 description 'Core: r0-poz'
set interfaces tunnel tun3 enable-multicast
set interfaces tunnel tun3 encapsulation 'gre'
set interfaces tunnel tun3 ipv6 dup-addr-detect-transmits '1'
set interfaces tunnel tun3 mtu '1468'
set interfaces tunnel tun3 remote 'Z.Z.Z.Z'
set interfaces tunnel tun3 source-address 'X.X.X.X'
set policy route change-mss interface 'tun3'
set protocols ospfv3 interface tun3 area '0.0.0.0'
set protocols ospfv3 interface tun3 cost '5'
set protocols ospfv3 interface tun3 dead-interval '40'
set protocols ospfv3 interface tun3 hello-interval '10'
set protocols ospfv3 interface tun3 instance-id '0'
set protocols ospfv3 interface tun3 mtu-ignore
set protocols ospfv3 interface tun3 network 'point-to-point'
set protocols ospfv3 interface tun3 priority '1'
set protocols ospfv3 interface tun3 retransmit-interval '5'
set protocols ospfv3 interface tun3 transmit-delay '1'

set firewall ipv6 forward filter default-action 'accept'
set firewall ipv6 forward filter rule 5 action 'jump'
set firewall ipv6 forward filter rule 5 inbound-interface name 'tun2'
set firewall ipv6 forward filter rule 5 jump-target 'WAN_IN'
set firewall ipv6 forward filter rule 10 action 'jump'
set firewall ipv6 forward filter rule 10 inbound-interface name 'tun3'
set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN'
set firewall ipv6 forward filter rule 15 action 'jump'
set firewall ipv6 forward filter rule 15 jump-target 'WAN_OUT'
set firewall ipv6 forward filter rule 15 outbound-interface name 'tun2'
set firewall ipv6 forward filter rule 20 action 'jump'
set firewall ipv6 forward filter rule 20 jump-target 'WAN_OUT'
set firewall ipv6 forward filter rule 20 outbound-interface name 'tun3'

Thanks for firewall details, could you please add

show configuration commands | grep 'set firewall ipv6 name'

for completeness.

show configuration commands | grep 'set firewall ipv6 name'

set firewall ipv6 name WAN_IN default-action 'reject'
set firewall ipv6 name WAN_IN default-log
set firewall ipv6 name WAN_IN rule 10 action 'return'
set firewall ipv6 name WAN_IN rule 10 state 'established'
set firewall ipv6 name WAN_IN rule 10 state 'related'
set firewall ipv6 name WAN_IN rule 20 action 'return'
set firewall ipv6 name WAN_IN rule 20 protocol 'ipv6-icmp'
set firewall ipv6 name WAN_IN rule 30 action 'return'
set firewall ipv6 name WAN_IN rule 30 source group network-group 'e-utp.net-IPv6'
set firewall ipv6 name WAN_IN rule 40 action 'return'
set firewall ipv6 name WAN_IN rule 40 destination port '33434-33625'
set firewall ipv6 name WAN_IN rule 40 protocol 'tcp_udp'
set firewall ipv6 name WAN_OUT default-action 'return'
set firewall ipv6 name WAN_OUT rule 9 action 'return'
set firewall ipv6 name WAN_OUT rule 9 destination address '2001:67c:21ec:6000:e082:9dff:fe94:5a78/128'
set firewall ipv6 name WAN_OUT rule 9 destination port '25'
set firewall ipv6 name WAN_OUT rule 9 log
set firewall ipv6 name WAN_OUT rule 9 protocol 'tcp_udp'
set firewall ipv6 name WAN_OUT rule 10 action 'reject'
set firewall ipv6 name WAN_OUT rule 10 destination port '25'
set firewall ipv6 name WAN_OUT rule 10 log
set firewall ipv6 name WAN_OUT rule 10 protocol 'tcp_udp'

show configuration commands | grep 'e-utp.net-IPv6'

set firewall group ipv6-network-group e-utp.net-IPv6 network '2001:67c:21ec::/48'
set firewall group ipv6-network-group e-utp.net-IPv6 network '2a0f:5707:ba00::/44'
set firewall ipv6 name WAN_IN rule 30 source group network-group 'e-utp.net-IPv6'

The issue reproduces on 1.4.3.
This is Linux kernel issue fixed in v6.6.99 (VyOS 1.4.3 has kernel v6.6.93): https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2ca1db269a8d202c3f97fd53fa7c9ef7f1bb21d6 and will be fixed in VyOS 1.4.4 with kernel update.
Till then the workaround you've found

set protocols static route6 ff00::/8 interface tun2
set protocols static route6 ff00::/8 interface tun3

should work fine - the kernel commit has message:

gre: Fix IPv6 multicast route creation.

... so that we don't just get the inet6_dev, but also
install the default ff00::/8 multicast route.

So just adding the route ff00::/8 manually should really be enough.

Thank you for your time.

Thanks for analysis and confirmation.

Viacheslav assigned this task to hedrok.Oct 16 2025, 5:07 PM

hedrok closed this task as Resolved.Oct 16 2025, 5:09 PM

hedrok moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.4) board.

dmbaturin removed a project: VyOS 1.4 Sagitta (1.4.4).Wed, Nov 19, 2:20 PM

OSPFv3 doesn't come upClosed, ResolvedPublicBUGActions

Description

Details

Event Timeline

OSPFv3 doesn't come up
Closed, ResolvedPublicBUG
Actions