• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 testing

Scheduled Pinned Locked Moved
IPv6
48
357
271.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Daboom
    last edited by Feb 7, 2011, 9:20 PM

    Nice this is great progress. Nice to see the gateway thing fixed. Now one question I see in monowall they have ipv6 enabled up the cahoot!  My current ISP has Native IPV6 using a dual stack setup and pppoe thus… needing a simple couple commands added to the mpd5 default config. which I have enabled on another test box and it still seems to be missing something I am thinking it's missing the default ipv6 route perhaps?

    Anyways not sure if your able to add this to a future release of your sync but maybe telling mpd5 to listen for ipcp6 requests and set the default route for it. I've gotten the one command line but not sure about the other.

    1 Reply Last reply Reply Quote 0
    • S
      sullrich
      last edited by Feb 7, 2011, 10:06 PM

      Yep, I am up and running on IPV6 now.  It's almost scary.  And lonely.  Need more v6 sites to surf to!

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by Feb 7, 2011, 10:17 PM

        @Daboom:

        Anyways not sure if your able to add this to a future release of your sync but maybe telling mpd5 to listen for ipcp6 requests and set the default route for it. I've gotten the one command line but not sure about the other.

        what is the command you are referring to?

        1 Reply Last reply Reply Quote 0
        • D
          Daboom
          last edited by Feb 7, 2011, 10:31 PM

          @sullrich:

          Yep, I am up and running on IPV6 now.  It's almost scary.  And lonely.  Need more v6 sites to surf to!

          v6.facebook.com
          is one popular one :)

          1 Reply Last reply Reply Quote 0
          • D
            Daboom
            last edited by Feb 7, 2011, 10:33 PM

            @databeestje:

            @Daboom:

            Anyways not sure if your able to add this to a future release of your sync but maybe telling mpd5 to listen for ipcp6 requests and set the default route for it. I've gotten the one command line but not sure about the other.

            what is the command you are referring to?

            set bundle enable ipv6cp

            Ref link to this http://www.dslreports.com/forum/remark,23876931

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by Feb 8, 2011, 1:55 AM

              @databeestje:

              So in just a few hours time he both coded the support for IPv6 in the tinydns package and installed and enabled his own domain/webserver with a IPv6 address and published it. From zero to go in 4 hours.

              Was the tinydns package updated with this code will that be down the road?

              1 Reply Last reply Reply Quote 0
              • D
                Daboom
                last edited by Feb 8, 2011, 4:28 AM

                @Daboom:

                @databeestje:

                @Daboom:

                Anyways not sure if your able to add this to a future release of your sync but maybe telling mpd5 to listen for ipcp6 requests and set the default route for it. I've gotten the one command line but not sure about the other.

                what is the command you are referring to?

                set bundle enable ipv6cp

                Ref link to this http://www.dslreports.com/forum/remark,23876931

                Btw with a little more digging and research I was able to determine it was the actual ipv6 default route that was not correct. so setting the enable ipv6cp in the mpd5 config and setting the default ipv6 route to use the pppoe interface route -n add -inet6 default -interface pppoe0.. I will point out atm the gateway stuff on the gui don't show online etc atm.

                1 Reply Last reply Reply Quote 0
                • M
                  MrKoen
                  last edited by Feb 8, 2011, 10:08 AM

                  After hours of experiments I finally got my IPv6 tunnel via HE.net to work :D The problem was indeed due to my physical setup. Once I removed the DLink DIR655 router as my gateway to the internet, all worked fine. Both for my Hyper-V virtualized pfSense 2.0 beta 5 image as for a dedicated machine installation I experimented with as long as they're directly connected to the internet modem.

                  Only problem with the Hyper-V virtualized instance was that the Legacy Network Adapters required for pfSense are limited to 100 mbit and in reality are not able to allow more than about 40 mbit/sec to flow through. Having an 120 mbit connection to the internet I decided to go with the dedicated machine for now.

                  The connection from my home pcs either to IPv4 sites or IPv6 sites is amazingly fast. I noticed that the biggest slowdown in surfing the web was due to the Ziggo DNS servers at 212.54.35.25 and 212.54.40.25 being very slow. They need an average of 2 to 3 seconds to reply to a DNS lookup. I'm now using the Google open DNS servers at 8.8.8.8 and 8.8.4.4 and they're incredibly fast. At speedtest.net I score 122 mbits/sec download and 9 mbits/sec upload speeds. Surfing the web now is really a joy.

                  I'm still stuck with these issues though:

                  1. pfSense does not seem to add the line "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128". When I check "ifconfig gif0" after a reboot, this line is missing. When adding it manually via the console, its added and the connection to Hurricane Electric is created.

                  2. With the latest gitsync I can now indeed specify a default gateway for both IPv6 and IPv4, but they do not seem to be applied. I still need to do a  "route -n add -inet6 default 2001:470:1f14:xxx::1" via the console to get it to route IPv6 traffic.

                  3. When trying to use the DHCPv6 service on pfSense 2b5, I'm seeing the following error in the system logs:

                  php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf nge0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 20: semicolon expected. option netbios-name-servers 2001: ^ Configuration file errors encountered – exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help

                  When checking /etc/dhcpdv6.conf I found that this file does not exist.

                  Anyone got an idea what can be the issue with any of these problems?

                  1 Reply Last reply Reply Quote 0
                  • M
                    MrKoen
                    last edited by Feb 8, 2011, 10:11 AM

                    @Daboom:

                    v6.facebook.com
                    is one popular one :)

                    It should be: www.v6.facebook.com. Without the www it is not listed in the DNS records.

                    1 Reply Last reply Reply Quote 0
                    • D
                      databeestje
                      last edited by Feb 8, 2011, 10:58 AM Feb 8, 2011, 10:49 AM

                      @Koen:

                      1. pfSense does not seem to add the line "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128". When I check "ifconfig gif0" after a reboot, this line is missing. When adding it manually via the console, its added and the connection to Hurricane Electric is created.

                      2. With the latest gitsync I can now indeed specify a default gateway for both IPv6 and IPv4, but they do not seem to be applied. I still need to do a  "route -n add -inet6 default 2001:470:1f14:xxx::1" via the console to get it to route IPv6 traffic.

                      3. When trying to use the DHCPv6 service on pfSense 2b5, I'm seeing the following error in the system logs:

                      When checking /etc/dhcpdv6.conf I found that this file does not exist.

                      1. Have you actually created the gif interface as listed in the howto? http://iserv.nl/files/pfsense/ipv6/

                      2. This should really be fixed since yesterday or so. The subnet check on the routing page now correctly allows for saving the gateway on the gif interface. The IPv6 WAN interface should have the (default) listed on the page.
                      see http://iserv.nl/files/pfsense/ipv6/gateways-overview.png

                      3. Looks like the netbios option is not supportedfor v6. I'll remove that.

                      1 Reply Last reply Reply Quote 0
                      • I
                        iFloris
                        last edited by Feb 8, 2011, 12:26 PM Feb 8, 2011, 12:17 PM

                        So far everything has been working smoothly for me.
                        After enabling ipv6 in remote locations I've been able to connect directly through the public address and even use the public dns name to resolve the ipv6 address.
                        Something that I haven't been able to find out though, is how can I see which machines use which address?
                        Is there something like a dhcp lease list or an arp-like list (though I know arp has been superseded by NDP).

                        The reason for my wanting to know this, is that I want to make an alias containing all my ipv6 clients, so that I can add all of them in both ipv6wan-in and ipv6lan-out rules.

                        For instance: Currently, I can't seem to be able to connect to a local ftp through it's public address if I don't open the firewall port on the wanipv6 side as well.

                        A possible solution would be:
                        1. Collecting all my clients in a alias
                        2. making a rule in the gist of 'Allow all in alias ipv6clients to connect to all in alias ipv6 clients using any protocol on ipv6'
                        3. adding that rule in both wanipv6 and lan interfaces
                        So that:
                        4. All my 'trusted' are able clients to talk to another as if they were on the same local (unfiltered) network.

                        However, short of opening network preferences, network control panel or running netstat on every machine that I have control over, finding out which ipv6 addresses are being used seems to be (as of yet) impossible.

                        Is there a way of finding out which machines are using which address and would the rule and alias combination that I propose above work as I think it would?

                        On a side note, I found some interesting information on the subject of NDP and ipv6 discovery in general here.

                        one layer of information
                        removed

                        1 Reply Last reply Reply Quote 0
                        • M
                          MrKoen
                          last edited by Feb 8, 2011, 1:07 PM

                          @databeestje:

                          1. Have you actually created the gif interface as listed in the howto? http://iserv.nl/files/pfsense/ipv6/

                          Yes I did. However, since that howto still shows some errors it's confusing to use. When I go to Interfaces -> (assign) -> GIF and edit the GIF to HE now, all seems to be fine. When I hit save and check "ifconfig gif0" on the console, I see it removed my "inet6 2001:470:1f14:xxx::2 –> 2001:470:1f14:xxx::1 prefixlen 128" line. Also my default ipv6 route is gone. What I do notice is that it has added "inet6 2001:470:1f14:xxx::2 prefixlen 128" as also stated in the howto. But no connection to HE and no IPv6 connectivity. Now when I run my custom script again which runs "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128", the connection to HE is up again. When I run "route -n add -inet6 default 2001:470:1f14:xxx::1" after that, my full IPv6 connectivity is alive again from both my pfSense machine as all my client machines behind it.

                          @databeestje:

                          2. This should really be fixed since yesterday or so. The subnet check on the routing page now correctly allows for saving the gateway on the gif interface. The IPv6 WAN interface should have the (default) listed on the page.
                          see http://iserv.nl/files/pfsense/ipv6/gateways-overview.png

                          It does indeed now display both default gateways. Check my attached image. It does add the default IPv4 gateway, but does not add the IPv6 default gateway. I'm thinking this is because of the problem expressed above at #1. I also can not add a default IPv6 gateway from the console before the "ifconfig gif0 inet6 2001:470:1f14:xxx::2 2001:470:1f14:xxx::1 prefixlen 128" line is executed and the connection to HE is set up, so I'm guessing at the background the same problem exists. The tunnel is not set up, so adding the default IPv6 gateway fails.

                          @databeestje:

                          3. Looks like the netbios option is not supportedfor v6. I'll remove that.

                          Thanks! I'll monitor your repository to see when the update is available  :)

                          gateways.png
                          gateways.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • M
                            MrKoen
                            last edited by Feb 8, 2011, 1:11 PM

                            Another question by the way, I noticed that I can not reach the pfSense web UI via the IPv6 address set on the LAN facing NIC, only via its IPv4 address. Is there an easy way to have the webserver also bind to the IPv6 address to listen on or does that involve more than hacking some config file?

                            1 Reply Last reply Reply Quote 0
                            • D
                              databeestje
                              last edited by Feb 8, 2011, 1:12 PM

                              @iFloris The ndp binary will be included in snapshots shortly, it lists neighbours.

                              It does not have a page yet, I need to make one first.

                              1 Reply Last reply Reply Quote 0
                              • I
                                iFloris
                                last edited by Feb 8, 2011, 1:21 PM Feb 8, 2011, 1:19 PM

                                @databeestje:

                                @iFloris The ndp binary will be included in snapshots shortly, it lists neighbours.
                                It does not have a page yet, I need to make one first.

                                Great!
                                Any list is better than none and your hard work is very much appreciated.
                                Until a page is made we'll make do with the binary (when I figure out how to use it, that is).

                                I remember someone saying something about implementing ipv6 being far too much work for one person..

                                one layer of information
                                removed

                                1 Reply Last reply Reply Quote 0
                                • S
                                  sullrich
                                  last edited by Feb 8, 2011, 4:02 PM

                                  @iFloris:

                                  I remember someone saying something about implementing ipv6 being far too much work for one person..

                                  In this case one person is doing the job of 2-3 people.   Seth has been working a lot on this project.

                                  Oh and send him beer.  He likes beer.

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    MrKoen
                                    last edited by Feb 8, 2011, 4:19 PM

                                    And more progress made.. issues 1 and 2 are resolved now. I had to go through all the steps again and even though all was correctly configured already, saving the settings again would create the appropriate config files to make it work without any custom scripts! Thanks bunches databeestje!  ;D

                                    I just synced with your recent update and I can also confirm the DHCPv6 to be working now! Making IPv6 reservations for DHCPv6 does not work yet, but I'm sure you're aware of that and have it somewhere on your huge todo list.

                                    Great work! Keep up the good job.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      databeestje
                                      last edited by Feb 8, 2011, 10:29 PM

                                      Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.

                                      I'll add it to the list.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        MrKoen
                                        last edited by Feb 9, 2011, 8:08 AM

                                        @databeestje:

                                        Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.

                                        I'll add it to the list.

                                        If you need to test updates on the DHCPv6 reserved leases, let me know and I'll be happy to do that for you on my installation here.

                                        I still prefer to know what IPv6 addresses are assigned to my servers instead of having them assigned a random IPv6 and make them accessible via registering the lease in the DHCP. So I'll be using the Windows DHCPv6 service in the meantime. A difference between the Windows DHCPv6 service and the pfSense DHCPv6 service I noticed is that in Windows I need to register a static lease based on the DHCPv6 IAID and Client DUID and with pfSense it's based on the MAC address like with DHCPv4. What's the difference and why is there a difference?

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          Cino
                                          last edited by Feb 9, 2011, 5:23 PM

                                          Quick question, under System: Advanced: Networking: IPv6 Options, do we need to have 'Allow IPv6' checked? I noticed when its check, I see local-link IPv6 addresses are being blocked by my LAN rule(Allow LAN Subnet only). When its unchecked, I dont see them being blocked.

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            databeestje
                                            last edited by Feb 9, 2011, 5:53 PM

                                            I just committed a filter rule fix for a typo.

                                            That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged

                                            1 Reply Last reply Reply Quote 0
                                            • G
                                              GrandmasterB
                                              last edited by Feb 10, 2011, 2:23 PM

                                              Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
                                              I'm trying to add a ipv4 static route and it is not working, it stays blank.

                                              Maybe for the buglist?

                                              thnx.

                                              1 Reply Last reply Reply Quote 0
                                              • W
                                                wiz561
                                                last edited by Feb 10, 2011, 2:29 PM

                                                @databeestje:

                                                Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is … awkward.

                                                OSX does have a dhcp v6 client, right?  When I go into the advanced options in the interface settings, there's a spot for ipv6.  Or, is it something else you were talking about?

                                                1 Reply Last reply Reply Quote 0
                                                • D
                                                  databeestje
                                                  last edited by Feb 10, 2011, 3:06 PM

                                                  @GrandmasterB:

                                                  Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
                                                  I'm trying to add a ipv4 static route and it is not working, it stays blank.

                                                  Maybe for the buglist?

                                                  thnx.

                                                  Found and fixed

                                                  1 Reply Last reply Reply Quote 0
                                                  • G
                                                    GrandmasterB
                                                    last edited by Feb 10, 2011, 3:29 PM

                                                    @databeestje:

                                                    @GrandmasterB:

                                                    Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
                                                    I'm trying to add a ipv4 static route and it is not working, it stays blank.

                                                    Maybe for the buglist?

                                                    thnx.

                                                    Found and fixed

                                                    confirmed fixed! Thanks!

                                                    1 Reply Last reply Reply Quote 0
                                                    • C
                                                      Cino
                                                      last edited by Feb 10, 2011, 7:41 PM

                                                      Is it normal to see link-local addresses in the dhcp log? I don't think i noticed it before but I just had a major issue after a git sync an hour ago. The DHCPd service hang while it was trying to read the /var/dhcpd/var/db/dhcpd6.leases file. I deleted the file and that seem to fix the issue.

                                                      If i change my LAN firewall rule to LAN subnet only from any any, I don't see the dhcp messages anymore but now they end up in the firewall log.

                                                      Thinking of blocking fe80:: on the LAN so I dont see it in the firewall log but I dont want to break autoconfig of ipv6(not sure if it would or not)

                                                      dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:14:16 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:14:16 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:44 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:44 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:44 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:36 	dhcpd: DHCPACK to 192.168.0.104 (00:1e:c9:2f:a0:fe) via em0
                                                      Feb 10 14:13:36 	dhcpd: DHCPINFORM from 192.168.0.104 via em0
                                                      Feb 10 14:13:28 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:28 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:28 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:20 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:20 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:20 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:16 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:16 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:16 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:14 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:14 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:14 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:13 	dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
                                                      Feb 10 14:13:13 	dhcpd: Unable to pick client address: no addresses available
                                                      Feb 10 14:13:13 	dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
                                                      Feb 10 14:13:13 	dhcpd: DHCPACK on 192.168.0.104 to 00:1e:c9:2f:a0:fe (dellbox-win7) via em0
                                                      Feb 10 14:13:13 	dhcpd: DHCPREQUEST for 192.168.0.104 from 00:1e:c9:2f:a0:fe (dellbox-win7) via em0
                                                      Feb 10 14:11:37 	dhcpd: Sending on Socket/14/em0/2001:470:XXXX:XXXX::/64
                                                      Feb 10 14:11:37 	dhcpd: Listening on Socket/14/em0/2001:470:XXXX:XXXX::/64
                                                      
                                                      1 Reply Last reply Reply Quote 0
                                                      • D
                                                        databeestje
                                                        last edited by Feb 10, 2011, 9:27 PM

                                                        without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.

                                                        Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.

                                                        1 Reply Last reply Reply Quote 0
                                                        • C
                                                          Cino
                                                          last edited by Feb 11, 2011, 2:56 AM Feb 10, 2011, 10:06 PM

                                                          @databeestje:

                                                          without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.

                                                          Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.

                                                          Thank you for building this into pfsense!!! As you build it, we will test it :-)

                                                          1 Reply Last reply Reply Quote 0
                                                          • D
                                                            Daboom
                                                            last edited by Feb 10, 2011, 10:43 PM

                                                            @databeestje:

                                                            I just committed a filter rule fix for a typo.

                                                            That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged

                                                            Well this is great I did a fresh install onto my test system synced with the IPV6 git right away and setup my ISP's Native service only took bout 2 hours lol. I did have to change/add a line in interface.inc file as well need to find a place to have it auto run a route command when the connection comes up.

                                                            1 Reply Last reply Reply Quote 0
                                                            • A
                                                              AkumaKuruma
                                                              last edited by Feb 10, 2011, 11:02 PM

                                                              Catching back up since you fixed the issues with IPv6 patches working on BETA5…..

                                                              I have set the interfaces back up but i get the lovely oddball of the WANIPv6 address showing up in the config screen for the interface but not actually being applied to said interface. If i ping the address from the console on the pfSense box itself i get "ping6: UDP connect: no route to host" and as such cannot get any IPv6 traffic to egress thru the firewall. Internally I am getting DHCPv6 leases and can connect to the LANs IPv6 address just fine.

                                                              1 Reply Last reply Reply Quote 0
                                                              • M
                                                                MrKoen
                                                                last edited by Feb 10, 2011, 11:19 PM

                                                                @AkumaKuruma:

                                                                Catching back up since you fixed the issues with IPv6 patches working on BETA5…..

                                                                I have set the interfaces back up but i get the lovely oddball of the WANIPv6 address showing up in the config screen for the interface but not actually being applied to said interface. If i ping the address from the console on the pfSense box itself i get "ping6: UDP connect: no route to host" and as such cannot get any IPv6 traffic to egress thru the firewall. Internally I am getting DHCPv6 leases and can connect to the LANs IPv6 address just fine.

                                                                Not totally sure where it goes wrong here, but usually in my setup if the default route is gone, I go to System –> Routing --> Edit your IPv6 gateway --> Don't change anything --> Click Save --> Click apply changes and try again. This usually puts the default route back in. Can't really define yet where and why it gets lost.

                                                                I'm now using a /48 IPv6 block from Hurricane Electric so I can have pfSense 2.0b5 assign a different IPv6 /64 block to my wifi connected NIC and a different /64 block to my normal LAN. Both my wifi connected devices and my lan connected devices are able to communicate using IPv6 to the internet and towards each other now. Works like a shiny christal ball. Absolutely amazing stuff.

                                                                By the way, the captive portal stuff does not work yet in 2.0b5. I'm getting this error when enabling it:

                                                                php: /status_services.php: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf' returned exit code '255', the output was '2011-02-11 00:08:44: (configfile.c.912) source: /var/etc/lighty-CaptivePortal.conf line: 186 pos: 1 parser failed somehow near here: (EOL)'

                                                                Not sure if it's related to this gitsync and/or IPv6 and if I can and should report it somewhere. Does anybody know?

                                                                1 Reply Last reply Reply Quote 0
                                                                • A
                                                                  AkumaKuruma
                                                                  last edited by Feb 10, 2011, 11:41 PM Feb 10, 2011, 11:25 PM

                                                                  its not the route that's missing, I cant hit the IPv6 address of the interface at all even from the firewall.

                                                                  EDIT: never mind. had wrong subnet in place. I can ping out as far as the gateway for that interface from inside, cant go farther than that though for some reason. still digging thru configs

                                                                  EDIT2: that problem was related to resaving the default gateway on the interface. 5x5 on connectivity now on IPv6

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • D
                                                                    databeestje
                                                                    last edited by Feb 11, 2011, 6:21 AM

                                                                    @Koen:

                                                                    By the way, the captive portal stuff does not work yet in 2.0b5. I'm getting this error when enabling it:

                                                                    php: /status_services.php: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf' returned exit code '255', the output was '2011-02-11 00:08:44: (configfile.c.912) source: /var/etc/lighty-CaptivePortal.conf line: 186 pos: 1 parser failed somehow near here: (EOL)'

                                                                    Not sure if it's related to this gitsync and/or IPv6 and if I can and should report it somewhere. Does anybody know?

                                                                    I have not touched captive portal at all, so that likely won't work. I'll see if I can somehow duplicate the static route issue. I'll try and setup a new vm and see where that goes.

                                                                    @Daboom: what needed changing in interface.inc? The routing issue is known. Oh crap, I just rememberd something about the route. I'll go investigate that likely cause.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • D
                                                                      Daboom
                                                                      last edited by Feb 11, 2011, 6:53 AM

                                                                      I needed to add the line "set bundle enable ipv6cp" somewhere in the mpd5 config in order to allow it to accept ipv6cp config from my ISP. Now I have no idea where to stick it so I put it under something else that is commonly used. I wonder if you could get away with just putting that line in there anyways and it shouldn't bother anything else during the pppoe setup so it's always enabled kinda thing. If not you would have to make a special option for it in the pppoe section as a optional option. Also the route issue I am not sure if there is one specific for ipv6 in the config for mpd5.

                                                                      @databeestje:

                                                                      @Koen:

                                                                      By the way, the captive portal stuff does not work yet in 2.0b5. I'm getting this error when enabling it:

                                                                      php: /status_services.php: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf' returned exit code '255', the output was '2011-02-11 00:08:44: (configfile.c.912) source: /var/etc/lighty-CaptivePortal.conf line: 186 pos: 1 parser failed somehow near here: (EOL)'

                                                                      Not sure if it's related to this gitsync and/or IPv6 and if I can and should report it somewhere. Does anybody know?

                                                                      I have not touched captive portal at all, so that likely won't work. I'll see if I can somehow duplicate the static route issue. I'll try and setup a new vm and see where that goes.

                                                                      @Daboom: what needed changing in interface.inc? The routing issue is known. Oh crap, I just rememberd something about the route. I'll go investigate that likely cause.

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • D
                                                                        databeestje
                                                                        last edited by Feb 11, 2011, 8:11 AM

                                                                        I just added that line to the mpd5 config section so that is now in the tree, we'll know soon enough if it breaks anything else. Checking the default route issue next.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • M
                                                                          MrKoen
                                                                          last edited by Feb 11, 2011, 8:25 AM

                                                                          Another question for who might be able to answer it. My traffic logs are now flooded with local LAN IPv6 traffic. Check the attached screenshot. I wonder why. If I do a trace on any of these machines towards the other (which are both on the same physical network and within the same /64 block), it always reaches it directly and not via the pfSense gateway. How come this pfSense gateway does pick up the packet from the LAN anyway and list it as being blocked in the logs?

                                                                          IPv6TafficLog.png
                                                                          IPv6TafficLog.png_thumb

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • M
                                                                            MrKoen
                                                                            last edited by Feb 11, 2011, 8:29 AM

                                                                            @Databeestje, another one for the todo list I'm assuming anyway. The interface statistics do not count the IPv6 traffic. The traffic graph does display the traffic though. Check the screenshot.

                                                                            By the way, does it help you if I (we) report IPv6 issues with pfSense 2.0b5 to you via this forum or is your todo list big enough already and you don't want any more issues on the list?  :)

                                                                            InterfaceStats.png
                                                                            InterfaceStats.png_thumb

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • I
                                                                              iFloris
                                                                              last edited by Feb 11, 2011, 9:58 AM

                                                                              @Koen:

                                                                              Another question for who might be able to answer it. My traffic logs are now flooded with local LAN IPv6 traffic. Check the attached screenshot. I wonder why. If I do a trace on any of these machines towards the other (which are both on the same physical network and within the same /64 block), it always reaches it directly and not via the pfSense gateway. How come this pfSense gateway does pick up the packet from the LAN anyway and list it as being blocked in the logs?

                                                                              Koen, I think that the blocks that you are seeing, are states that have expired.
                                                                              The same can be seen in v4 after you have, for instance, logged into dropbox with your browser and then closed your browser window.
                                                                              As far as I know, it's harmless and expected behaviour, but correct me if I'm wrong!

                                                                              one layer of information
                                                                              removed

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • Y
                                                                                YaNightmare
                                                                                last edited by Feb 11, 2011, 12:57 PM Feb 11, 2011, 12:54 PM

                                                                                Sry for the partial uninteresting post, but i just registered and will test this IPv6 "support" out tonight (first time using pfSense, currently running dd-wrt on a 610N).

                                                                                My ISP suports IPv6 (Databeesje will know it, UNET) and i've filled a subnet request for a /56 (hopefully it arrives today).

                                                                                Anyway, i was wondering if IPv6 "support" works with 1:1 NAT ?

                                                                                Currently i have a PPPoE setup where my IPv4 subnet (/28) is routed over (with use of a helper IP outside of that subnet, so that ip terminates at the WAN port of pfSense) i want to route both IPv4 and IPv6 on OPT1 by something like 1:1 NAT (so pfSense is the only one that has firewall rules, getting sick of DMZ and having to adjust the rules by going into the servers themself and adjust the IP tables).

                                                                                Thnx alot, and GJ on the support / development on IPv6, i wish more router / firewall distributions were doing this, currently its still a not supported feature on a lot of distributions.

                                                                                PPS, i think i will be lurking a bit longer, first have to install / test pfSense, cant use it with IPv6 untill its integrated into my current setup, but still ^^,

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • M
                                                                                  MrKoen
                                                                                  last edited by Feb 11, 2011, 2:58 PM

                                                                                  @YaNightmare, I'm not sure if what you accomplish is possible with pfSense. Just want to mention that at my colocated server I'm using two pfSense Hyper-V virtualized instances: one configured as an IPv6 bridge so that this is the gatekeeper with the firewall rules in place to allow only specific IPv6 traffic through to the IPv6 hosts behind it, the other configured as an IPv4 IPSec Tunnel to allow my home network to be connected to my private network at the hosting party via an encrypted tunnel. Maybe this kind of touches your similar means as well.

                                                                                  @iFloris, I am experiencing some oddities in my network traffic. I can ping everything without any problems, packet loss or delays (both IPv4 and IPv6), but connecting to IPv6 hosts with i.e. remote desktop takes a long time. Even with hosts on the same physical network. When I enter the IPv4 address of the host it connects directly. I do notice that the IPv6 gateway being used is the fe80:: address of the pfSense box. It does not seem to advertise its normal IPv6 address. Does this work fine at your setup? I'm guessing I maybe need to put in some manual RTADVD commands to advertise the gateway, not sure if it's needed though.

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  140 out of 357
                                                                                  • First post
                                                                                    Last post
                                                                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

                                                                                  Looks like your connection to Netgate Forum was lost, please wait while we try to reconnect.