IPv6 testing

Cino

i should had pasted my log but I think remembering seeing error about the group dhcpd wasn't define. How would I add that to via command line?

databeestje

I just committed a fix for the dhcp server group. It was supposed to be _dhcp, but I was using dhcpd instead.

That should now be fixed. Also, it appears that apinger and lighttpd binaries are now properly built with ipv6 support. Dnsmasq is built with ipv6 support too, I just don't know if it actually listens on a ipv6 socket.

derekivey

Hi all,

I'm having issues setting this up. I am able to ping IPv6 addresses from pfsense, but all of my machines on my LAN are unable to ping external IPv6 addresses.

Pfsense (2001:470:7:XXX:2 HE WAN IP / 2001:470:8:XXX:1 LAN IP):
[2.0-BETA5][root@pfsense.mydomain.net]/tmp(68): ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:7:XXX::2 –> 2001:4860:800f::63
16 bytes from 2001:4860:800f::63, icmp_seq=0 hlim=59 time=19.898 ms
16 bytes from 2001:4860:800f::63, icmp_seq=1 hlim=59 time=19.810 ms
16 bytes from 2001:4860:800f::63, icmp_seq=2 hlim=59 time=21.954 ms
16 bytes from 2001:4860:800f::63, icmp_seq=3 hlim=59 time=19.631 ms

LAN Computer (2001:470:8:XXX::9)
Pinging Google:
D:\Users\Derek>ping 2001:4860:800f::63

Pinging 2001:4860:800f::63 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Traceroute:
D:\Users\Derek>tracert ipv6.google.com

Tracing route to ipv6.l.google.com [2001:4860:800f::68]
over a maximum of 30 hops:

1     *        *        *     Request timed out.
 2     *        *        *     Request timed out.
 3     *        *        *     Request timed out.
 4  ^C

Pinging Default Gateway (Pfsense):
D:\Users\Derek>ping 2001:470:8:XXX::1

Pinging 2001:470:8:XXX::1 with 32 bytes of data:
Reply from 2001:470:8:XXX::1: time<1ms
Reply from 2001:470:8:XXX::1: time=2ms
Reply from 2001:470:8:XXX::1: time<1ms
Reply from 2001:470:8:XXX::1: time<1ms

Ping statistics for 2001:470:8:XXX::1:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 0ms, Maximum = 2ms, Average = 0ms

I see traffic being passed in the firewall when I ping Google and also when I try to ping my self from a website (http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php), so I'm not sure what's going on. Here is a screenshot of my log:

I have disabled the Windows firewall on my PC.

I also tried to run the IPv6 test:

Any ideas?

Thanks,
Derek

derekivey

I fixed my issue. For some season pfsense was not forwarding IPv6 traffic. I ran:

sysctl net.inet6.ip6.forwarding=1

Where do I need to go to set this so it keeps that setting if I reboot pfsense?

Thanks,
Derek

databeestje

you can set that sysctl in the system tunables.

I think you just didn't reboot after gitsyncing. It's in the rc.bootup script.

Cino

I've noticed a couple of other issues. After rebooting my box when the git is first installs, I can't access the internet. When i try to ping from the box to yahoo, it says there is no route. If i go to interfaces-WAN then click save-apply; I'm able to access the internet. I have to do this every time I reboot the box. When I install http://gitweb.pfsense.org/pfsense/mainline.git or just perform an update to the firmware, everything is back to normal.

When I try get the gateway under routing. The box wont let me input the ipv6 address that i got from he.net. It says the subnet is not within the range. If I leave the gateway blank and click save, it puts the ipv6 address that i try to manually enter.

When creating the WANIP6 interface after creating the gateway, I don't get an option to select the gateway.. Only option is none.

My box is setup with a DHCP WAN from my ISP (TWC). 1 LAN, 2 OpenVPN connects(i didn't create interfaces for them, 1 roadwarrior, the other is a site2site). I have a few packages installed but snort is the only networking one that would touch the wan interface.

When i have time I will do a fresh install without restoring my config file and see if there is a difference.. I've been meaning to do this since I have issues with the traffic-shaper. I can't access the internet after using the shaper wizard.. Somthing is blocking the traffic but i dont see it in the logs…. But that issue is for another thread  :-)

derekivey

@databeestje:

you can set that sysctl in the system tunables.

I think you just didn't reboot after gitsyncing. It's in the rc.bootup script.

Ahh, ok that must've been the issue. Yeah, I never rebooted.

Thanks!

Derek

Efonnes

Something that might be useful to those who are trying this code:  once you've set up gitsync for the first time, there is an additional option on the firmware updater settings in the web gui to gitsync when an update has been installed.  This way you won't need to run gitsync after the reboot (unless the gitsync failed for some reason).  I might later add some kind of pre-update check to make sure it is possible to do the operations needed for the gitsync, like fetching the code, etc., and cancel the update if the gitsync will fail - useful for when it is critical that the gitsync succeeds.

gnhb

Hi guys,
I really want to participate in the IPv6 fun here, but all my routers are running nanoBSD firmware and gitsync doesn't work there. What can I do?

GB

databeestje

We might need to investigate in somehow producing a build or snapshot based on this branch, we'll investigate.

sullrich

@gnhb:

Hi guys,
I really want to participate in the IPv6 fun here, but all my routers are running nanoBSD firmware and gitsync doesn't work there. What can I do?
GB

gitsync should work on nanobsd?  Just need to make the image rw before you run it?

jimp

Last time I tried, it ran out of space on /var trying to actually install git.

sullrich

Custom images built from Seth's REPO:

http://cvs.pfsense.org/~sullrich/ipv6/

m4rcu5

@sullrich:

Custom images built from Seth's REPO:

http://cvs.pfsense.org/~sullrich/ipv6/

Nice, is it auto build like the normal snapshots?

-m4rcu5

Cino

I had time to run a fresh install. I changed my LAN IP, LAN dhcp range and WAN is set for dhcp by default. I install the git repository from http://gitweb.pfsense.org/pfsense/pfSense-smos.git. It does install some packages right after typing "playback gitsync" but then I get the prompt for the custom url. Rebooted the box and I still couldn't route to the internet. I save/apply my WAN interface and I was able to route to the internet again.. Did another reboot, and same results, cant route to the internet until save/apply my WAN interface.

Any ideas what is causing this? I had a similar issue with 1.2.3 a while ago if my cable modem would reboot.. I remember there was a package that fixed the issue.. Can't remember the name but its a package that was for 1.2.3 I believe. I don't see it under 2.0.

Thanks for all the work you guys have been making with ipv6…

databeestje

My box here has a dhcp and it still works after a update and gitsync. Odd.

Cino

@databeestje:

My box here has a dhcp and it still works after a update and gitsync. Odd.

It worked after the gitsync, it stopped working after the first reboot. The WAN DHCP client does pick up an ip address from my ISP(Its same IP for about 12-24months), it also grabs the DNS servers.. When I try to ping from the box to lets say google.com, I get a no route error.. After saving/applying the WAN interface page… Its able to ping.

iFloris

@Cino:

When I try get the gateway under routing. The box wont let me input the ipv6 address that i got from he.net. It says the subnet is not within the range. If I leave the gateway blank and click save, it puts the ipv6 address that i try to manually enter.

When creating the WANIP6 interface after creating the gateway, I don't get an option to select the gateway.. Only option is none.

Cino, did you manage to solve this before you did a fresh install?
I seem to be running into the same problem, but a fresh install isn't feasible at the moment.

Also, Databeestje: Awesome.

Cino

@iFloris:

@Cino:

When I try get the gateway under routing. The box wont let me input the ipv6 address that i got from he.net. It says the subnet is not within the range. If I leave the gateway blank and click save, it puts the ipv6 address that i try to manually enter.

When creating the WANIP6 interface after creating the gateway, I don't get an option to select the gateway.. Only option is none.

Cino, did you manage to solve this before you did a fresh install?
I seem to be running into the same problem, but a fresh install isn't feasible at the moment.

Also, Databeestje: Awesome.

I wasn't able to resolve the issue…

Daboom

I too have a similar situation to the last two posters. The Gateway will not let me put in the correct info and if I leave it blank then it will put in dynamic instead and I get no ipv6 anymore. I had to change it back to the way I had it which never says online or does any of the gateway checks.