Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Welcome to the IPv6 board

    Scheduled Pinned Locked Moved
    IPv6
    1
    5
    25.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      databeestje
      last edited by

      Welcome to the IPv6 board. You can find instructions here for both old (1.2.3) and the development of the IPv6 support in the 2.1 version of pfSense which is not released yet.

      You can find some information to get ipv6 working on 1.2.3 installs here http://remcobressers.nl/2009/08/configuring-native-ipv6-pfsense/ another link is this one http://tuts4tech.net/2010/07/18/ipv6-tunnel-on-pfsense/

      We already have a feature request in redmine for IPv6 support that is scheduled for 2.1
      http://redmine.pfsense.org/issues/show/177

      There is a quick, almost complete, howto to get the current IPv6 development branch onto a existing 2.0 full install on the doc wiki here: http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 - this was adapted from the previous howto here: http://iserv.nl/files/pfsense/ipv6/

      2.1-DEVELOPMENT Releases are also available: http://files.pfsense.org/jimp/ipv6/

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by

        TODO List for IPv6 support on the pfSense-smos GIT repo. Updated April 25th 2011.

        What currently works:

        • Static IPv6 addressing on the Interfaces.
        • DHCP6 addressing on interfaces
        • DHCP6 Prefix Delegation for the LAN or OPT interfaces.
        • IPv6 Firewall rules for inbound and outbound traffic.
        • Accessing the pfSense machine via the WebUI or SSH on it's IPv6 address.
        • Router Advertising for stateless configuration for LAN or OPT clients.
        • Carp with IPv6 addresses and config syncing to a IPv6 peer. (kernel hangs snapshots older then jan 18th)
        • Static Routes and gateways with IPv6 addresses.
        • Network Prefix translation so that people can use a ULA on the LAN and translate to a Global Unicast network prefix.
        • RRD graphs show IPv6 traffic
        • You can configure IPv6 DNS servers for pfSense.
        • IPv6 bogon network blocks and IPv6 reserved ranges blocks (needs documentation range as well?)
        • DNS forwarder listens on udp6 socket, should work and resolve? Yes it does.
        • IPsec should now work for v6 tunnel over v4 and vice versa, needs testing.
        • OpenVPN now has the ability to send a IPv6 network over the link, clients need to be updated to support this. Viscosity does not work, client needs manual updating built from the patched OpenVPN tree.
        • Prelimenary DHCP-PD support for the WAN and LAN. (11-05-2011)

        What does not work:

        • Does not automatically configure the IPv6 DNS servers and domain from the DHCP6 client.
        • You can not use IPv6 gateways or groups in firewall rules, it results in filter rule errors if not careful about setting the correct protocol
        • The initial console setup does not accept IPv6 addresses. It does show configured IPv6 addresses.
        • The firewall logs do not correctly show the IPv6 protocols and ports for blocked or allowed traffic. (Partially fixed, 26-02-2011)
        • None of the supported VPN options except IPsec and OpenVPN in pfSense are fixed to accept IPv6 addresses.

        What isn't tested:

        • A lot really
        • WebUI anti lockout rules need testing and/or adjusting
        • Check if address spoofing also works for inet6 (firewall rules)

        TODO:

        • Fix PPtP for IPv6 addresses.
        • Fix DynDNS for IPv6
        • Fix SNMP for IPv6
        • The pfSense PHP module needs support for setting and retrieving ipv6 attributes.
        • The rest
        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by

          For some introduction to the IPv6 world there are a few great videos from Defcon 18 that explain it in good understandable language.

          Part 1. DEFCON 18: IPv6: No Longer Optional 1/4
          http://www.youtube.com/watch?v=2clTKh2vFAE
          Part 2. DEFCON 18: IPv6: No Longer Optional 2/4
          http://www.youtube.com/watch?v=S3i4RRubCvI
          Part 3. DEFCON 18: IPv6: No Longer Optional 3/4
          http://www.youtube.com/watch?v=0L_9aehQQig
          Part 4. DEFCON 18: IPv6: No Longer Optional 4/4
          http://www.youtube.com/watch?v=shmt9U4-rTI

          And a talk about implementing IPv6
          Part 1. DEFCON 18: Implementing IPv6 at ARIN 1/4
          http://www.youtube.com/watch?v=N2xXQDLEy40
          Part 2. DEFCON 18: Implementing IPv6 at ARIN 2/4
          http://www.youtube.com/watch?v=ilbS9LtC3TI
          Part 3. DEFCON 18: Implementing IPv6 at ARIN 3/4
          http://www.youtube.com/watch?v=aDtZELN1CNo
          Part 4. DEFCON 18: Implementing IPv6 at ARIN 4/4
          http://www.youtube.com/watch?v=WJ1UaLQYHkE

          1 Reply Last reply Reply Quote 0
          • D
            databeestje
            last edited by

            Often requested is privacy addressing, note that this is only applicable to the hosts behind pfSense and not the pfSense router itself. pfSense will most likely get the addresses from your ISP so that would not make sense anyhow.

            Here is a link to how to enable it for LAN hosts on Windows and Mac OS X. Do note that if DHCPv6 is deployed that your computer might end up with the same address anyway.

            http://isc.incidents.org/diary/Enabling+Privacy+Enhanced+Addresses+for+IPv6/10966

            1 Reply Last reply Reply Quote 0
            • D
              databeestje
              last edited by

              Although Hurricane Electric have free resolvers available for IPv6, these are often slow and returning results in seconds instead of milliseconds.

              Google now has IPv6 DNS servers available too.
              2001:4860:4860::8844 and 2001:4860:4860::8888
              http://code.google.com/intl/nl/speed/public-dns/docs/using.html

              OpenDNS does have resolvers available too:
              2620:0:ccc::2
              2620:0:ccd::2

              But these are as of january 4th 2012 not running the full service including malware filtering.
              http://www.opendns.com/ipv6/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post