TODO List for IPv6 support on the pfSense-smos GIT repo. Updated April 25th 2011.
What currently works:
- Static IPv6 addressing on the Interfaces.
- DHCP6 addressing on interfaces
- DHCP6 Prefix Delegation for the LAN or OPT interfaces.
- IPv6 Firewall rules for inbound and outbound traffic.
- Accessing the pfSense machine via the WebUI or SSH on it's IPv6 address.
- Router Advertising for stateless configuration for LAN or OPT clients.
- Carp with IPv6 addresses and config syncing to a IPv6 peer. (kernel hangs snapshots older then jan 18th)
- Static Routes and gateways with IPv6 addresses.
- Network Prefix translation so that people can use a ULA on the LAN and translate to a Global Unicast network prefix.
- RRD graphs show IPv6 traffic
- You can configure IPv6 DNS servers for pfSense.
- IPv6 bogon network blocks and IPv6 reserved ranges blocks (needs documentation range as well?)
- DNS forwarder listens on udp6 socket, should work and resolve? Yes it does.
- IPsec should now work for v6 tunnel over v4 and vice versa, needs testing.
- OpenVPN now has the ability to send a IPv6 network over the link, clients need to be updated to support this. Viscosity does not work, client needs manual updating built from the patched OpenVPN tree.
- Prelimenary DHCP-PD support for the WAN and LAN. (11-05-2011)
What does not work:
- Does not automatically configure the IPv6 DNS servers and domain from the DHCP6 client.
- You can not use IPv6 gateways or groups in firewall rules, it results in filter rule errors if not careful about setting the correct protocol
- The initial console setup does not accept IPv6 addresses. It does show configured IPv6 addresses.
- The firewall logs do not correctly show the IPv6 protocols and ports for blocked or allowed traffic. (Partially fixed, 26-02-2011)
- None of the supported VPN options except IPsec and OpenVPN in pfSense are fixed to accept IPv6 addresses.
What isn't tested:
- A lot really
- WebUI anti lockout rules need testing and/or adjusting
- Check if address spoofing also works for inet6 (firewall rules)
- Fix PPtP for IPv6 addresses.
- Fix DynDNS for IPv6
- Fix SNMP for IPv6
- The pfSense PHP module needs support for setting and retrieving ipv6 attributes.
- The rest