IPv6 testing
-
Yes, that should also have been lagg0. Since I don't have anything here that's lagg capable I'd need to search. What's odd though is that the default route path for v4 and v6 is exactly the same.
I can only guess that the parent interface in another piece of code is used causing it to fail. Hmmm. Can you send me a sanitized config.xml to my email address seth.mos@dds.nl
That's probably the only way to find out. You can safely strip the aliases and rules. I won't need a password as I'll just reset that. How many interfaces is this box?
-
Email with details sent!
-
@databeestje, small bug found in the Easy Rule feature in the firewall logs. When I click to create an Easy Rule from a denied firewall rule regarding IPv6 traffic, it gets added as an IPv4 rule.
-
I've noticed that, I'm currently stuck at work with a Cisco 1841 though that needs to do 4 wire shdsl that isn't cooperating.
Added to the list
I've added some code, no idea if it works, have not tested, coded blind. -
Added to the list
I've added some code, no idea if it works, have not tested, coded blind.Thanks! I'll give it a try in about an hour and let you know if it works. Downloading some stuff now, so can't use the reboot at the moment ;)
-
Hi,
And thanks for the work being done on IPv6! I upgraded to RC1 yesterday and got a HE-tunnel up and running pretty soon after.
One thing I noticed: After upgrading to RC1 and the doing the gitsync the version under system information went back to BETA-5. I guess that's just a cosmetic fix, but I wanted to point it out.
Thanks again for all the effort being put in to this.
Regards
skorge -
Not that it matter much, other show stoppers prevented a RC release. So the tree is back to BETA5 anyways
-
Added to the list
I've added some code, no idea if it works, have not tested, coded blind.Thanks! I'll give it a try in about an hour and let you know if it works. Downloading some stuff now, so can't use the reboot at the moment ;)
I can confirm it to be fixed! Good job!
-
When creating firewall rule, would it be possible to add option "Both" to TCP/IP Version - so that firewall rule would apply to both IPv4 and IPv6?
-
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
-
@|DSI|:
When creating firewall rule, would it be possible to add option "Both" to TCP/IP Version - so that firewall rule would apply to both IPv4 and IPv6?
That makes no sense, the pf firewall rule can only apply to v4 or v6 traffic, not both. Are you referring here to aliases perhaps?
-
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
Strange, dnsmasq listens on a v6 socket anyhow, so you could use the pfSense IPv6 address as the dns option.
I'd need to replicate this. -
Another little bug for the todo-list:
- When running the dhcpv6d server without specifying an ipv6 DNS option, the dhcpv6d will fail to start if you have not have specified an ipv6 DNS server for the PFsense box itself (System: General Setup).
Strange, dnsmasq listens on a v6 socket anyhow, so you could use the pfSense IPv6 address as the dns option.
I'd need to replicate this.Feb 15 21:13:42 check_reload_status: syncing firewall Feb 15 21:13:43 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 Feb 15 21:13:43 dhcpd: Copyright 2004-2010 Internet Systems Consortium. Feb 15 21:13:43 dhcpd: All rights reserved. Feb 15 21:13:43 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Feb 15 21:13:43 dhcpd: /etc/dhcpdv6.conf line 17: Invalid IPv6 address. Feb 15 21:13:43 dhcpd: /etc/dhcpdv6.conf line 17: Invalid IPv6 address. Feb 15 21:13:43 dhcpd: option dhcp6.name-servers 192.168.111.2, Feb 15 21:13:43 dhcpd: option dhcp6.name-servers 192.168.111.2, Feb 15 21:13:43 dhcpd: ^ Feb 15 21:13:43 dhcpd: ^ Feb 15 21:13:43 dhcpd: Configuration file errors encountered -- exiting Feb 15 21:13:43 dhcpd: Configuration file errors encountered -- exiting Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: If you did not get this software from ftp.isc.org, please Feb 15 21:13:43 dhcpd: If you did not get this software from ftp.isc.org, please Feb 15 21:13:43 dhcpd: get the latest from ftp.isc.org and install that before Feb 15 21:13:43 dhcpd: get the latest from ftp.isc.org and install that before Feb 15 21:13:43 dhcpd: requesting help. Feb 15 21:13:43 dhcpd: requesting help. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: If you did get this software from ftp.isc.org and have not Feb 15 21:13:43 dhcpd: If you did get this software from ftp.isc.org and have not Feb 15 21:13:43 dhcpd: yet read the README, please read it before requesting help. Feb 15 21:13:43 dhcpd: yet read the README, please read it before requesting help. Feb 15 21:13:43 dhcpd: If you intend to request help from the dhcp-server@isc.org Feb 15 21:13:43 dhcpd: If you intend to request help from the dhcp-server@isc.org Feb 15 21:13:43 dhcpd: mailing list, please read the section on the README about Feb 15 21:13:43 dhcpd: mailing list, please read the section on the README about Feb 15 21:13:43 dhcpd: submitting bug reports and requests for help. Feb 15 21:13:43 dhcpd: submitting bug reports and requests for help. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Please do not under any circumstances send requests for Feb 15 21:13:43 dhcpd: Please do not under any circumstances send requests for Feb 15 21:13:43 dhcpd: help directly to the authors of this software - please Feb 15 21:13:43 dhcpd: help directly to the authors of this software - please Feb 15 21:13:43 dhcpd: send them to the appropriate mailing list as described in Feb 15 21:13:43 dhcpd: send them to the appropriate mailing list as described in Feb 15 21:13:43 dhcpd: the README file. Feb 15 21:13:43 dhcpd: the README file. Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: Feb 15 21:13:43 dhcpd: exiting. Feb 15 21:13:43 dhcpd: exiting. Feb 15 21:13:43 php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf em1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 17: Invalid IPv6 address. option dhcp6.name-servers 192.168.111.2, ^ Configuration file errors encountered -- exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requIf I add a ipv6 DNS server to the PFsense box itself (System: General Setup), this error is gone.
-
An additional bug is that if you specify a DNS server in the DHCPv6 config, the setting is saved correctly, but it does not showup when you refresh the settingspage.
-
Just followed my own howto but could not replicate the missing default route issue.
I followed the same steps outlined and ended up with 2 default routes, one for v4 and one for v6. Both survive a reboot.
I'll add code that prevents entering a v4 address there.
Edit: Fixed 06-03-2011
-
Hi, I've been lurking for a while but I've been on 2.0 for a few months now and trying out the IPv6 with he.net tunnelbroker.
I can't seem to get DHCPv6 to work. In the logs it says "send_packet no route to host." I believe this is when it sends the advertise. With a manually assigned IP it works fine. I don't know if this was covered before so my apologies in advance if this was covered already.
-
Here are the exact log entries
Feb 19 01:36:14 firewall dhcpd: send_packet6: No route to host Feb 19 01:36:14 firewall dhcpd: dhcpv6: send_packet6() sent -1 of 104 bytes Feb 19 01:36:16 firewall dhcpd: Solicit message from fe80::311e:568e:5624:2040 port 546, transaction ID 0x784DC000 Feb 19 01:36:16 firewall dhcpd: Picking pool address 2001:XXX:XXX:XXX::200 Feb 19 01:36:16 firewall dhcpd: Sending Advertise to fe80::311e:568e:5624:2040 port 546 Feb 19 01:36:16 firewall dhcpd: send_packet6: No route to host Feb 19 01:36:16 firewall dhcpd: dhcpv6: send_packet6() sent -1 of 104 bytes Feb 19 01:36:20 firewall dhcpd: Solicit message from fe80::311e:568e:5624:2040 port 546, transaction ID 0x784DC000 Feb 19 01:36:20 firewall dhcpd: Picking pool address 2001:XXX:XXXX:XXX::200 Feb 19 01:36:20 firewall dhcpd: Sending Advertise to fe80::311e:568e:5624:2040 port 546My LAN is bridged and I suspect that may be the problem since it has no link local address.
-
@|DSI|:
When creating firewall rule, would it be possible to add option "Both" to TCP/IP Version - so that firewall rule would apply to both IPv4 and IPv6?
That makes no sense, the pf firewall rule can only apply to v4 or v6 traffic, not both. Are you referring here to aliases perhaps?
I know that it can only apply to v4 of v6. Both would "invisibly" create separate rule for IPv4 and IPv6 but user would see only one - having this option would reduce needed firewall rules.
Example:
I would like to allow outbound traffic on port 80 for both IPv4 and IPv6. Now i have to create Allow rule for IPv4 traffic on port 80, and separate rule for IPv6 traffic on port 80.
Or another example - Allow inbound traffic to webserver on LAN side:
Firstly you create alias where you list both IPv4 and IPv6 IP address of some host. Then on WAN interface you create firewall rule that allows inbound traffic on port 80, as destination IP you specify previously created alias. -
Is the problem with the outlining in the firewall log widget in combination with IPv6 on the buglist already? Check the attached screenshot.
-
Another one.. is adding IPv6 networks to Aliases on the todo list already?