Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - jamesonp

Pages: [1] 2 3 4 5
1
I just looked at the relayd conf man page and found this:

https://man.openbsd.org/relayd.conf.5#PROTOCOLS

Does that answer your question?

3
General Questions / Re: pfsense box suddenly dies
« on: December 11, 2017, 11:50:27 am »
You might try reproducing the issues I had in the post I linked. The RealTek issue seems to be an issue with the quality of the adapter and/or a driver regression.

4
Why not just disable IPv6 on your WAN and LAN interface?

5
General Questions / Re: pfsense box suddenly dies
« on: December 09, 2017, 05:28:47 pm »
Here's the issues I had with RealTek..while the video is no longer there, you should be able to get the gist of it:

https://forum.pfsense.org/index.php?topic=103199

6
General Questions / Re: pfsense box suddenly dies
« on: December 09, 2017, 05:16:39 pm »
I would stop using those Realtek NICs and throw an Intel NIC card in the box.  I've personally had trouble with them and I know others have as well.

7
IPv6 / Re: Odd IPv6 Issue
« on: December 07, 2017, 02:52:57 am »
Thanks for the replies.  The issue ended up being a bug with IGMP snooping on my Ubiquiti Edgeswitch.  Disabling IGMP snooping on the specific VLAN with unmanaged RAs set allowed the RAs to be broadcasted to the clients.

8
IPv6 / Re: Odd IPv6 Issue
« on: December 02, 2017, 09:48:02 pm »
I keep getting this when starting radvd:

Code: [Select]
[Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:36] radvd (87691): igb1.10 is up
[Dec 02 19:44:36] radvd (87691): igb1.10 is running
[Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:36] radvd (87691): igb1.10 is up
[Dec 02 19:44:36] radvd (87691): igb1.10 is running
[Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:52] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:52] radvd (87691): igb1.10 is up
[Dec 02 19:44:52] radvd (87691): igb1.10 is running
[Dec 02 19:44:52] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:06] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:08] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:08] radvd (87691): igb1.10 is up
[Dec 02 19:45:08] radvd (87691): igb1.10 is running
[Dec 02 19:45:08] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:09] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:12] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:30] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:33] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:36] radvd (87691): igb1.10 is up
[Dec 02 19:45:36] radvd (87691): igb1.10 is running
[Dec 02 19:45:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:41] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:41] radvd (87691): igb1.10 is up
[Dec 02 19:45:41] radvd (87691): igb1.10 is running
[Dec 02 19:45:41] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:53] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:53] radvd (87691): igb1.10 is up
[Dec 02 19:45:53] radvd (87691): igb1.10 is running
[Dec 02 19:45:53] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1

Everytime I do a manual /renew6, the logs show:

Code: [Select]
[Dec 02 19:45:53] radvd (87691): igb1.10 is up
[Dec 02 19:45:53] radvd (87691): igb1.10 is running
[Dec 02 19:45:53] radvd (87691): igb1.10 supports multicast

Followed by this over and over again until the new /renew6:

Code: [Select]
[Dec 02 19:46:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1

9
IPv6 / Re: Odd IPv6 Issue
« on: November 30, 2017, 11:40:16 pm »
Just a wild shot : your device can actually "ICMP" pfSense ? (I guess without it a IPV6 ping reply  it will drop the gateway ...)

The fe80::1:1 still is pingable and so is the actual IPv6 address after the fe80::1:1 gateway is dropped...I have no idea what the issue is!!!

10
IPv6 / Re: Odd IPv6 Issue
« on: November 30, 2017, 02:53:37 am »
So I think I've identified the issue but I don't have any clue what would be causing it.  When I do an ipconfig /renew6, the default gateway of fe80::1:1%2 is added.  After approximately 1 minute, the default gateway is dropped and only the IPv4 gateway remains.

11
IPv6 / Re: Odd IPv6 Issue
« on: November 30, 2017, 02:24:33 am »
Might be a good idea to sniff with wireshark and have look at what messages you see from your router (router advertisements or answers to router discoveries). You might want to filter for ICMP6 packages.
Did you set the router lifetime in the RA settings on the firewall?

I changed the router lifetime to 1800 and still no change.  I ran Wireshark and didn't see anything abnormal with the RA messages.  Although I am new at reading these.  Maybe you could have a look:


RA

Code: [Select]
Frame 118915: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on interface 0
Ethernet II, Src: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: AsustekC_39:04:98 (xx:xx:xx:xx:xx:xx)
Internet Protocol Version 6, Src: fe80::1:1, Dst: fe80::e899:1dd9:b899:72ae
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 192
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source: fe80::1:1
    Destination: fe80::e899:1dd9:b899:72ae
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x6d13 [correct]
    [Checksum Status: Good]
    Cur hop limit: 64
    Flags: 0x08, Prf (Default Router Preference): High
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2606:6000:xxxx:xxxx::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xe0, On-link flag(L), Autonomous address-configuration flag(A), Router address flag(R)
        Valid Lifetime: 86400
        Preferred Lifetime: 14400
        Reserved
        Prefix: 2606:6000:xxxx:xxxx::
    ICMPv6 Option (Route Information : Medium ::/0)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 0
        Flag: 0x00, Route Preference: Medium
        Route Lifetime: 60
        Prefix: ::
    ICMPv6 Option (Recursive DNS Server 2001:4860:4860::8888 2001:4860:4860::8844)
        Type: Recursive DNS Server (25)
        Length: 5 (40 bytes)
        Reserved
        Lifetime: 20
        Recursive DNS Servers: 2001:4860:4860::8888
        Recursive DNS Servers: 2001:4860:4860::8844
    ICMPv6 Option (DNS Search List Option home.internal.yyyy.com home.internal.yyyy.com)
        Type: DNS Search List Option (31)
        Length: 8 (64 bytes)
        Reserved
        Lifetime: 20
        Domain Names: home.internal.yyyy.com
        Domain Names: home.internal.yyyy.com
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500
    ICMPv6 Option (Source link-layer address : xx:xx:xx:xx:xx:xx)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx)

12
IPv6 / Re: Odd IPv6 Issue
« on: November 27, 2017, 07:30:22 pm »
It does maintain an IP and can ping ipv6.google.com

13
IPv6 / Odd IPv6 Issue
« on: November 27, 2017, 04:49:34 pm »
I have Time Warner (now Spectrum).  The WAN interface has the DHCP6 option set for IPv6 Config Type and I have it set to request a /56 delegation size.  The WAN interface is assigned 2606:yyyy:xxxx:x:xxxx:xxxx:xxx:xxxx from TW.

I have four different VLANs which I've set the IPv6 config type to track the WAN interface.  Each of the four VLANs has a different prefix ID (0-3) and obtain a different IPv6 /64 range starting with 2606:yyyy.  I have the RA daemon for each VLAN set to advertise as Unmanaged with the router priority set as high.

Now here's the odd part.  IPv6 only works for a short time on each of the clients PCs when running an "ipconfig /renew6" as seen in this short video:

https://streamable.com/uksmx

Windows Firewall is off for testing purposes in the above video.

Now similarly, upon disconnecting an Android phone from the wireless and reconnecting it, the IPv6 works for a short time before reverting back to IPv4.

I can't for the life of me figure out what would be causing this behavior!  Thank you for your help.

14
General Questions / Re: Error - USB optical mouse keep on displaying
« on: November 02, 2017, 03:34:09 am »
Does it do it with any other mice?  May be a bad mouse.

15
General Questions / Re: chromecast - cant cast plex
« on: April 26, 2017, 01:45:22 am »
What makes you think this is a pfSense problem?

Pages: [1] 2 3 4 5