IPv6 testing
-
Don't fill in a IPv4 DNS server on the DHCPv6 server page.
It appears the host identifier has changed from what it used to be. I need to see what changed. -
Don't fill in a IPv4 DNS server on the DHCPv6 server page.
It appears the host identifier has changed from what it used to be. I need to see what changed.There's no IPv4 address to be found anywhere on the IPv6 page. I've triple checked the DHCPv6 pages for all my interfaces. I am also using the DHCPv4 service in pfSense on my interfaces though. Is it possible that the DHCPv6 page still references the DHCPv4 config somewhere?
-
Oops, I'll check that tomorrow when I have more time.
-
Ok not on the latest build wait til I get home before I update firmware, etc.
But I just got this work - was seeing the same error.
"/dhcp/ /etc/dhcpdv6.conf line 18: Invalid IPv6 address. option dhcp6.name-servers 8.8.4.4,"
Put in the ipv6 address of your dns here.
if you leave blank its seems to be pulling what your using for the pfsense box, in your case googledns, in my case it was 4.2.2.2.. Then I ran into a issue with a corrupt dhcp6.leases file..
So deleted that, then put in my boxes IPv6 address its listening on for dns.. And restarted dhcp and all is good.
clients get their assigned IP, and are pulling the dns info.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-88-48-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::2(Preferred) <–- from dhcpv6
Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 5:25:18 PM
Lease Expires . . . . . . . . . . : Monday, March 07, 2011 7:23:41 PM
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85:748f:b64e:848:1943(Preferred) <– auto generated from the RA going on
Link-local IPv6 Address . . . . . : fe80::748f:b64e:848:1943%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.222(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 5:25:21 PM
Lease Expires . . . . . . . . . . : Tuesday, March 08, 2011 5:25:14 PM
Default Gateway . . . . . . . . . : fe80::209:5bff:fee2:ccdb%11
192.168.1.253
DHCP Server . . . . . . . . . . . : 192.168.1.253
DHCPv6 IAID . . . . . . . . . . . : 235405351
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-F8-86-95-08-00-27-88-48-32
DNS Servers . . . . . . . . . . . : 2001:470:snipped:b85::1 <–--
192.168.1.253
NetBIOS over Tcpip. . . . . . . . : Enablededit: and you can see it in your dhcpv6.leases file
ia-na "'\000\010\016\000\001\000\001\024\370\206\225\010\000'\210H2" {
cltt 1 2011/03/07 23:23:58;
iaaddr 2001:470:snipped:b85::2 {
binding state active;
preferred-life 4500
max-life 7200
ends 2 2011/03/08 01:23:58;
} -
johnpoz, thanks for sharing your findings. Doesn't sound like that should be the way to go, but if it works as a workaround for now, its nice. Could you post the exact path where I can find dhcpdv6.conf abd dgco6.leases?
-
dhcpv6.conf is /var/dhcpd/etc
dhcpv6.leases is /var/dhcpd/var/dband agree the gui's should work, but somehow it got messed up - and if you leave the dns section blank it puts in what pfsense was before forwarding too, which clearly would be a ipv4 address, which is invalid for a ipv6 dns ;)
This got it up and working - but a few bumps, but I have to say for not being part of the build, and not slated to 2.1 the instructions and implementation so far have ROCKED!!! way more than I could of hoped for!!
I got a working firewall, atleast from my testing - it blocks every unless I open it! ;) And have gotten dhcpv6 to hand out the dns, and had to do some manual stuff but clients are pointing to dns running on pfsense box, etc.
its sure better then a tunnel into a box on the inside ;) Great Work So far to be sure!!!
-
The IPv6 addresses of my DNS servers were indeed missing on the DHCPv6 page. I added them and tried to restart the DHCP service. Now I'm getting the following error:
php: /status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf xl0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 22: You can not use a hardware parameter for DHCPv6 hosts. Use the host-identifier parameter instead. hardware ^ Configuration file errors encountered – exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances se
Digging into the dhcpdv6.conf on line 22 I find the "hardware ethernet <mac>;" reservation. Apparently it doesn't like that. I also can not remove the reservation through the GUI at "services_dhcpv6.php?if=<int>". It never gets removed from the config file when I click on the remove icon. Also after clicking on the remove DHCPv6 reservation icon, I get redirected back to the "services_dhcp.php" DHCPv4 page and not the DHCPv6 page. When I try to remove the reservation manually from the dhcpdv6.conf file and restart the service, I still get the error shown above and when I open dhcpdv6.conf again, the reservation is there again.
I just noticed that the same goes for the IPv6 DNS addresses on the services_dhcpv6.php page. I can enter them, click save, but they won't get saved. A refresh of the page and the fields are empty again. Funny thing is that when I look in dhcpdv6.conf, I do see the IPv6 DNS servers listed.
Hopefully this provides some handles for the developers to look for the bugs. I surely agree that this beta product is way more stable than I would have expected. The IPv6 tunnel services are so incredibly stable via pfSense 2 that I have stopped complaining with my ISP to get native IPv6. This works well enough, at least for now. This extremely high quality of pfSense must be because of the passionate developers and low level access to communicating with them and providing feedback.</int></mac>
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
-
…
But I just got this work - was seeing the same error.
...johnpoz, since I'm using a clean image now with a backup before I created the DHCPv6 reservation, the DHCP service does not report an error on startup anymore and seems to work. I still don't get a lease from the DHCPv6 service though. What did you do on your Windows client to make it work? I'm assuming:
netsh
int ipv6
show int
set int <interface number="">managedaddress=enabled
set int <interface number="">routerdiscovery=disabledAm I missing something?</interface></interface>
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
Sorry! Fixed.
-
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
-
"the DHCP service does not report an error on startup anymore and seems to work"
You sure its running.. take a look at netstat, you show it listening on 547
udp6 0 0 *.547 .
I did not have to set anything on my w7 box, turned it on and got dhcp address
These are default settings
netsh interface ipv6>sho int 11
Interface Local Area Connection Parameters
–--------------------------------------------
IfLuid : ethernet_6
IfIndex : 11
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 32000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabledI just booted it up and clearly its getting the IP from dhcp
Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-88-48-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::100(Preferred) -
Thanks johnpoz. Cool that it should work with the default settings! I just remembered that because of the error in the latest smos release, I went back and used the pfSense 2.1 RC1 release with IPv6 support which most likely is not updated with the DHCPv6 fixes yet. That would explain why it seems to work, but it isn't yet. Unfortunately the latest smos release still contains errors so I'll have to wait for it to be fixed so I can give DHCPv6 another try.
Good thing by the way that one can reinstall whole pfSense installation in a matter of 15 minutes of time. Don't see that happen with a Microsoft ISA or TMG firewall ;)
-
Yeah before I started playing with the ipv6 code, I grabbed the latest snap iso, and backed up my config – I would say 15 minutes is prob time enough time to have a celebration beer after the reinstall and restore of config ;) And I have a crappy old p3 800 as my router.. Yeah do that with TMG or ISA heheheh you got that right!!!
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329 -
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
-
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329Looks quite interesting. Do you think pfSense will work on it? Where will it be for sale?
/Update:
To answer my own questions for people who might be interested in this as well :)
A tutorial and more information on this system at: http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/
In Europe they're available through the webshop at the same website mentioned above. In the USA, check out http://nw-ds.com/shop/firewalls.html. Power usage is an average of only 5 watts! Maximum throughput is about 85 mbit/sec on NAT and bridging and 15 mbits/sec when using IPSec connections (varies depending on encryption used).
-
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
I used the system_firmware_check.php page to update as I do most of the time:
A new version is now available
Current version: 2.0-RC1
Built On: Mon Feb 28 17:13:01 EST 2011
New version: Mon Mar 7 12:03:17 EST 2011Update source: http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/.updaters/
When I do that, my IPv6 data doesn't flow through it anymore.
/Update: I'm now trying to update using the 12 in menu -> playback gitsync option. I'll update my post as soon as I know more.
/Update on update: nope.. doesn't work either. I can already see it in the pfSense shell where the IPv6 addresses behind my interfaces are gone after the gitsync. I'll attach a photo showing the results.
-
@Koen: Sounds like you didn't gitsync. Drop down to the cmd line and select option 12… Then use git repository http://gitweb.pfsense.org/pfsense/pfSense-smos.git.
I was having issues over the weekend with the mainline so yesterday I installed RC1 with IPV6, everything is good...
@databeestje: i currently have the RC1 IPV6 build install... Usually I will do a firmware update every couple of days then gitsync after reboot... The last few days, the new firmware is messing things up on my box.., non-ipv6 related stuff: openntp, lcdproc(have to restart the service after reboot because it fills my log with timeouts), doesn't re-install packages after firmware udpates... Would it be safe to keep the RC1 IPV6 build on my box and just gitsync for updates?