IPv6 testing
-
Code committed, the toggle does not appear to work entirely right.
-
It's wrong indeed. Difficult to write JavaSript without being able to test it directly :)
Change the JavaScript function to:
function enable_change() {
var disableFields = (document.iform.mode.value=='unmanaged' || !document.iform.enable.checked);
document.iform.range_from.disabled = disableFields;
document.iform.range_to.disabled = disableFields;
document.iform.dns1.disabled = disableFields;
document.iform.dns2.disabled =disableFields;
document.iform.deftime.disabled = disableFields;
document.iform.maxtime.disabled = disableFields;
document.iform.gateway.disabled = disableFields;
document.iform.failover_peerip.disabled = disableFields;
document.iform.domain.disabled = disableFields;
document.iform.domainsearchlist.disabled = disableFields;
document.iform.staticarp.disabled = disableFields;
document.iform.ddnsdomain.disabled = disableFields;
document.iform.ddnsupdate.disabled = disableFields;
document.iform.ntp1.disabled = disableFields;
document.iform.ntp2.disabled = disableFields;
document.iform.tftp.disabled = disableFields;
document.iform.ldap.disabled = disableFields;
document.iform.netboot.disabled = disableFields;
document.iform.nextserver.disabled = disableFields;
document.iform.filename.disabled = disableFields;
document.iform.rootpath.disabled = disableFields;
document.iform.denyunknown.disabled = disableFields;
}Change the dropdownlist HTML to:
<select id="mode" name="mode" onchange="enable_change();"> <option value="unmanaged">Unmanaged</option> <option value="managed">Managed</option> <option value="assist">Assisted</option></select>
And change the HTML of the checkbox to:
-
I see its working now :) Nice. Probably needless to say, but when using disabled on fields like this remember that the values from those fields are not sent in the HTTP Post header if the fields are disabled. Also remember that setting disabled on fields provides no guarantees that the fields will remain disabled and thus the values will not be submitted. One could easily override the JavaScript since its client side script and enable the field again. Therefore server side validation for the checkbox is also required.
My pfsense box without BandwidthD is still crashing and automatically rebooting every hour or so. Also no luck yet with getting DHCPv6 to hand out leases to my clients. Guess its time to build up another system and give pfSense a try on that one.
-
Looks like the latest update is causing a problem with reloading the pf rules:
Mar 26 02:28:31 php: : Start Configuration upgrade at 02:28:31, set execution timeout to 15 minutes
Mar 26 02:28:33 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:190: syntax error /tmp/rules.debug:191: syntax error pfctl: Syntax error in config file: pf rules not loaded'
Mar 26 02:28:33 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:190: syntax error /tmp/rules.debug:191: syntax error pfctl: Syntax error in config file: pf rules not loaded The line in question reads [190]: pass in quick on $AIR_GUEST inet6 proto { tcp udp } from any to any divert 56262 keep state ( ) label "USER_RULE"
Mar 26 02:28:33 php: : There were error(s) loading the rules: /tmp/rules.debug:190: syntax error /tmp/rules.debug:191: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [190]: pass in quick on $AIR_GUEST inet6 proto { tcp udp } from any to any divert 56262 keep state ( ) label "USER_RULE""AIR_GUEST" is the name of my guest WLAN interface.
-
Looks like it has a problem with the traffic shaper, specifically Layer 7. Whenever I enable a layer 7 container it complains about the syntax error.
I wonder if it's specific to the IPv6 branch?
-
i had the same issue but i dont think its related to the ipv6 code… re-save rules and layer7 container... see if that helps.. it did for me
-
I do have this small question before is start using the IPv6 build.
Does Snort and Squid (2/3) work correctly over IPv6?-m4rcu5
-
I do have this small question before is start using the IPv6 build.
Does Snort and Squid (2/3) work correctly over IPv6?-m4rcu5
You tell me :P
-
hehe, I will.
I am trying to set up the IPv6, but i seem to be out of luck.
It works all well until i set up the LAN interface. When i do that i get:
[2.0-RC1-IPv6][root@pfsense.home.error418.com]/root(16): ping6 ipv6.google.com
ping6: UDP connect: No route to host-m4rcu5
I do have this small question before is start using the IPv6 build.
Does Snort and Squid (2/3) work correctly over IPv6?-m4rcu5
You tell me :P
-
is there a ipv6 default route listed on diag_routes.php?
-
I could not see one for IPv6.
Shortly after it started to misbehave and at reboot it would not configure any interface at all.
I'm now doing a reinstall.I will start with adding the normal tunnel. Maybe we can find a error there already.
UPDATE: It already fails when i set up the tunnel + allow icmp on the WAN_IPv6 and reboot.
It will not start the lagg interface and vlans that should be on them. Only the GIF tunnel and the wan are working. (wan is on dedicated interface)-m4rcu5
is there a ipv6 default route listed on diag_routes.php?
-
I have no lagg setup to replicate this sort of behaviour. Sorry
-
Well it actually looks like it does not go trough all the steps of the rc process.
It does not bring the interfaces up (weirdly when entering "ifconfig" at the terminal or waiting 20 minutes something does come up. but not all).
Is there anything i can do to help figuring it out? I know i have a somewhat complexer setup but i don't expect it to be a reason for the boot process to fail :-)I have tryd manually running some of the rc.* files. This brought up the interfaces, but i don't know in which oder they should run so i missed some stuff.
-m4rcu5
-
Small update on my struggle with pfSense 2.0 RC1 IPv6. Removing BandwidthD didn't solve the trouble. It still rebooted frequently (approximately once every 30 minutes) and eventually just hang. I installed a pfSense image on my Hyper-V cluster to see if it would work with different NICs despite it being able to only allow about 20 mbit/sec through the legacy NIC emulator. This also introduced crashes, reboots and hangs, although less often. I've been running pfSense on it without any problems a half year ago or so. I also have a colocated Hyper-V server with two pfSense 2.0 RC1 images and they both work fine for months already (haven't firmware/gitsync updated them since a month though), so that's weird. In the meantime I have put out an order for a completely new SuperMicro low energy system to use as a dedicated pfSense server hoping that it would make the problems go away, but I start having my doubts. I find it strange that I'm the only one with these problems. I guess the only cause left is my config file which I keep dragging along to all these other pfSense installations. Guess I'll have to sit down and reconfigure a new installation from scratch to see if it finally will become stable.
-
@Koen: There are quite a number of reported crashes and panics currently, it has little to do with the IPv6 part. It has to do with the patched FreeBSD kernel we are using.
I am running succesfully with the pfSense 2.0-RC1 release, I then gitsynced my branch over it. I've tried the newer snapshots but they all hang, crash or panic sooner or later. That makes developing really hard so my advice is to stick with the binary 2.0-RC1 release from Feb 26th and then gitsync over that.
-
Thanks for the info databeestje. So I'm not the only one experiencing these problems and they do seem related with the newer releases. Interesting. Since you're explicitly mentioning the 2.0 RC1 release, does this mean you disrecommend using your RC1-IPv6 images?
I was already thinking of copying the pfSense images I'm using at my colocated server to my home server and restore my config over those since they are still stable.
Its a pity that even though its still in beta, this product has changed from being a very stable firewall to being less stable than my Windows Mobile 6.5 phone.
-
i think it really depends on your hardware and if you use i386 or amd64. I'm currently running a SM X7SPA-HF mb with another dual intel nic, for a total of 4 nics. They do use the em driver but i haven't had an kernel issue in over 3 months now. I did have some issues when the yankex drivers were being used. But since they went back to freebsd/intel drivers, no issues. I do use the i386 build as I free amd64 isn't there just yet… I gitsync anytime there is an update and i update build to the latest snapshot maybe 2 times a week now...
In your case, i would use either the RC1 images that were created a month ago then gitsync or use the ones databeestje created and gitsync.
-
Cino, thanks for your advice. The motherboard you mention is exactly the one I ordered yesterday for my new pfSense server :) Good to hear it works stable on that! Is your board the Atom D510 or Atom D525 processor type? Do you happen to know its power usage? I'm very curious about that.
I'm currently using a three legged firewall setup, one leg for the WAN connection, one for the LAN and the last one for the WLAN. I looked at equipping this board with a 3rd NIC using the PCI-Express 4x slot, but that would require a raiser card first and then an expensive 110 euro costing dual Intel NIC board. So I'm going to give it a try using VLANs on my LAN side NIC first and let my managed switch split the traffic towards my WLAN or LAN based on the VLAN tag. Do you recon that will work? Or do you have a cheaper solution for a 3rd NIC on this board?
My old pc had NGE network interfaces and my Hyper-V installation identifies the NICs as DE.
By the way, didn't know there was a 64 bit edition of pfSense too. What do you mean by "isn't there just yet"? It isn't as stable as i386 is supposed to be?
-
I have experienced such kernel problems in the past.
To encourage all the users, they are mostly fixed within weeks.
The only downside is that you are without updates for a few weeks.-m4rcu5
-
i'm using the D510.. My total system is 30 watts. This is powering: M300-LCD case(with LCD and 40mm case fan), 4gigs memory(i should use amd64), 2.5 laptop sata HD, daul intel nic, and a verizon 3g usb modem.
because of the case, I had to buy a 30+ special ribbon riser for the nic.. Wasn't happy but i wanted this case because of the LCD display. I dont see you having any issues using vlan tagging… the built-in nics support them.. The first NIC on my board is used for the impi also(HF board only), within the impi settings, you can put that on a different vlan or the same vlan your going to use the lan on. I haven't tried vlans on the built nic, only on the added dual nic.
the 64bit is probably as stable as the i386 but ive seen more post with kernal issues with the 64 then the i386...