Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Matthew Hall
This bug report is absolutely insane. It required more hours for people to compose these replies than it would to compose the patch for the actual bug. I couldn't even read it all because it was so violently toxic. Matthew Hall > On Aug 2, 2017, at 9:36 PM, Morgan Reed

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Morgan Reed
It's not "google" refusing to support it... It's one Lorenzo Colitti who is the roadblock... https://issuetracker.google.com/issues/36949085 But yes, it's asinine. On Thu, Aug 3, 2017 at 1:00 PM, Adam Thompson wrote: > You could be right, I was writing from memory and

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Matthew Hall
If you put your network segment into Assisted Mode the clients will try SLAAC followed by DHCPv6 so that things can cooperate between both approaches. Matthew Hall > On Aug 2, 2017, at 8:00 PM, Adam Thompson wrote: > > You could be right, I was writing from memory and

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Adam Thompson
You could be right, I was writing from memory and ... tbh, I don't care enough to go look it up again :). They shut down, that's a pain in the butt, I was already on HE anyway, end of story for me. I would do the same here, except that (IMHO) Google's refusal to support DHCPv6 on Android is

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Moshe Katz
Adam, Actually, the reason SIXXS shut down is exactly the opposite of what you said. SIXXS shut down because IPv6 adoption was going too slow and a number of ISPs were actually telling their customers "we don't plan to implement IPv6 because you can get it from SIXXS if you really want it." In

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Adam Thompson
So? Neither do I. I don't have native IPv6 at the office either. But both are fully IPv6-connected. That's what Hurricane Electric tunnels are for. (And SIXXS, formerly, but they've decided that IPv6 penetration has reached a point where they're not needed anymore. Hahahaha...)

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Vick Khera
Nice. Thanks for the explanation. My IPv6 knowledge is slowly being built up. Not having IPv6 at my home router makes it hard to play with. I've not had the courage to bring "live" my direct allocation at the data center yet. On Wed, Aug 2, 2017 at 10:22 PM, Adam Thompson

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Adam Thompson
Sadly, yes. Partly due to providers like OVH who don't "get" prefix delegation. Also, how else do you multi-home without running BGP? (Keeping in mind that the overwhelming majority of networks around the world have no access to BGP.) That's one of the specific use cases for Network Prefix

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Matthew Hall
https://tools.ietf.org/html/rfc6296 Matthew Hall > On Aug 2, 2017, at 7:19 PM, Vick Khera wrote: > > Is NAT even a thing with IPv6? > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project

Re: [pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Vick Khera
Is NAT even a thing with IPv6? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] IPv6 1:1 NAT problems

2017-08-02 Thread Adam Thompson
(If you work for Netgate – would a paid support subscription include helping me diagnose the problem here, and get this working? I’m not 100% clear if this is in scope or not.) I’ve encountered an – apparently – unusual problem when trying to enable 1:1 NAT for IPv6. I’m also having a

Re: [pfSense] IPv6 problem at OVH

2017-08-02 Thread Olivier Mascia
> Le 2 août 2017 à 14:46, Adam Thompson a écrit : > > I can't speak to their other platforms, but the Private Cloud offering is > based on VMware, and does not permit the use of MAC addresses other than the > one assigned to the VM. So CARP immediately fails there. >

Re: [pfSense] IPv6 problem at OVH

2017-08-02 Thread Olivier Mascia
> Le 2 août 2017 à 14:50, Adam Thompson a écrit : > > Before I dive into details, can anyone confirm that they have 1:1 NAT working > for IPv6 in production? I have Adam. Configure your WAN using the first /57 from the /56 they give you. For instance:

Re: [pfSense] IPv6 problem at OVH

2017-08-02 Thread Adam Thompson
I've got IPv4 working, as I said, using the Proxy ARP (or IP Alias, both work) VIP. I still don't have IPv6 working, though. I'm running into a situation where 1:1 NAT for IPv6 seems to either a) simply not work at all, or b) utterly kills all IPv6 on the firewall for reasons I don't

Re: [pfSense] IPv6 problem at OVH

2017-08-02 Thread Adam Thompson
I can't speak to their other platforms, but the Private Cloud offering is based on VMware, and does not permit the use of MAC addresses other than the one assigned to the VM. So CARP immediately fails there. Amusingly (not), there's even special plug-in in the VMware client that is supposed to

Re: [pfSense] IPv6 problem at OVH

2017-08-02 Thread Olivier Mascia
> Le 2 août 2017 à 00:39, Matthew Hall a écrit : > >> The real issue is that HA setup of a couple of pfSense is impossible with >> such an awkward IPv6 setup as OVH imposes to us. > > Just curious: how does it break CARP + pfSync? I don't have the exact specifics in