IPv6 testing
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
-
LoL.. same here.. an old P3 800 Mhz Compaq desktop with 300 megs of ram :) Since this pfSense stuff works so super smooth I already threw Microsoft TMG2010 out as my home firewall. Since this old machine uses about 75 watts, I still have on my todo list to look for a low energy consuming machine/motherboard to put pfSense on. I recently bought an Asus AT5IONT-I Intel Atom motherboard to use as my living room mediacenter. It uses only about 45 watts, but it's way overkill for what pfSense needs in both capacity and costs. Perhaps an older Atom board will do. I'll scout for some forum topics regarding this matter.
/end of being off topic :p
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329 -
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
-
http://www.pcengines.ch/alix2d13.htm
70 mbit, 500mhz amd geode, 5W power requirement, 3 interfaces, 256MB ram
ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) €82.57 expected ~ 20110329Looks quite interesting. Do you think pfSense will work on it? Where will it be for sale?
/Update:
To answer my own questions for people who might be interested in this as well :)
A tutorial and more information on this system at: http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/
In Europe they're available through the webshop at the same website mentioned above. In the USA, check out http://nw-ds.com/shop/firewalls.html. Power usage is an average of only 5 watts! Maximum throughput is about 85 mbit/sec on NAT and bridging and 15 mbits/sec when using IPSec connections (varies depending on encryption used).
-
Not sure what you synced against but I can not replicate it. It appears to work fine for me. Atleast, I still have all the dropdown options.
I used the system_firmware_check.php page to update as I do most of the time:
A new version is now available
Current version: 2.0-RC1
Built On: Mon Feb 28 17:13:01 EST 2011
New version: Mon Mar 7 12:03:17 EST 2011Update source: http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/.updaters/
When I do that, my IPv6 data doesn't flow through it anymore.
/Update: I'm now trying to update using the 12 in menu -> playback gitsync option. I'll update my post as soon as I know more.
/Update on update: nope.. doesn't work either. I can already see it in the pfSense shell where the IPv6 addresses behind my interfaces are gone after the gitsync. I'll attach a photo showing the results.
-
@Koen: Sounds like you didn't gitsync. Drop down to the cmd line and select option 12… Then use git repository http://gitweb.pfsense.org/pfsense/pfSense-smos.git.
I was having issues over the weekend with the mainline so yesterday I installed RC1 with IPV6, everything is good...
@databeestje: i currently have the RC1 IPV6 build install... Usually I will do a firmware update every couple of days then gitsync after reboot... The last few days, the new firmware is messing things up on my box.., non-ipv6 related stuff: openntp, lcdproc(have to restart the service after reboot because it fills my log with timeouts), doesn't re-install packages after firmware udpates... Would it be safe to keep the RC1 IPV6 build on my box and just gitsync for updates?
-
Yes, that would be fine.
I am starting to see hanging top commands again which I've not seen in a while. This causes the RRD graphs to stall at some point. Anywhere between now and days, weeks.
-
@Koen: Sounds like you didn't gitsync. Drop down to the cmd line and select option 12… Then use git repository http://gitweb.pfsense.org/pfsense/pfSense-smos.git.
That's exactly what I just did. I did a clean install with the pfSense-2.0-RC1-ipv6-i386-20110228-1715.iso.gz image at http://iserv.nl/files/pfsense/ipv6/rc1/, , restored my backup config, went into the menu, used 12, typed playback gitsync, entered the smos git url, choose master branch and let it run. The results are as shown on the photo in my previous post.
-
Maybe im overlooking something, but is it possible for me to just update my current RC1 to the RC1 ipv6 build ?
-> current 2.0-RC1 (i386) - built on Mon Feb 14 02:12:45 EST 2011 (old i know).
-> update with pfSense-Full-Update-2.0-RC1-ipv6-i386-20110228-1715.tgzPS, will it keep my settings or will it probably bork everything up and require a restore of the config ?
-
Not sure if there is a way to update it, but if you simply do a backup via Diagnostics -> Backup/Restore -> Download configuration, burn the RC1 IPv6 image to CD and do a clean install of pfSense RC1 IPv6 from the CD by booting from it and restore your config with the backup once the installation is complete, you'll be done in a matter of 15 minutes of time.
-
Thnx, that sounds like the smartest way to do it :) was just hoping i could do it from the office now hehe, i will do it the "proper" way then :D
-
That's exactly what I just did. I did a clean install with the pfSense-2.0-RC1-ipv6-i386-20110228-1715.iso.gz image at http://iserv.nl/files/pfsense/ipv6/rc1/, , restored my backup config, went into the menu, used 12, typed playback gitsync, entered the smos git url, choose master branch and let it run. The results are as shown on the photo in my previous post.
I've gitsynced again yesterday and now it does update and keep IPv6 working. The DHCPv6 service doesn't work yet here though.
-
I've just updated filter.inc for another dhcp server filter rule. Maybe that fixes access to the dhcp server so clients can get a lease.
The WebUI is now works correctly on alternate ports when access on it's v6 address. I've started a dhcpv6 leases page. But I only have empty files, so that's a dud.
There are newer images uploaded to my site at http://iserv.nl/files/pfsense/ipv6/rc1/ which should help people on nanobsd. These should also help people installing. Not sure what was up with the gitsync, I could not replicate it.
-
I saw the updates via the Rss feed of the gitsync page and gitsynced directly. Still nothing with the DHCPv6 service here. Check the attached screenshot. The service starts okay and even seems to bind to the correct interfaces okay, but it doesn't give out IPv6 addresses to my clients. IPv4 works well as you can see on the screenshot. IPv6 requests will wait for minutes and timeout eventually without getting any response. If anyone has an idea what I might try to resolve the problem, I'm open to suggestions.
Another thing that still needs to be fixed is the DNS servers entered on the services_dhcpv6.php page. You can enter them, but when you return to the page, both fields are always empty again.
-
I noticed there were some changes made and a merge with the mainline this morning. I went ahead and gitsync and received this error when trying to access the firewall log tab. For now, i'm going to comment out the changes you made and see if that clears it up for me
Parse error: syntax error, unexpected '}' in /usr/local/www/diag_logs_filter.php on line 155Edit:
I change the code to this and that seem to work for me:
154 $ipproto = "inet6"; 155 else { 156 $ipproto = "inet"; 157 } -
was getting the same error on firewall page in logs, your change fixed it for me as well - thanks.
-
I found a small bug. When trying to add an easy rule from the firewall log regarding a denied IMCPv6 request, the rule gets added, but it creates an error since IMCPv6 is not known as a protocol whereas it should be IPv6 with protocol IMCP.
Error:
php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:193: unknown protocol icmpv6 pfctl: Syntax error in config file: pf rules not loaded'
php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:193: unknown protocol icmpv6 pfctl: Syntax error in config file: pf rules not loaded The line in question reads [193]: pass in quick on $WANIPV6 inet6 proto icmpv6 from 2001:470:xxx:xxx::1 to 2001:470:xxx:xxx::2 keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
php: : There were error(s) loading the rules: /tmp/rules.debug:193: unknown protocol icmpv6 pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [193]: pass in quick on $WANIPV6 inet6 proto icmpv6 from 2001:470:xxx:xxx::1 to 2001:470:xxx:xxx::2 keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View" -
that should have read something like this.
pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state
where type is echoreq.
-
From the DHCP sys logs:
Mar 15 16:46:27 dhcpd: Unable to pick client address: no addresses available Mar 15 16:46:27 dhcpd: Solicit message from fe80::d136:xxxx:xxxx:b3b7 port 546, transaction ID 0x6F3DF900 Mar 15 16:46:22 dhcpd: Sending Advertise to fe80::xxxx:xxxx:xxxx:50fd port 546 Mar 15 16:46:22 dhcpd: Unable to pick client address: no addresses available Mar 15 16:46:22 dhcpd: Solicit message from fe80::xxxx:xxxx:xxxx:50fd port 546, transaction ID 0xF8444500 Mar 15 16:46:18 dhcpd: Sending Advertise to fe80::xxxx:xxxx:xxxx:50fd port 546 Mar 15 16:46:16 dhcpd: Unable to pick client address: no addresses available Mar 15 16:46:16 dhcpd: Solicit message from fe80::xxxx:xxxx:xxxx:50fd port 546, transaction ID 0xF8444500 Mar 15 16:46:15 dhcpd: Sending Advertise to fe80::xxxx:xxxx:xxxx:50fd port 546 Mar 15 16:46:15 dhcpd: DHCPACK on 10.xx.xx.80 to 5c:xx:xx:xx:xx:fd via em1 Mar 15 16:46:15 dhcpd: DHCPREQUEST for 10.xx.xx.80 from 5c:xx:xx:xx:xx:fd via em1Still seeing link local addresses in the logs.
I haven't yet identified these devices on my network, but I do know that the 5 machines that are within arms reach are all grabbing IPv6 addys. (lord knows there are enough available)
Is this still just a by product of the in progress dhcp6 status page?
Not really sure what to do about these right now… just disregard? -
Hi,
I found a small error on this page: services_dhcpv6.php?if=lan
If I fill the DNS servers entry on this page, the setting is saved correctly.
But when I want the edit again, the setting does nog show up and is blank again. The input-field is not correctly filled with the setting.
