pfSense Support List

Ihsan Dogan | 1 Aug 2008 14:05

Picon

IPv6

Hello,

Are there any plans to improve the IPv6 support of pfSense?

Ihsan

--

-- 
ihsan@...		http://blog.dogan.ch/

Gary Buckmaster | 1 Aug 2008 15:40

Re: IPv6

Ihsan Dogan wrote:
> Hello,
>
> Are there any plans to improve the IPv6 support of pfSense?
>
>
>
>
> Ihsan
>
Currently none of the developers has an IPv6 network with which to do 
testing.  There have been a number of queries on this subject, including 
a fairly long thread on this mailing list.  For further details, I'd 
encourage you to review the archives of this thread.

Jan Zorz | 7 Aug 2008 07:51

Re: IPv6


> Currently none of the developers has an IPv6 network with which to do 
> testing. 
IPv6 lab network can be very easily setup, if you know how to do it. No 
expensive hardware involved, just a bunch od bsd and linux boxes, some 
IPv6 daemons and a tunnel to IPv6 broker, if there is no native IPv6 
connectivity.

How hard can it be?

/jan

Chris Buechler | 7 Aug 2008 17:50

Re: IPv6

Jan Zorz wrote:
>
>> Currently none of the developers has an IPv6 network with which to do 
>> testing. 
> IPv6 lab network can be very easily setup, if you know how to do it. 
> No expensive hardware involved, just a bunch od bsd and linux boxes, 
> some IPv6 daemons and a tunnel to IPv6 broker, if there is no native 
> IPv6 connectivity.
>
> How hard can it be?

It's not hard (to setup the test network at least), it's a matter of 
priority. None of us care enough to do that when we have no practical 
use for IPv6, and when there are numerous other things on the road map 
that we do want that we don't have time to accomplish as is.

Of course it will have to be supported eventually, but at this time it 
is not a priority. If it is for you, we welcome patches with IPv6 support.

Beat Siegenthaler | 7 Aug 2008 12:31

Re: IPv6

Jan Zorz wrote:

> 
> How hard can it be?
> 
>

Maybe if m0n0wall takes the lead a little softer ... 
http://m0n0.ch/wall/ has basic ipv6 support since a few weeks.

Jan Zorz | 7 Aug 2008 12:45

Re: IPv6


>>
>> How hard can it be?
>>
>>
>
> Maybe if m0n0wall takes the lead a little softer ... 
> http://m0n0.ch/wall/ has basic ipv6 support since a few weeks.
>
True :)

What I see from changes, only basiv tunneling is implemented. What we 
need is also stateless autoconfiguration daemon (radvd), statefull 
autoconfig support (dhcpv6),  full graphical config support (interfaces 
IP-s, rules definitions, etc...), OSPFv6, DNS "tip or trick daemon" 
(totd) and pTRTd as v6 to v4 "translator"...

That would suffice for a start of even thinking of the idea of using 
pfsense (or m0n0wall) in ipv6 environment as router :)

I have several networks on dual-stack, some of them even on v6 only and 
I think development on ipv6 in firewall area should be quicker. A lot 
quicker. I don't want to sound like an clairvoyant, but 10.10.2010 date 
as predicted v.4 dead-end is near.

/jan

Beat Siegenthaler | 7 Aug 2008 12:55

Re: IPv6

Jan Zorz wrote:

> 
> What I see from changes, only basiv tunneling is implemented. What we 
> need is also stateless autoconfiguration daemon (radvd), statefull 
> autoconfig support (dhcpv6),  full graphical config support (interfaces 
> IP-s, rules definitions, etc...), OSPFv6, DNS "tip or trick daemon" 
> (totd) and pTRTd as v6 to v4 "translator"...
> 
> That would suffice for a start of even thinking of the idea of using 
> pfsense (or m0n0wall) in ipv6 environment as router :)
> 

Shure,
but instead of waiting, i decided to make a "Tunnelrouter" inside my 
private Network with this services. Therefore i can play with v6 without 
waiting for miracles  (but for graphical IPv6 Firewall-Rules will 
still Checkpoint products be the Choice)

Jan Zorz | 7 Aug 2008 13:02

Re: IPv6


>
> but instead of waiting, i decided to make a "Tunnelrouter" inside my 
> private Network with this services. Therefore i can play with v6 
> without waiting for miracles  (but for graphical IPv6 
> Firewall-Rules will still Checkpoint products be the Choice)
>
That's perfectly correct...

But, I can't imagine migrating servers to dual-stack and adding AAAA 
record to DNS, relying on "tunnelrouter" inside my network. We have 
possibility to do native IPv6 routing, we have allocated /32 of IP's 
from RIPE, so WTF?

The only thing that I can imagine now is completely parallel new linux 
based dual firewall setup for native IPv6 access and IPv6 firewalling 
(in parallel with redundant pfsense v4 setup).

How much nonsense one can take?

/jan

Ihsan Dogan | 2 Aug 2008 12:49

Picon

Re: IPv6

Am 1.8.2008 15:40 Uhr, Gary Buckmaster schrieb:

>> Are there any plans to improve the IPv6 support of pfSense?
>>
> Currently none of the developers has an IPv6 network with which to do 
> testing.  There have been a number of queries on this subject, including 
> a fairly long thread on this mailing list.  For further details, I'd 
> encourage you to review the archives of this thread.

Ok. Thanks for your reply.

Ihsan

--

-- 
ihsan@...		http://blog.dogan.ch/

Return

Return to gmane.comp.security.firewalls.pfsense.support.

Project Web Page

pfSense Support List

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane