IPv6 testing
-
1. Have you actually created the gif interface as listed in the howto? http://iserv.nl/files/pfsense/ipv6/
Yes I did. However, since that howto still shows some errors it's confusing to use. When I go to Interfaces -> (assign) -> GIF and edit the GIF to HE now, all seems to be fine. When I hit save and check "ifconfig gif0" on the console, I see it removed my "inet6 2001:470:1f14:xxx::2 –> 2001:470:1f14:xxx::1 prefixlen 128" line. Also my default ipv6 route is gone. What I do notice is that it has added "inet6 2001:470:1f14:xxx::2 prefixlen 128" as also stated in the howto. But no connection to HE and no IPv6 connectivity. Now when I run my custom script again which runs "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128", the connection to HE is up again. When I run "route -n add -inet6 default 2001:470:1f14:xxx::1" after that, my full IPv6 connectivity is alive again from both my pfSense machine as all my client machines behind it.
2. This should really be fixed since yesterday or so. The subnet check on the routing page now correctly allows for saving the gateway on the gif interface. The IPv6 WAN interface should have the (default) listed on the page.
see http://iserv.nl/files/pfsense/ipv6/gateways-overview.pngIt does indeed now display both default gateways. Check my attached image. It does add the default IPv4 gateway, but does not add the IPv6 default gateway. I'm thinking this is because of the problem expressed above at #1. I also can not add a default IPv6 gateway from the console before the "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128" line is executed and the connection to HE is set up, so I'm guessing at the background the same problem exists. The tunnel is not set up, so adding the default IPv6 gateway fails.
3. Looks like the netbios option is not supportedfor v6. I'll remove that.
Thanks! I'll monitor your repository to see when the update is available :)
-
Another question by the way, I noticed that I can not reach the pfSense web UI via the IPv6 address set on the LAN facing NIC, only via its IPv4 address. Is there an easy way to have the webserver also bind to the IPv6 address to listen on or does that involve more than hacking some config file?
-
@iFloris The ndp binary will be included in snapshots shortly, it lists neighbours.
It does not have a page yet, I need to make one first.
-
@iFloris The ndp binary will be included in snapshots shortly, it lists neighbours.
It does not have a page yet, I need to make one first.Great!
Any list is better than none and your hard work is very much appreciated.
Until a page is made we'll make do with the binary (when I figure out how to use it, that is).I remember someone saying something about implementing ipv6 being far too much work for one person..
-
-
And more progress made.. issues 1 and 2 are resolved now. I had to go through all the steps again and even though all was correctly configured already, saving the settings again would create the appropriate config files to make it work without any custom scripts! Thanks bunches databeestje! ;D
I just synced with your recent update and I can also confirm the DHCPv6 to be working now! Making IPv6 reservations for DHCPv6 does not work yet, but I'm sure you're aware of that and have it somewhere on your huge todo list.
Great work! Keep up the good job.
-
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.
I'll add it to the list.
-
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.
I'll add it to the list.
If you need to test updates on the DHCPv6 reserved leases, let me know and I'll be happy to do that for you on my installation here.
I still prefer to know what IPv6 addresses are assigned to my servers instead of having them assigned a random IPv6 and make them accessible via registering the lease in the DHCP. So I'll be using the Windows DHCPv6 service in the meantime. A difference between the Windows DHCPv6 service and the pfSense DHCPv6 service I noticed is that in Windows I need to register a static lease based on the DHCPv6 IAID and Client DUID and with pfSense it's based on the MAC address like with DHCPv4. What's the difference and why is there a difference?
-
Quick question, under System: Advanced: Networking: IPv6 Options, do we need to have 'Allow IPv6' checked? I noticed when its check, I see local-link IPv6 addresses are being blocked by my LAN rule(Allow LAN Subnet only). When its unchecked, I dont see them being blocked.
-
I just committed a filter rule fix for a typo.
That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged
-
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.Maybe for the buglist?
thnx.
-
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.
OSX does have a dhcp v6 client, right? When I go into the advanced options in the interface settings, there's a spot for ipv6. Or, is it something else you were talking about?
-
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.Maybe for the buglist?
thnx.
Found and fixed
-
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.Maybe for the buglist?
thnx.
Found and fixed
confirmed fixed! Thanks!
-
Is it normal to see link-local addresses in the dhcp log? I don't think i noticed it before but I just had a major issue after a git sync an hour ago. The DHCPd service hang while it was trying to read the /var/dhcpd/var/db/dhcpd6.leases file. I deleted the file and that seem to fix the issue.
If i change my LAN firewall rule to LAN subnet only from any any, I don't see the dhcp messages anymore but now they end up in the firewall log.
Thinking of blocking fe80:: on the LAN so I dont see it in the firewall log but I dont want to break autoconfig of ipv6(not sure if it would or not)
dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:14:16 dhcpd: Unable to pick client address: no addresses available Feb 10 14:14:16 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:44 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:44 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:44 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:36 dhcpd: DHCPACK to 192.168.0.104 (00:1e:c9:2f:a0:fe) via em0 Feb 10 14:13:36 dhcpd: DHCPINFORM from 192.168.0.104 via em0 Feb 10 14:13:28 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:28 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:28 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:20 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:20 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:20 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:16 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:16 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:16 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:14 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:14 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:14 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:13 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546 Feb 10 14:13:13 dhcpd: Unable to pick client address: no addresses available Feb 10 14:13:13 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600 Feb 10 14:13:13 dhcpd: DHCPACK on 192.168.0.104 to 00:1e:c9:2f:a0:fe (dellbox-win7) via em0 Feb 10 14:13:13 dhcpd: DHCPREQUEST for 192.168.0.104 from 00:1e:c9:2f:a0:fe (dellbox-win7) via em0 Feb 10 14:11:37 dhcpd: Sending on Socket/14/em0/2001:470:XXXX:XXXX::/64 Feb 10 14:11:37 dhcpd: Listening on Socket/14/em0/2001:470:XXXX:XXXX::/64 -
without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.
Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.
-
without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.
Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.
Thank you for building this into pfsense!!! As you build it, we will test it :-)
-
I just committed a filter rule fix for a typo.
That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged
Well this is great I did a fresh install onto my test system synced with the IPV6 git right away and setup my ISP's Native service only took bout 2 hours lol. I did have to change/add a line in interface.inc file as well need to find a place to have it auto run a route command when the connection comes up.
-
Catching back up since you fixed the issues with IPv6 patches working on BETA5…..
I have set the interfaces back up but i get the lovely oddball of the WANIPv6 address showing up in the config screen for the interface but not actually being applied to said interface. If i ping the address from the console on the pfSense box itself i get "ping6: UDP connect: no route to host" and as such cannot get any IPv6 traffic to egress thru the firewall. Internally I am getting DHCPv6 leases and can connect to the LANs IPv6 address just fine.
-
Catching back up since you fixed the issues with IPv6 patches working on BETA5…..
I have set the interfaces back up but i get the lovely oddball of the WANIPv6 address showing up in the config screen for the interface but not actually being applied to said interface. If i ping the address from the console on the pfSense box itself i get "ping6: UDP connect: no route to host" and as such cannot get any IPv6 traffic to egress thru the firewall. Internally I am getting DHCPv6 leases and can connect to the LANs IPv6 address just fine.
Not totally sure where it goes wrong here, but usually in my setup if the default route is gone, I go to System –> Routing --> Edit your IPv6 gateway --> Don't change anything --> Click Save --> Click apply changes and try again. This usually puts the default route back in. Can't really define yet where and why it gets lost.
I'm now using a /48 IPv6 block from Hurricane Electric so I can have pfSense 2.0b5 assign a different IPv6 /64 block to my wifi connected NIC and a different /64 block to my normal LAN. Both my wifi connected devices and my lan connected devices are able to communicate using IPv6 to the internet and towards each other now. Works like a shiny christal ball. Absolutely amazing stuff.
By the way, the captive portal stuff does not work yet in 2.0b5. I'm getting this error when enabling it:
php: /status_services.php: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf' returned exit code '255', the output was '2011-02-11 00:08:44: (configfile.c.912) source: /var/etc/lighty-CaptivePortal.conf line: 186 pos: 1 parser failed somehow near here: (EOL)'
Not sure if it's related to this gitsync and/or IPv6 and if I can and should report it somewhere. Does anybody know?