2.4 IPV6 issues
-
2.4.0-BETA (amd64)
built on Fri Mar 24 21:51:47 CDT 2017
FreeBSD 11.0-RELEASE-p8had 2 functioning HE tunnels on 2.3.3 with NTp got a 3rd isp connection so tried to bring up a 3rd tunnel with out luck.
I have seen any saving in gateways tunnels go down and dont come back till interface is disable and then enabledthink I am hitting multiple bugs at once packet captures shows ping leaving but get no reply HE shows that they are sending reply but I am not seeing them I have a rule to let all icmp in
-
A while back, I was trying to set up an HE tunnel using 2.4 to troubleshoot a problem I was having accessing mail.yahoo.com on 2.3 (which was nothing to do with pfsense or HE). I encountered a problem which seemed to be related to this bug: https://redmine.pfsense.org/issues/6828. The bug status indicates it's not a problem, but I never went back and confirmed.
-
ok additional problem using 2 pppoe interfaces which works ok so far but appears to be an issue that is i set monitor address it applys correctly to pppoe1 but static routes seem to always get added to pppoe0
-
In case your dual/tripple PPPoE comes from the same ISP and uses the same gateway for each WAN, that's broken, unsupported by FreeBSD and generally a waste of time to debug.
-
@dok, isn't pppoe An exception to that limitation?
-
Not really, it works by accident but still buggy as described here (and in other ways). Definitely not supported configuration.
-
I know guess I was just hoping cause i can't get any change from isp actually can't get any change from either of the 2 isps available to me
I begged for MLPPP and then said equipment doesn't support it then told me what they are using for access concentrator to prove its unsupported but right in the manual it gives directions how to setup mlppp so its just a stupid policy -
In case your dual/tripple PPPoE comes from the same ISP and uses the same gateway for each WAN, that's broken, unsupported by FreeBSD and generally a waste of time to debug.
I agree with exception of when someone doesn't have better options guess I could take one of the modems out of bridge mode and run double NAT? or unless someone has an idea i didn't think of ?
I cant afford a dedicated fiber connection (even though there are 3 different fibers that cross the property no one that will or can sell out of them)
so from my experience less regulation will make my problem (internet) worse not better -
It's not ideal but you could always change the modem on one of the WANs to be a router so that the overlapping network is masked by NAT. Setup 1:1 NAT / "DMZ" on the modem to point everything to pfSense on that WAN and you should still be able to make a tunnel to HE.net work.
-
yeah but then snort would not get true wan address in that setup ? is there any other pitfalls I haven't thought of ? also guess I could just run ipv4 only and wait on isps to enable ipv6?
-
You'd still see the traffic coming in to snort, not sure it would really care about the destination.
If you're worried about snort and want it to have the public address directly, drop another little pfSense box or VM on that WAN to do just snort + pppoe + NAT.
-
could end up with my actual public ip blocked by snort as no way in that setup to whitelist automatically a changing ip
