IPv6 testing
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
-
…
But I just got this work - was seeing the same error.
...johnpoz, since I'm using a clean image now with a backup before I created the DHCPv6 reservation, the DHCP service does not report an error on startup anymore and seems to work. I still don't get a lease from the DHCPv6 service though. What did you do on your Windows client to make it work? I'm assuming:
netsh
int ipv6
show int
set int <interface number="">managedaddress=enabled
set int <interface number="">routerdiscovery=disabledAm I missing something?</interface></interface>
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
Sorry! Fixed.
-
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
-
"the DHCP service does not report an error on startup anymore and seems to work"
You sure its running.. take a look at netstat, you show it listening on 547
udp6 0 0 *.547 .
I did not have to set anything on my w7 box, turned it on and got dhcp address
These are default settings
netsh interface ipv6>sho int 11
Interface Local Area Connection Parameters
–--------------------------------------------
IfLuid : ethernet_6
IfIndex : 11
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 32000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabledI just booted it up and clearly its getting the IP from dhcp
Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-88-48-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::100(Preferred) -
Thanks johnpoz. Cool that it should work with the default settings! I just remembered that because of the error in the latest smos release, I went back and used the pfSense 2.1 RC1 release with IPv6 support which most likely is not updated with the DHCPv6 fixes yet. That would explain why it seems to work, but it isn't yet. Unfortunately the latest smos release still contains errors so I'll have to wait for it to be fixed so I can give DHCPv6 another try.
Good thing by the way that one can reinstall whole pfSense installation in a matter of 15 minutes of time. Don't see that happen with a Microsoft ISA or TMG firewall ;)
-
Yeah before I started playing with the ipv6 code, I grabbed the latest snap iso, and backed up my config – I would say 15 minutes is prob time enough time to have a celebration beer after the reinstall and restore of config ;) And I have a crappy old p3 800 as my router.. Yeah do that with TMG or ISA heheheh you got that right!!!
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329 -
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
-
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329Looks quite interesting. Do you think pfSense will work on it? Where will it be for sale?
/Update:
To answer my own questions for people who might be interested in this as well :)
A tutorial and more information on this system at: http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/
In Europe they're available through the webshop at the same website mentioned above. In the USA, check out http://nw-ds.com/shop/firewalls.html. Power usage is an average of only 5 watts! Maximum throughput is about 85 mbit/sec on NAT and bridging and 15 mbits/sec when using IPSec connections (varies depending on encryption used).
-
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
I used the system_firmware_check.php page to update as I do most of the time:
A new version is now available
Current version: 2.0-RC1
Built On: Mon Feb 28 17:13:01 EST 2011
New version: Mon Mar 7 12:03:17 EST 2011Update source: http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/.updaters/
When I do that, my IPv6 data doesn't flow through it anymore.
/Update: I'm now trying to update using the 12 in menu -> playback gitsync option. I'll update my post as soon as I know more.
/Update on update: nope.. doesn't work either. I can already see it in the pfSense shell where the IPv6 addresses behind my interfaces are gone after the gitsync. I'll attach a photo showing the results.
-
@Koen: Sounds like you didn't gitsync. Drop down to the cmd line and select option 12… Then use git repository http://gitweb.pfsense.org/pfsense/pfSense-smos.git.
I was having issues over the weekend with the mainline so yesterday I installed RC1 with IPV6, everything is good...
@databeestje: i currently have the RC1 IPV6 build install... Usually I will do a firmware update every couple of days then gitsync after reboot... The last few days, the new firmware is messing things up on my box.., non-ipv6 related stuff: openntp, lcdproc(have to restart the service after reboot because it fills my log with timeouts), doesn't re-install packages after firmware udpates... Would it be safe to keep the RC1 IPV6 build on my box and just gitsync for updates?
-
Yes, that would be fine.
I am starting to see hanging top commands again which I've not seen in a while. This causes the RRD graphs to stall at some point. Anywhere between now and days, weeks.
-
@Koen: Sounds like you didn't gitsync. Drop down to the cmd line and select option 12… Then use git repository http://gitweb.pfsense.org/pfsense/pfSense-smos.git.
That's exactly what I just did. I did a clean install with the pfSense-2.0-RC1-ipv6-i386-20110228-1715.iso.gz image at http://iserv.nl/files/pfsense/ipv6/rc1/, , restored my backup config, went into the menu, used 12, typed playback gitsync, entered the smos git url, choose master branch and let it run. The results are as shown on the photo in my previous post.
-
Maybe im overlooking something, but is it possible for me to just update my current RC1 to the RC1 ipv6 build ?
-> current 2.0-RC1 (i386) - built on Mon Feb 14 02:12:45 EST 2011 (old i know).
-> update with pfSense-Full-Update-2.0-RC1-ipv6-i386-20110228-1715.tgzPS, will it keep my settings or will it probably bork everything up and require a restore of the config ?
-
Not sure if there is a way to update it, but if you simply do a backup via Diagnostics -> Backup/Restore -> Download configuration, burn the RC1 IPv6 image to CD and do a clean install of pfSense RC1 IPv6 from the CD by booting from it and restore your config with the backup once the installation is complete, you'll be done in a matter of 15 minutes of time.
-
Thnx, that sounds like the smartest way to do it :) was just hoping i could do it from the office now hehe, i will do it the "proper" way then :D
-
That's exactly what I just did. I did a clean install with the pfSense-2.0-RC1-ipv6-i386-20110228-1715.iso.gz image at http://iserv.nl/files/pfsense/ipv6/rc1/, , restored my backup config, went into the menu, used 12, typed playback gitsync, entered the smos git url, choose master branch and let it run. The results are as shown on the photo in my previous post.
I've gitsynced again yesterday and now it does update and keep IPv6 working. The DHCPv6 service doesn't work yet here though.
-
I've just updated filter.inc for another dhcp server filter rule. Maybe that fixes access to the dhcp server so clients can get a lease.
The WebUI is now works correctly on alternate ports when access on it's v6 address. I've started a dhcpv6 leases page. But I only have empty files, so that's a dud.
There are newer images uploaded to my site at http://iserv.nl/files/pfsense/ipv6/rc1/ which should help people on nanobsd. These should also help people installing. Not sure what was up with the gitsync, I could not replicate it.