Netgate m1n1wall

Author Topic: IPv6 testing  (Read 62340 times)

0 Members and 1 Guest are viewing this topic.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: IPv6 testing
« Reply #135 on: February 08, 2011, 10:02:18 am »
I remember someone saying something about implementing ipv6 being far too much work for one person..

In this case one person is doing the job of 2-3 people.   Seth has been working a lot on this project.

Oh and send him beer.  He likes beer.

Offline Koen Zomers

  • Full Member
  • ***
  • Posts: 152
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #136 on: February 08, 2011, 10:19:31 am »
And more progress made.. issues 1 and 2 are resolved now. I had to go through all the steps again and even though all was correctly configured already, saving the settings again would create the appropriate config files to make it work without any custom scripts! Thanks bunches databeestje!  ;D

I just synced with your recent update and I can also confirm the DHCPv6 to be working now! Making IPv6 reservations for DHCPv6 does not work yet, but I'm sure you're aware of that and have it somewhere on your huge todo list.

Great work! Keep up the good job.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: IPv6 testing
« Reply #137 on: February 08, 2011, 04:29:08 pm »
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is ... awkward.

I'll add it to the list.

Offline Koen Zomers

  • Full Member
  • ***
  • Posts: 152
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #138 on: February 09, 2011, 02:08:15 am »
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is ... awkward.

I'll add it to the list.

If you need to test updates on the DHCPv6 reserved leases, let me know and I'll be happy to do that for you on my installation here.

I still prefer to know what IPv6 addresses are assigned to my servers instead of having them assigned a random IPv6 and make them accessible via registering the lease in the DHCP. So I'll be using the Windows DHCPv6 service in the meantime. A difference between the Windows DHCPv6 service and the pfSense DHCPv6 service I noticed is that in Windows I need to register a static lease based on the DHCPv6 IAID and Client DUID and with pfSense it's based on the MAC address like with DHCPv4. What's the difference and why is there a difference?

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #139 on: February 09, 2011, 11:23:13 am »
Quick question, under System: Advanced: Networking: IPv6 Options, do we need to have 'Allow IPv6' checked? I noticed when its check, I see local-link IPv6 addresses are being blocked by my LAN rule(Allow LAN Subnet only). When its unchecked, I dont see them being blocked.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: IPv6 testing
« Reply #140 on: February 09, 2011, 11:53:40 am »
I just committed a filter rule fix for a typo.

That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged

Offline GrandmasterB

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #141 on: February 10, 2011, 08:23:05 am »
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.

Maybe for the buglist?

thnx.

Offline wiz561

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #142 on: February 10, 2011, 08:29:05 am »
Well, I figured it was broken. But Apple OS X does not have a dhcp v6 client. So testing that is ... awkward.


OSX does have a dhcp v6 client, right?  When I go into the advanced options in the interface settings, there's a spot for ipv6.  Or, is it something else you were talking about?



Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: IPv6 testing
« Reply #143 on: February 10, 2011, 09:06:30 am »
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.

Maybe for the buglist?

thnx.
Found and fixed

Offline GrandmasterB

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #144 on: February 10, 2011, 09:29:06 am »
Is it correct that with the smos IPv6 getsync, static routes al only possible with ipv6 routes?
I'm trying to add a ipv4 static route and it is not working, it stays blank.

Maybe for the buglist?

thnx.
Found and fixed

confirmed fixed! Thanks!

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #145 on: February 10, 2011, 01:41:17 pm »
Is it normal to see link-local addresses in the dhcp log? I don't think i noticed it before but I just had a major issue after a git sync an hour ago. The DHCPd service hang while it was trying to read the /var/dhcpd/var/db/dhcpd6.leases file. I deleted the file and that seem to fix the issue.

If i change my LAN firewall rule to LAN subnet only from any any, I don't see the dhcp messages anymore but now they end up in the firewall log.

Thinking of blocking fe80:: on the LAN so I dont see it in the firewall log but I dont want to break autoconfig of ipv6(not sure if it would or not)

Code: [Select]
dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:14:16 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:14:16 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:44 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:44 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:44 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:36 dhcpd: DHCPACK to 192.168.0.104 (00:1e:c9:2f:a0:fe) via em0
Feb 10 14:13:36 dhcpd: DHCPINFORM from 192.168.0.104 via em0
Feb 10 14:13:28 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:28 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:28 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:20 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:20 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:20 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:16 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:16 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:16 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:14 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:14 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:14 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:13 dhcpd: Sending Advertise to fe80::51f3:b81e:bcf1:6fb5 port 546
Feb 10 14:13:13 dhcpd: Unable to pick client address: no addresses available
Feb 10 14:13:13 dhcpd: Solicit message from fe80::51f3:b81e:bcf1:6fb5 port 546, transaction ID 0x12F3B600
Feb 10 14:13:13 dhcpd: DHCPACK on 192.168.0.104 to 00:1e:c9:2f:a0:fe (dellbox-win7) via em0
Feb 10 14:13:13 dhcpd: DHCPREQUEST for 192.168.0.104 from 00:1e:c9:2f:a0:fe (dellbox-win7) via em0
Feb 10 14:11:37 dhcpd: Sending on Socket/14/em0/2001:470:XXXX:XXXX::/64
Feb 10 14:11:37 dhcpd: Listening on Socket/14/em0/2001:470:XXXX:XXXX::/64

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: IPv6 testing
« Reply #146 on: February 10, 2011, 03:27:41 pm »
without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.

Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.


Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #147 on: February 10, 2011, 04:06:54 pm »
without link local addresses you can not connect to the dhcp server. What is most likely here is that I am missing a rule that allows access to the dhcp server.

Thanks for testing. I'll go build a dhcp6 leases status page and a diag_ndp.php page for neighbour listings. It is now included in the snapshots and can be run from the command page with ndp -a.

Thank you for building this into pfsense!!! As you build it, we will test it :-)
« Last Edit: February 10, 2011, 08:56:59 pm by Cino »

Offline Daboom

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #148 on: February 10, 2011, 04:43:43 pm »
I just committed a filter rule fix for a typo.

That setting should be checked to have any hope of getting somthing ipv6 through pfsense. If it is unchecked all ipv6 traffic will be blocked without being logged

Well this is great I did a fresh install onto my test system synced with the IPV6 git right away and setup my ISP's Native service only took bout 2 hours lol. I did have to change/add a line in interface.inc file as well need to find a place to have it auto run a route command when the connection comes up.

Offline AkumaKuruma

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +0/-0
    • View Profile
Re: IPv6 testing
« Reply #149 on: February 10, 2011, 05:02:22 pm »
Catching back up since you fixed the issues with IPv6 patches working on BETA5.....

I have set the interfaces back up but i get the lovely oddball of the WANIPv6 address showing up in the config screen for the interface but not actually being applied to said interface. If i ping the address from the console on the pfSense box itself i get "ping6: UDP connect: no route to host" and as such cannot get any IPv6 traffic to egress thru the firewall. Internally I am getting DHCPv6 leases and can connect to the LANs IPv6 address just fine.