Re: [pfSense] 2.2.6 and IPv6 RA
On 1/22/16 11:02 AM, Seth Mos wrote: >> Is it a bug? > > No, that sounds about right, it advertises itself as the gateway. filed a bug: https://redmine.pfsense.org/issues/5812 fixed in 2.3 -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.6 and IPv6 RA
On 1/25/16 10:15 AM, Antonio Prado wrote: >> No, that sounds about right, it advertises itself as the gateway. > > btw, it has been already reported: > > https://forum.pfsense.org/index.php?topic=101375.msg565424#msg565424 and here: https://forum.pfsense.org/index.php?topic=74774.0 thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.6 and IPv6 RA
On 1/22/16 11:02 AM, Seth Mos wrote: > Op 22-1-2016 om 8:53 schreef Antonio Prado: >> Hi, >> >> on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 >> not configured, pfSense starts advertising itself as IPv6 gateway on LAN >> using its link-local address (fe80::/64). >> >> That's not the correct behavior I guess. >> >> Is it a bug? > > No, that sounds about right, it advertises itself as the gateway. btw, it has been already reported: https://forum.pfsense.org/index.php?topic=101375.msg565424#msg565424 -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.6 and IPv6 RA
On 1/23/16 2:55 AM, Jon Gerdes wrote: > What is the fault you are actually trying to fix? before fixing, currently I'm trying to avoid breaking. consider a LAN segment where everything is working as supposed to: routing, v6 slaac etc. now, connect a new box in that scenario mounting a fresh pfSense 2.2.6, configure on it a LAN IPv4 address just to reach its web gui (I made this on a LAGG). what I achieved here is a broke IPv6 connectivity on the LAN segment because pfSense 2.2.6 starts advertising itself as IPv6 gateway (leading nowhere actually) like a rogue RA would do. pfSense 2.2.6 should begin advertising only after having been told to do so, as any other BSD box after all. thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.6 and IPv6 RA
On 1/22/16 12:39 PM, Seth Mos wrote: >> in other words, nevertheless pfSense 2.2.6 has no IPv6 configured (i.e. >> no v6 address on interfaces, RA disabled), it advertises itself as IPv6 gw. > > Is your LAN interface not configured for IPv6 with address fe80::1:1? It > should be, it's in the default config, unless you disable it. it's correctly auto-configured: inet6 fe80::a236:9fff:fe3a:ff5c%lagg1 prefixlen 64 scopeid 0xb but it should not advertise itself as a gw, simply because it's not a gw and therefore it has not be instructed to do so. thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.6 and IPv6 RA
On 1/22/16 11:02 AM, Seth Mos wrote: >> on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 >> not configured, pfSense starts advertising itself as IPv6 gateway on LAN >> using its link-local address (fe80::/64). >> >> That's not the correct behavior I guess. >> >> Is it a bug? > > No, that sounds about right, it advertises itself as the gateway. well, let me disagree. when a router (pfSense) has RA disabled (as previously stated in my message), it simply should not per RFC 4861. in other words, nevertheless pfSense 2.2.6 has no IPv6 configured (i.e. no v6 address on interfaces, RA disabled), it advertises itself as IPv6 gw. let me know thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.2.6 and IPv6 RA
Hi, on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 not configured, pfSense starts advertising itself as IPv6 gateway on LAN using its link-local address (fe80::/64). That's not the correct behavior I guess. Is it a bug? thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] openvpn - how do i nat the vpn segment?
On 1/20/15 4:27 PM, Randy Bush wrote: > i do not know how to dump the NAT and firewall rules to text, darn it. randy, backup -- [Firewall Rules | NAT] -- download that's conf to text (xml), not so compact and viewer friendly tho -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold