Netgate SG-1000 microFirewall

Author Topic: IPv6  (Read 6918 times)

0 Members and 1 Guest are viewing this topic.

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
IPv6
« on: December 26, 2005, 05:10:09 pm »
I want to make my netork be able to reach IPv6 network over the Internet.

I can setup my server to use IPv6, but how I can setup pfSense?
I tried to use ngnet (https://tb.ngnet.it. I setup a tunnel. I have this information:

Tunnel Info
Server IPv4 Address***.***.***.***
Server IPv6 Address****:****:****:****::****
Server IPv6 Link Local Addr****::****:****
Client IPv4 Address**.**.**.***
Client IPv6 Address****:****:****:****::****
Client IPv6 Link Local Addr****::****:****

And the site generate this script fot FreeBSD:
Code: [Select]
#!/bin/sh
gif_ifaces=`ifconfig -a|grep -w gif[0-9]*|grep -v UP| grep -v inet6 | awk -F":" '{print $1}'`
gif_iface=`echo $gif_ifaces|awk '{print \$1'}`
if [ -z $gif_iface ]; then
echo "No gif interfaces available."
echo "Tunnel can't be configured"
exit
fi
ifconfig $gif_iface create
ifconfig $gif_iface tunnel ClientIPv4Address ServerIPv4Address >> /tmp/tb.log
ifconfig $gif_iface inet6 ClientIPv6Address  ServerIPv6Address prefixlen 128 metric 1 >> /tmp/tb.log
route add -inet6 :: -prefixlen 0 -interface $gif_iface
echo "ClientIPv6Address $gif_iface" >> /tmp/tb.gif

Thanks for help!

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: IPv6
« Reply #1 on: December 26, 2005, 05:14:43 pm »
We have a tunnel endpoint option I think, never used it.

If you want to use the script, stick it in /usr/local/etc/rc.d and make sure to chmod a+x it.

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #2 on: December 26, 2005, 05:21:07 pm »
We have a tunnel endpoint option I think, never used it.

If you want to use the script, stick it in /usr/local/etc/rc.d and make sure to chmod a+x it.



I saw the endpoint option, but if i put only the ipv4 address threre, IPv6 is not running... There is something wrong?

I think that the best solution is to use the script, but i have a dinamic IPv4 so how i can modify the script to run every time the IPv4 change? and get automatically the IPv4 address?

Thanks!
« Last Edit: December 27, 2005, 04:33:31 am by Emab »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: IPv6
« Reply #3 on: December 26, 2005, 05:23:34 pm »
I saw the endpoint option, but if i put only the ipv4 address threre, IPv6 is ono running... There is something wrong?

I really don't know.  I honestly have never used ipv6.

I think that the best solution is to use the script, but i have a dinamic IPv4 so how i can modify the script to run every time the IPv4 change? and get automatically the IPv4 address?
Thanks!

This gets a LOT more involved but you could try launching your script from /etc/rc.newwanip

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #4 on: December 26, 2005, 05:28:30 pm »
I saw the endpoint option, but if i put only the ipv4 address threre, IPv6 is ono running... There is something wrong?

I really don't know.  I honestly have never used ipv6.
Ok...

I think that the best solution is to use the script, but i have a dinamic IPv4 so how i can modify the script to run every time the IPv4 change? and get automatically the IPv4 address?
Thanks!

This gets a LOT more involved but you could try launching your script from /etc/rc.newwanip
Ok, I can try this, but how can I edit the script to get automatically my IPv4 address?

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: IPv6
« Reply #5 on: December 26, 2005, 05:32:44 pm »
Look at /etc/rc.newwanip

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #6 on: December 26, 2005, 05:37:36 pm »
Look at /etc/rc.newwanip


Ok, if I undestrand correctly I have to put the script here... it's correct?

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: IPv6
« Reply #7 on: December 26, 2005, 05:43:35 pm »

No, you need to read /etc/rc.newwanip and hook you're script in appropriately.




Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #8 on: December 26, 2005, 05:45:05 pm »

No, you need to read /etc/rc.newwanip and hook you're script in appropriately.

Ok... I'll check tomorrow.... now it's to late for me...

Thank you!

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #9 on: December 27, 2005, 03:57:05 am »
If I run this script:

Code: [Select]
#!/bin/sh
gif_ifaces=`ifconfig -a|grep -w gif[0-9]*|grep -v UP| grep -v inet6 | awk -F":" '{print $1}'`
gif_iface=`echo $gif_ifaces|awk '{print \$1'}`
if [ -z $gif_iface ]; then
echo "No gif interfaces available."
echo "Tunnel can't be configured"
exit
fi
ifconfig $gif_iface create
ifconfig $gif_iface tunnel ClientIPv4Address ServerIPv4Address >> /tmp/tb.log
ifconfig $gif_iface inet6 ClientIPv6Address  ServerIPv6Address prefixlen 128 metric 1 >> /tmp/tb.log
route add -inet6 :: -prefixlen 0 -interface $gif_iface
echo "ClientIPv6Address $gif_iface" >> /tmp/tb.gif

it do any permanent change?
or it's enought to reboot the system to lost these changes?

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #10 on: December 27, 2005, 04:26:31 am »
I'm trying to run the above script...
but I need some help...

The script want a GIF interface... what I can do?

Offline Emab

  • Full Member
  • ***
  • Posts: 200
  • Karma: +0/-0
    • View Profile
    • be @head
Re: IPv6
« Reply #11 on: December 27, 2005, 05:34:26 am »
Ok...how I'm able to run the script and I have IPv6 connectivity on the pfSense PC.

What is the best rule, for security reasons, to allow IPv6 traffic?