Further IPv6 adresses bugs

2.1 Snapshot Feedback and Problems - RETIRED
Log in to reply
  • R

    Hi,

    I saw that the behavior is fixed for /32 mask on IPv6 adresses:
    https://github.com/bsdperimeter/pfsense/commit/cb2b59b89b4d7fb6449c0f45d142302dd2029373
    but there are more problem with it.

    We had an /32 for instance: xxxx:xxxx::1 and I could handle these addresses right if only the last Hexadectet is changed.
    We use actually only first /48 block this AS and split it up into 8 main parts which are splitted onto 2 gateways.

    When I try to setup the 2nd gw/fw on this network and use the most upper addresses like:
    xxxx:xxxx:0:xxxx:1 I got several errors.

    1. Interfaces are setup right but

    2. CARP virtual IP cannot be saved right… I got:
              The following input errors were detected:
              This IPv4 address is being used by another interface or VIP.

    + IP address is saved but network mask is set to /24 (and also on interface)
      + I got always only this error message; there is NO "Apply changes" buttons after the change.
      + CARP sync has same problems... slave firewall hold the old IPv6 address and got 2 additional IPv6 addresses in my tests
          (after reboot of server there is only the right IPv6 address with /24 mask)

    1. Gateway with this IPv6 address/mask
              The following input errors were detected:
              A valid gateway IP address must be specified.

    + IP address is NOT saved (still old IP)
      + I got always only this error message with no change but there is an "Apply changes" buttons after the change.

    I hope my ping/routing problems are only a fault of this behavior (not further tested because of above problems).

    Bests

    Reiner

    0
  • R

    forgotten:

    I use on all servers:
        2.1-BETA1 (amd64)
        built on Thu Feb 14 04:54:28 EST 2013
        FreeBSD 8.3-RELEASE-p5

    And I found out that on most servers its possible to set the necessary IPv6 addresses if I use the complete form:
    xxxx:xxxx:0:xxxx:0:0:0:1

    But I'm a little confused:

    • on my border gateway firewalls I can't set the 2nd gateway in this form
    • on my inner firewalls I can set them sucessfully.
      (- virtual CARP addresses can be setup an all correctly
         but when I wrote xxxx:xxxx:0:0:0:0:0:1 automatically mask /24 is written)

    Bests

    Reiner

    0
  • R

    @Reiner030:

    But I'm a little confused:

    • on my border gateway firewalls I can't set the 2nd gateway in this form

    When I try to delete the gateway and set it completely news I got the error that it's in a GW group…
    After removing it from my gw group I found  all my GW's tries ^^

    old one:  xxxx:xxxx::fe
    new one: xxxx:xxxx:0:ffff:1
    new one: xxxx:xxxx:0:ffff:0:0:0:1

    So there seems an IPv6 bug with GW within a GW group, too.

    Bests

    Reiner

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy