IPv6

• D

  Default gateway problems after upgrade to 2.0rc1-ipv6
  • danne  

  14
  0
  Votes
  14
  Posts
  11739
  Views

  D

  @Kampfwurst: i got the same error. Is it possible to post the fix It still doesn't work for me, but I have added the IPv4 and IPv6 gateways manually. When I have the time I will do a fresh install and restore the configuration and see if it works better.
• D

  2.0-RC1-IPv6 - Captive Portal - Authentification page not loading
  • Dym  

  6
  0
  Votes
  6
  Posts
  4351
  Views

  C

  didn't know that, thanks for the info!
• Z

  IPv6 Firewall object Aliases?
  • zobel  

  4
  0
  Votes
  4
  Posts
  2032
  Views

  Z

  @billm: Should be fixed here: https://github.com/smos/pfsense-ipv6/commit/fed025ea776a0f8ec2a7b324c73dbac9c72a2c6d ha, you were faster. i digged in the code myself, and was just about to commit a patch myself, but yours is more clean than mine.  :D
• D

  IPv6 RRD graphs broken
  • databeestje  

  5
  0
  Votes
  5
  Posts
  2080
  Views

  

  Ok looks like reached max attachment size - had to create new post. This does seem a bit odd?  I looked at the total blocked ipv4 in after generating some ipv6 traffic, that shows as ipv6 passed in – this is odd.  Is this what your seeing?  See 3rd attachement
• B

  IPv6 DNS from OpenDNS
  • bman212121  

  4
  0
  Votes
  4
  Posts
  8162
  Views

  B

  You're welcome guys :)
• 

  Gitsync broke webconfigurator
  • johnpoz  

  3
  0
  Votes
  3
  Posts
  1744
  Views

  

  Yeah I saw that ;) hehehe Right place at the right time I guess!  Saw the fix right after I posted. Maybe I should play the lottery today ;)
• K

  HE ipv6 gateway doesn't come online
  • krisken  

  21
  0
  Votes
  21
  Posts
  10919
  Views

  D

  I've found that the default route might dissapear when the parent interface goes down. I have not debugged that.
• U

  IPv6 DNS Server
  • UnderCover  

  12
  0
  Votes
  12
  Posts
  14890
  Views

  

  Yeah I think that is a 2.0 thing. I'm not exactly sure what the criteria are for showing up there, but it should be gateways listed there, I thought. Looking a bit deeper we already have a ticket open for that: http://redmine.pfsense.org/issues/785 But it's set to 'future' since it's more of a convenience and could be done via static routes as well.
• A

  IPv6 = no?
  • amrogers3  

  6
  0
  Votes
  6
  Posts
  3826
  Views

  D

  The remco bressers post is indeed hackery. And as you also mention this is very different from the current IPv6 code in my branch which is far more turn key. I just setup another v6 box at work, and it's becoming easier, just plug in some addresses and it works. That was the whole intention of pfSense. Your advice on configuring proper IPv6 over fiddling around is a good suggestion. It's far more valuable and less likely to break your internet in interesting ways. :-)
• U

  Ipv6 manual
  • UnderCover  

  3
  0
  Votes
  3
  Posts
  3105
  Views

  D

  This sometimes happens, it's reproduceable, I have not investigated.
• M

  Passing IPv6 traffic through pfsense unmolested
  • Matchstick  

  6
  0
  Votes
  6
  Posts
  5171
  Views

  

  Have not done this since moved tunnel endpoint to my pfsense box.. Much better way to do it!!  Now you have firewall control at pfsense, etc. But to allow the tunnel endpoint to be box on lan side of your pfsense box, allow ipv6 traffic and put in the lan side IP address you want to be the endpoint, example 192.168.1.100 or something, whatever the IP of your box is that is going to be the endpoint of your ipv6 tunnel.
• D

  IPv6 with SiXXs
  • dwabraxus  

  3
  0
  Votes
  3
  Posts
  2869
  Views

  D

  I have not attempted a gateway pool yet. And that doesn't work with a gateway pool anyhow, any attempt to send out traffic from a HE address through the Sixxs router will fail. The only way to make that work is by performing NAT and there is no provision for that. You can not add multiple v6 subnets on the same interface either. The only trick you could theoretically use here is performing network prefix translation. So if you have 2 /64 subnets, one from each ISP you can then translate this network when traffic leaves the network. I do this by assigning a ULA range on the LAN, then create 2 mapping, 1 for each WAN with each network prefix. This so that traffic leaving either interface is using the netblock from the correct ISP. Not much different from ipv4 nat, but subtly different.
• U

  How much of ipv6 implemented?
  • UnderCover  

  6
  0
  Votes
  6
  Posts
  3995
  Views

  O

  Oh yes - I forgot that part :-) One of the reasons why some of the big ones are dragging their feet is also that they earn A LOT of money from charging extra for official IP addresses. How many addresses should a non commercial have? Give each one a /64 subnet - don't try to create artificial limits. It is a new world - deal with it. If someone want to set up a server at home - let them do it. I think ISP's should realise that what they provied is a connection. What this connection is used for - reading the newspaper, watching TV, listening to radio, online purchases, research, running your own server for your blog - that should all be up to the person paying for the line. You can differenciate on the guaranteed quality you are offering - commercial customers could get two lines in through different connection points so it is less likely they will loose connection - home users will obviously only have one line and multiple single points of failure. Also, a home user line is always oversold - I don't know any ISP that actually has enough bandwith to give full speed to all customers at the same time. A commercial customer could receive minimum guarantees of bandwith/speed. There are ways to differentiate commercial and home users. But it should never be on what they can do with their line. That would be like Ford denying you to carry tools that you use at work in your car because it was not bought as a commercial vehicle.
• 

  Set raflags in rtadvd conf?
  • johnpoz  

  3
  0
  Votes
  3
  Posts
  3348
  Views

  D

  I've decided on the options disabled, managed, unmanaged, combined. Fix forthcoming later.
• W

  IPv6 default route lost
  • wallabybob  

  5
  0
  Votes
  5
  Posts
  4539
  Views

  

  @iFloris: There is a script on the he.net website to change your ip. By installing cron and calling the script every 24 (or so) hours, you can sort of automatically update your endpoint. That sounds like something that would make a good candidate for a dyndns update type.
• C

  Ipsec-tools with IPv6 Enabled
  • Cino  

  3
  0
  Votes
  3
  Posts
  3162
  Views

  C

  @databeestje: Outside of the snapshots I don't have these binaries Download a snapshot, extract the racoon, setkey and racoonctl binaries from /usr/local/sbin and upload those to your install thanks for the quick reply… As I was driving into work after posting this, I thought of trying that in-case there is not binaries to download.
• 

  RRD graphs for traffic an packets
  • johnpoz  

  12
  0
  Votes
  12
  Posts
  4770
  Views

  T

  2.0-RC1-IPv6 (i386) built on Tue Mar 15 13:14:13 EDT 2011 Not entirely sure if this is an IPv6 thing or just an RC2 thing… searched a bit but didnt find anything on it over in that forum. Since last Thursday, i'm not sowing any wan-out data (IPv6 or 4) in my rrd traffic or packets graphs. Nothing sticking out at me in the logs either. Anyone else seeing this?
• W

  Garbled apinger messages in the system log
  • wallabybob  

  14
  0
  Votes
  14
  Posts
  12983
  Views

  D

  Create a 1.2.3 vm, create 2 routes to a lan IP. Upgrade that and it should trigger it
• T

  ISP Dynamically Assigned IPv6 Address Question
  • tebeve  

  14
  0
  Votes
  14
  Posts
  5941
  Views

  D

  ofcourse linksys and dd-wrt are not really comparable. I've just setup a other customer from the bounty forum with a working IPv6 setup. With a gif tunnel or static addressing on the wan it does work with v6. With recent fixes I've made it should be safe to run either v4 or v6 on the same interface. I fixed the issue that made it drop it's v4 default route. If you do not mind giving me remote access to that install to develop working ipv6 support then I'd love to get that working. It is probably the most significant building block for IPv6 deployment on cable internet networks. And there are a lot of those. If you have questions, feel free to climb into the email to seth.mos@dds.nl and we'll see what we can arrange. I've just made some fixes to filter.inc for dhcpd, the webui listen port on the v6 address and a DNS rebinding attack fix. I've also added v6 network support for the ipsec phase2 page. Maybe I can fix the phase1 too.
• T

  "Could not find gateway for interface (wan)" every quarter hour.
  • tix  

  3
  0
  Votes
  3
  Posts
  4235
  Views

  D

  Well, it's not uncommon for rules to reload if it has something like hostnames and other factors. I think what's biting here is that firewall rules for proper multi-wan support are missing. When that falls through the reply-to is skipped and the default route is relied on. I'll have a quick look if I can make the filter process intelligent enough to find out the proper v6 wan gateway.
• W

  DHCP V6 static addresses
  • wallabybob  

  2
  0
  Votes
  2
  Posts
  4260
  Views

  W

  It appears there is no support in DHCP v6 for static IP address assignments based on "raw" MAC address but assignments can be based on various forms of UIDs, some of which can be derived from a MAC address.
• M

  Static + dynamic WAN
  • Michael Sh.  

  5
  0
  Votes
  5
  Posts
  2331
  Views

  M

  I installed net/dhcp6 now and playing with it. IPv6 is new for me.
• 

  Openvpn broke since added ipv6
  • johnpoz  

  1
  0
  Votes
  1
  Posts
  1704
  Views

  No one has replied

• U

  Ipv6 testing - firewall
  • UnderCover  

  2
  0
  Votes
  2
  Posts
  1966
  Views

  D

  Same as before, don't toggle port forward. Add a firewall rule on the IPv6 WAN interface that allows traffic from Any to IPv6 address of the client behind it with the port you want to give them access to.
• D

  Gitsync error
  • datagen24  

  8
  0
  Votes
  8
  Posts
  3468
  Views

  D

  No interest at this point, directing resources elsewhere.
• L

  DHCPv6 Range
  • loftyDan  

  2
  0
  Votes
  2
  Posts
  4090
  Views

  D

  You can, I just use the last octet, which is already good for 65k hosts or so. I like the addresses simplere over autoconfig
• D

  Comcast has started rolling out IPv6 for it's customers
  • databeestje  

  8
  0
  Votes
  8
  Posts
  5667
  Views

  A

  From what I heard, the Native dual stack is only being enabled in Colorado for now. it will be a while before rest of us see it. Databeestje, I do have a question if your code handles a 6RD configuration as comcast is supposedly set up to handle that across their entire network already. if not, I dont think its worth it as Comcast is dropping it after June 30, 2011 anyway in favor of dual stack.
• W

  Rtadvd gets killed
  • wiz561  

  3
  0
  Votes
  3
  Posts
  1880
  Views

  W

  Thanks for the response.  I changed my configs to use dhcpdv6.  This could have been the reason why it kept dying on me.
• ?

  IPv6 large packets failing
  • Guest  

  3
  0
  Votes
  3
  Posts
  3931
  Views

  ?

  Thank you very much, Databeestje; that did the trick. I have a Verizon FiOS connection that terminates by PPPoE with an MTU less than 1500, so that was definitely my problem. I am now happily exploring and learning about the IPv6 realm. Thanks again, Rain
• W

  IPv6 with HE Issues
  • wiz561  

  8
  0
  Votes
  8
  Posts
  6049
  Views

  W

  Thanks all for the help. Just a status update.  I've been working with my ISP, who's never really done this before for anybody yet.  They've made a number of changes and assigned me two /64 blocks. After I assigned the 64 addresses to the two interfaces, added the default route, and configured rtadvd, everything worked fine.  I'm now able to ipv6. Thanks again for the help.  I think the problem was part with me and part with my ISP.
• C

  IPV6 in my logs is making thing look untidy!
  • Callahan  

  15
  0
  Votes
  15
  Posts
  6938
  Views

  C

  That's not the case for me. Check the attachments showing version number, the unticked boxes and the IPv6 packets in the logs. This happens on both my work setup and my home setup.    
• B

  Voicing thoughts about IPv6
  • brcisna  

  6
  0
  Votes
  6
  Posts
  4389
  Views

  B

  @Cino: @wallabybob: Why not allocate more addresses to your subnets? There are over 65000 address in 192,168.0.0/16 and over 16 million in 10.0.0.0/8. Why not (for example) use 192.168.0.0/18, 192.168.64.0/18, 192.168.128.0/18 (over 16,000 addresses each) 192.168.192.0/18 for further subdivision and future expansion (e.g 192.168.192.0/24 for servers, 192.168.193.0/24 for teachers's and admin PCs etc). I can't speak for brcisna but most school network environments use Public IP Subnets instead of Private IP Subnets. So I'm thinking that is why they are running out of IPs. The company I work for, we used to use Public IPs for our internal servers but over the last 3 years we have moved them to 10.x.x.x and re-use the public ip for any internet facing servers.. Then again Public IP space for my company isnt running low yet Many higher ed institutions already have IPv6 allocations, it's simply a matter of architecting and deploying.  Generally most have been too apathetic about IPv6 and now everyone is behind and scrambling to figure it out and port their old tools to support it and begging for money to upgrade infrastructure to do IPv6.  It's really not that hard, especially for anyone that has done another protocol in addition to IPv4.  For a long time our IPv6 path wasn't the same as v4, nor does it need to be, as its a totally different protocol.    Internet2 has a workshop that they put on (that I have been an instructor for in the past) that teaches v6 deployment / theory, etc. to networking folks.
• G

  New to IPv6? Read this!
  • gnhb  

  2
  0
  Votes
  2
  Posts
  2869
  Views

  D

  This is interesting too. http://bgpmon.net/blog/?p=340
• S

  How to setup gitsync in the firmware page ?
  • singerie  

  3
  0
  Votes
  3
  Posts
  2352
  Views

  S

  thank you very much :)
• W

  Can't ping (or pass traffic) behind pfsense
  • wiz561  

  6
  0
  Votes
  6
  Posts
  5174
  Views

  D

  The link local addressing (fe80::) will have something to do with that, so that won't work. I'll add bridging to the Todo