IPv6 testing
-
Nope, it's already listed like the Captive portal. Captive portal won't work without kernel work, so that's end of the year at it's earliest.
Ipsec should work after some gui modifications.
I just wanted to play a bit with the captive portal. No real need to use it. I'll use WPA2-Enterprise on my DLink DIR655 in combination with the Microsoft Network Policy server in Windows 2008 R2 now which provides RADIUS authentication against Microsoft Active Directory. Allows logging in securely to your WLAN using your Windows domain credentials. Works like a charm. As said in an earlier post.. I'm a Microsoft man 8)
By the way, if there are more Microsoft fanatics out here who'd like to hook pfSense up to Microsoft Active Directory for authentication to i.e. the webGUI, I can confirm this to work correctly as well with the Network Policy Server in Windows 2008R2 configured as RADIUS server. Sweet!
I'll keep an eye on the gitsync updates for the IPSec update for IPv6. Would be lovely.
-
without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.
Been watching my firewall log and figured I would make some rules to allow the link-local addresses… Looking up some of the ports, this is what I currently have on my LAN interface for firewall rules.. What do you guys think?
Edit: I change fe80::/1 to fe80::/10 in my rules and changed the DHCPv6 to udp only.. When I ran 'pfctl -sr', I see there are some DHCPv6 rules with the destination as the lan address.
-
I would like to note that I am open for donations to my Paypal account on seth.mos@dds.nl.
I'm coding the features I need for the company I work for first, but if anyone has something they want to see sooner there is always a opening for persuasion.
-
I have now received native IPv6 connectivity from my ISP.
I am using Link Aggregation on WAN interface. IPv4 works fine on LAGG interface but I have trouble configuring IPv6 on LAGG interface.
It seems that there is problem with setting IPv6 default route on LAGG interface, because Diagnostic->Routes shows this output under IPv6:default 2a01:260:XXXX::d UGS 0 2937 1500 em0
For IPv4 it shows this
default 89.212.0.1 UGS 0 663297 1500 lagg0
So I assume that under IPv6 default route, interface should also be lagg0, not em0?
-
Yes, that should also have been lagg0. Since I don't have anything here that's lagg capable I'd need to search. What's odd though is that the default route path for v4 and v6 is exactly the same.
I can only guess that the parent interface in another piece of code is used causing it to fail. Hmmm. Can you send me a sanitized config.xml to my email address seth.mos@dds.nl
That's probably the only way to find out. You can safely strip the aliases and rules. I won't need a password as I'll just reset that. How many interfaces is this box?
-
Email with details sent!
-
@databeestje, small bug found in the Easy Rule feature in the firewall logs. When I click to create an Easy Rule from a denied firewall rule regarding IPv6 traffic, it gets added as an IPv4 rule.
-
I've noticed that, I'm currently stuck at work with a Cisco 1841 though that needs to do 4 wire shdsl that isn't cooperating.
Added to the list
I've added some code, no idea if it works, have not tested, coded blind. -
Added to the list
I've added some code, no idea if it works, have not tested, coded blind.Thanks! I'll give it a try in about an hour and let you know if it works. Downloading some stuff now, so can't use the reboot at the moment ;)
-
Hi,
And thanks for the work being done on IPv6! I upgraded to RC1 yesterday and got a HE-tunnel up and running pretty soon after.
One thing I noticed: After upgrading to RC1 and the doing the gitsync the version under system information went back to BETA-5. I guess that's just a cosmetic fix, but I wanted to point it out.
Thanks again for all the effort being put in to this.
Regards
skorge -
Not that it matter much, other show stoppers prevented a RC release. So the tree is back to BETA5 anyways
-
Added to the list
I've added some code, no idea if it works, have not tested, coded blind.Thanks! I'll give it a try in about an hour and let you know if it works. Downloading some stuff now, so can't use the reboot at the moment ;)
I can confirm it to be fixed! Good job!
-
When creating firewall rule, would it be possible to add option "Both" to TCP/IP Version - so that firewall rule would apply to both IPv4 and IPv6?
-
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
-
@|DSI|:
When creating firewall rule, would it be possible to add option "Both" to TCP/IP Version - so that firewall rule would apply to both IPv4 and IPv6?
That makes no sense, the pf firewall rule can only apply to v4 or v6 traffic, not both. Are you referring here to aliases perhaps?
-
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
Strange, dnsmasq listens on a v6 socket anyhow, so you could use the pfSense IPv6 address as the dns option.
I'd need to replicate this. -
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
Strange, dnsmasq listens on a v6 socket anyhow, so you could use the pfSense IPv6 address as the dns option.
I'd need to replicate this.Feb 15 21:13:42 check_reload_status: syncing firewall Feb 15 21:13:43 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 Feb 15 21:13:43 dhcpd: Copyright 2004-2010 Internet Systems Consortium. Feb 15 21:13:43 dhcpd: All rights reserved. Feb 15 21:13:43 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Feb 15 21:13:43 dhcpd: /etc/dhcpdv6.conf line 17: Invalid IPv6 address. Feb 15 21:13:43 dhcpd: /etc/dhcpdv6.conf line 17: Invalid IPv6 address. Feb 15 21:13:43 dhcpd: option dhcp6.name-servers 192.168.111.2, Feb 15 21:13:43 dhcpd: option dhcp6.name-servers 192.168.111.2, Feb 15 21:13:43 dhcpd: ^ Feb 15 21:13:43 dhcpd: ^ Feb 15 21:13:43 dhcpd: Configuration file errors encountered -- exiting Feb 15 21:13:43 dhcpd: Configuration file errors encountered -- exiting Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: If you did not get this software from ftp.isc.org, please Feb 15 21:13:43 dhcpd: If you did not get this software from ftp.isc.org, please Feb 15 21:13:43 dhcpd: get the latest from ftp.isc.org and install that before Feb 15 21:13:43 dhcpd: get the latest from ftp.isc.org and install that before Feb 15 21:13:43 dhcpd: requesting help. Feb 15 21:13:43 dhcpd: requesting help. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: If you did get this software from ftp.isc.org and have not Feb 15 21:13:43 dhcpd: If you did get this software from ftp.isc.org and have not Feb 15 21:13:43 dhcpd: yet read the README, please read it before requesting help. Feb 15 21:13:43 dhcpd: yet read the README, please read it before requesting help. Feb 15 21:13:43 dhcpd: If you intend to request help from the dhcp-server@isc.org Feb 15 21:13:43 dhcpd: If you intend to request help from the dhcp-server@isc.org Feb 15 21:13:43 dhcpd: mailing list, please read the section on the README about Feb 15 21:13:43 dhcpd: mailing list, please read the section on the README about Feb 15 21:13:43 dhcpd: submitting bug reports and requests for help. Feb 15 21:13:43 dhcpd: submitting bug reports and requests for help. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Please do not under any circumstances send requests for Feb 15 21:13:43 dhcpd: Please do not under any circumstances send requests for Feb 15 21:13:43 dhcpd: help directly to the authors of this software - please Feb 15 21:13:43 dhcpd: help directly to the authors of this software - please Feb 15 21:13:43 dhcpd: send them to the appropriate mailing list as described in Feb 15 21:13:43 dhcpd: send them to the appropriate mailing list as described in Feb 15 21:13:43 dhcpd: the README file. Feb 15 21:13:43 dhcpd: the README file. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: exiting. Feb 15 21:13:43 dhcpd: exiting. Feb 15 21:13:43 php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf em1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 17: Invalid IPv6 address. option dhcp6.name-servers 192.168.111.2, ^ Configuration file errors encountered -- exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requIf I add a ipv6 DNS server to the PFsense box itself (System: General Setup), this error is gone.
-
An additional bug is that if you specify a DNS server in the DHCPv6 config, the setting is saved correctly, but it does not showup when you refresh the settingspage.
-
Just followed my own howto but could not replicate the missing default route issue.
I followed the same steps outlined and ended up with 2 default routes, one for v4 and one for v6. Both survive a reboot.
I'll add code that prevents entering a v4 address there.
Edit: Fixed 06-03-2011
-
Hi, I've been lurking for a while but I've been on 2.0 for a few months now and trying out the IPv6 with he.net tunnelbroker.
I can't seem to get DHCPv6 to work. In the logs it says "send_packet no route to host." I believe this is when it sends the advertise. With a manually assigned IP it works fine. I don't know if this was covered before so my apologies in advance if this was covered already.