[pfSense Support] IPv6 support
Hello, I've been working on IPv6 support for pfSense over the past week and have some questions on the importance off certain bits. Ofcourse I can't do everything at once but I can certainly work in some order. What I have now does: native ipv6 static on wan and lan. Route announcement on LAN if you enable DHCPv6 this does stateless config ability to terminate a he.net ipv6 over ipv4 tunnel and use the public subnet on the lan. Ability to add firewall rules for ipv4 and ipv6 on the wan and lan Things I do not have support for: Pretty much everything else ;-) No stateless autoconfig support for wan (or dhcpv6) Announcing dns servers on the LAN All the vpn and openvpn services need fixing. I havn't tried yet. I am trying to get some feeling for what people need first before diving off into the deep end. If you have interest you can find the ipv6 post in the 2.0 forum. Feedback appreciated. Regards, Seth. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] IPv6 support
What I have now does: native ipv6 static on wan and lan. Ability to add firewall rules for ipv4 and ipv6 on the wan and lan That's all I need - interface addresses and firewall rules! Thank you! Thank you! Thank you! Come to Seattle, and I will buy you a beer! When can I have it? :D Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 support
On Sun, Oct 31, 2010 at 08:16:01PM +, Nathan Eisenberg wrote: What I have now does: native ipv6 static on wan and lan. Ability to add firewall rules for ipv4 and ipv6 on the wan and lan That's all I need - interface addresses and firewall rules! Thank you! Thank you! Thank you! Come to Seattle, and I will buy you a beer! I said pretty much that much in private mail. I think we should just issue retrograde bounty. We seem to be getting IPv6 just on time, on our favorite platform. Let's support this. When can I have it? :D -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 support
Op 31 okt 2010, om 21:16 heeft Nathan Eisenberg het volgende geschreven: That's all I need - interface addresses and firewall rules! Thank you! Thank you! Thank you! Come to Seattle, and I will buy you a beer! When can I have it? :D Right now, gitsync against my git repo and it should just work, over the next couple of weeks you should see more support coming. The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. If at some point you are not satisfied you can just run gitsync against the official url or just run the autoupdate. Regards, Seth
Re: [pfSense Support] IPv6 support
Op 31 okt 2010, om 21:16 heeft Nathan Eisenberg het volgende geschreven: That's all I need - interface addresses and firewall rules! Thank you! Thank you! Thank you! Come to Seattle, and I will buy you a beer! When can I have it? :D Right now, gitsync against my git repo and it should just work, over the next couple of weeks you should see more support coming. The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. If at some point you are not satisfied you can just run gitsync against the official url or just run the autoupdate. Regards, Seth
RE: [pfSense Support] IPv6 support
The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. Cool! Link to the forum post? I searched, but did not find. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 support
Oops, forgot. It's the thread, not the exact post. But that should get you started. http://forum.pfsense.org/index.php/topic,26469.0.html Regards, Seth Op 31 okt 2010, om 21:41 heeft Nathan Eisenberg het volgende geschreven: The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. Cool! Link to the forum post? I searched, but did not find. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 support
On Sun, Oct 31, 2010 at 4:22 PM, Eugen Leitl eu...@leitl.org wrote: I said pretty much that much in private mail. I think we should just issue retrograde bounty. We seem to be getting IPv6 just on time, on our favorite platform. Let's support this. We'll be putting out a call for funding once we're ready to be fully-manned on this project. Right now Seth is working on it in his free time and time his employer is allowing, and we're a bit out from being able to dedicate our full time guys on this, as we have to get 2.0 out first (this is a 2.1 feature, though those who want to play can sync it on 2.0). Once we get there we have to have the funding, the bulk of the dev work gets done by people we employ full time. Seth has a few basics working and has some great work done, that's barely scratching the surface though. Almost every single page and every back end piece has to be touched, pf needs to be fixed so it can handle IPv6 fragmentation (ditto in OpenBSD, though Henning Brauer's response to that question at EuroBSDCon was IPv6 cannot be fixed), ipfw fwd (for captive portal) doesn't work with IPv6, and I know we'll hit other issues along the way with various things. Both in our code base, and in FreeBSD's. It's a considerable project, looking forward to it though. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] IPv6 STF
Sawadeekap Is there a guide, other than http://www.xaero.org/index.php/archive/tag/pfsense/ , to get IPv6 on the LAN side over 6to4, STF? Thanks, Fabian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 STF
On Sat, Oct 9, 2010 at 2:49 PM, Fabian Abplanalp fabian.abplan...@bug.ch wrote: Sawadeekap Is there a guide, other than http://www.xaero.org/index.php/archive/tag/pfsense/ , to get IPv6 on the LAN side over 6to4, STF? That's the best I'm aware of. We don't officially support v6 at all until 2.1. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] IPv6 STF
What is wrong with that guide that you are asking for an alternative? Looks fine to me, but I'm new with IPv6 so I could be wrong... -Oorspronkelijk bericht- Van: Fabian Abplanalp [mailto:fabian.abplan...@bug.ch] Verzonden: zaterdag 9 oktober 2010 14:49 Aan: 'support@pfsense.com' Onderwerp: [pfSense Support] IPv6 STF Sawadeekap Is there a guide, other than http://www.xaero.org/index.php/archive/tag/pfsense/ , to get IPv6 on the LAN side over 6to4, STF? Thanks, Fabian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ NOD32 5517 (20101009) Informatie __ Dit bericht is gecontroleerd door het NOD32 Antivirus Systeem. http://www.nod32.nl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 STF
On Sat, Oct 09, 2010 at 03:18:14PM +0200, Bart Grefte wrote: What is wrong with that guide that you are asking for an alternative? Looks fine to me, but I'm new with IPv6 so I could be wrong... What is currently the recommended approach to deal with native IPv6 on the WAN? Just forward all IPv6 packets to a dedicate host behind the firewall, and let the host deal with it? -Oorspronkelijk bericht- Van: Fabian Abplanalp [mailto:fabian.abplan...@bug.ch] Verzonden: zaterdag 9 oktober 2010 14:49 Aan: 'support@pfsense.com' Onderwerp: [pfSense Support] IPv6 STF Sawadeekap Is there a guide, other than http://www.xaero.org/index.php/archive/tag/pfsense/ , to get IPv6 on the LAN side over 6to4, STF? Thanks, Fabian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ NOD32 5517 (20101009) Informatie __ Dit bericht is gecontroleerd door het NOD32 Antivirus Systeem. http://www.nod32.nl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ipv6 possibility
On Sep 25, 2008, at 7:59, Vivek Khera wrote: In short, there may not be a strong business case to *need* IPv6 today, but it is prudent to start exploring it and gaining the experience necessary to manage it in preparation for the day when it is necessary and when the bulk of traffic flows via it. The sooner the better, I say. Hi everyone, I looked up this old thread when I was trying to figure out the state of IPv6 support in pfSense. For the NTP Pool system we're getting IPv6 connectivity to start supporting that to the users; so for that we need IPv6 in our network stack (including firewall etc). - ask -- http://develooper.com/ - http://askask.com/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ipv6 possibility
On Thu, Mar 12, 2009 at 2:15 AM, Ask Bjørn Hansen a...@develooper.com wrote: I looked up this old thread when I was trying to figure out the state of IPv6 support in pfSense. There is an IPv6 branch in git where work has started, but it's a *long* way from being complete. Personally I would really like to see it in 2.0, but finishing the work may be dependent on the contributions of others, or someone funding it so I can spend a good chunk of time on it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ipv6 possibility
FWIW, I've said this before, I'll say it again. Open source works because people have an itch to scratch and they scratch it. None of the current devs have an IPv6 itch. It's a lot of work to convert a predomenently IPv4 based system to work in an IPv6 world and none of use have a need or desire to make it work. We'd certainly welcome anyone that has an itch and has not only the skills, but the stamina to bring this functionality to pfSense. Unless someone steps forward and does this, no further discussion on the topic is going to change anyones mind (unless there's a fairy god-company that is planning on fully sponsoring the work - and no, that's not an offer to accept it). --Bill PS. Is there anything actually on IPv6 only that matters (I'll define matters the same way Apple defines sufficient utility so just because it matters to you, it may not pass my 1d6 roll)? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Sean Cavanaugh wrote: tunneling IPv6 would just let you forward traffic in IPv4to an external gateway that translates from IPv4 to IPv6. the developers would rather not do that in favor of just fully implementing support for pfSense to be able to route IPv6 directly without the encapsulation. Not exactly, Routing happens before encapsulating. And You transport a IPv6 Packet over Protocol 41 (That adresses IPv4). It's really like PPPoE. If You know what a default gateway does... Its IPvWhatever. No Time, No Money, No knowledge, other Focus, even No Fun are good arguments against some features or needs. But there are simply wrong phrases about this. https://www.sixxs.net/faq/connectivity/?faq=comparison BTW: I hate this evangelism stuff. For my part I had to handle and I had to learn IPv6. And to do this, I had no other way than get some SIXXS-Tunnels. It's free. You can get Subnets. Even reverse delegation for DNS. I did this on some FreeBSD and Linux Machines in USA and CH. There are tons of tutorials. And this helped to understand some things instead of being the Breaker. And for my part I will have no problem to run pfSense and m0n0wall parallel. I have some spare WRAPS ;-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Beat Siegenthaler wrote: And for my part I will have no problem to run pfSense and m0n0wall parallel. I have some spare WRAPS ;-) I am another one of those people who is running a second box in parallel with my pfSense in order to have IPv6 on my network. I have been testing IPv6 for a number of years now and it is now getting to the point where some of my services are available on IPv6 and I am using that transport automatically when it is available. While I can appreciate if there is an apathy in the core dev team against features for which they see no need - I dislike the fact that I am running two firewalls when one should suffice. The kernel running under the hood of pfSense already has IPv6 running on it. I would be more than happy to hack away my own command line scripts to configure the IPv6 components but I have not figured out a way to do this within the configuration framework provided by pfSense. -- Graham Beneke Apolix Internet Services E-Mail/MSN/Jabber: [EMAIL PROTECTED] Skype: grbeneke VoIP: 087-750-5696 Cell: 082-432-1873 http://www.apolix.co.za/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Bill Marquette wrote: PS. Is there anything actually on IPv6 only that matters (I'll define matters the same way Apple defines sufficient utility so just because it matters to you, it may not pass my 1d6 roll)? not yet. worth reading IPv6 hour at Nanog http://www.networkworld.com/community/node/25180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Ihsan Dogan wrote: This is true, but cable or DSL providers who provide IPv6 are still very rare. At least here in Switzerland. it's not common, but there are some in UK. One problem is that many ISPs simply resell BT adsl service, so funky things like multicast are also unavailable. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Chris Buechler wrote: want to throw at it. There might be one or two developers, since I personally don't have time to be involved I won't give you a number on how much it would take to interest someone. This is a huge amount of work to properly implement in all the services, probably a couple full time months of work, so I would guess you're looking at into 5 figures USD. I can't make an official commitment, but IPv6 support would probably help me get employer to take a support contract. As a startup, budgets are tight, but the prospect of the quality of pfSense along with ipv6 would be a compelling idea! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Mon, Sep 29, 2008 at 11:20:20AM +0100, Paul Mansfield wrote: I can't make an official commitment, but IPv6 support would probably help me get employer to take a support contract. As a startup, budgets are tight, but the prospect of the quality of pfSense along with ipv6 would be a compelling idea! Here's a thought: make the default pfsense kernel dual-stack capable but disable the IPv6 part by default, and don't support it anywhere in the PHP/XML config framework. Explicitly mark it as unsupported. Null-route all IPv6 support requests. That way anyone who needs the functionality can hack it manually using stock FreeBSD configuration tools, yet there would be no support load for the developer team. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
technically this can already can be done if you use the developers build. -- From: Eugen Leitl [EMAIL PROTECTED] Sent: Monday, September 29, 2008 7:01 AM To: support@pfsense.com Subject: Re: [pfSense Support] ipv6 possibility On Mon, Sep 29, 2008 at 11:20:20AM +0100, Paul Mansfield wrote: I can't make an official commitment, but IPv6 support would probably help me get employer to take a support contract. As a startup, budgets are tight, but the prospect of the quality of pfSense along with ipv6 would be a compelling idea! Here's a thought: make the default pfsense kernel dual-stack capable but disable the IPv6 part by default, and don't support it anywhere in the PHP/XML config framework. Explicitly mark it as unsupported. Null-route all IPv6 support requests. That way anyone who needs the functionality can hack it manually using stock FreeBSD configuration tools, yet there would be no support load for the developer team. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Mon, Sep 29, 2008 at 7:22 AM, Sean Cavanaugh [EMAIL PROTECTED] wrote: technically this can already can be done if you use the developers build. or even 1.2.1 RC. i was pleasantly surprised to see IPv6 info from the network status pages. of course, this was after YetAnotherFailedEmbededUpgrade so I had to re-flash, but that was 99.44% expected to happen by me :-( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Scott Ullrich wrote: Chris summed this up quite well but we cannot just half ass implement IPv6. It requires a real testing environment and a lot of work to implement it fully vs. doing it for just most of us needs. I think we all appreciate the quality oriented development. But for me is a tunneled IPv6 not more half ass than a IPv4-wan over PPoE ;-) Even Cisco and Checkpoint are starting seldom with fully implementations of new gadgets But they start... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Leon Strong | Technical Engineertunneling IPv6 would just let you forward traffic in IPv4to an external gateway that translates from IPv4 to IPv6. the developers would rather not do that in favor of just fully implementing support for pfSense to be able to route IPv6 directly without the encapsulation. Personally, I think that if you just want to tap into IPv6 networks, then a tunnel wrapper wouldn't be a bad idea, but as a package only and not part of the base install. From: Leon Strong Sent: Monday, September 29, 2008 9:34 PM To: support@pfsense.com Subject: Re: [pfSense Support] ipv6 possibility I was thinking the same thing, and am still wondering why/how using an ipv6 tunnel would result in a half assed implementation. admittedly, i'm not a pfsense dev, and they can say what they like *shrug*
Re: [pfSense Support] ipv6 possibility
Am 28.9.2008 1:11 Uhr, Jeppe Øland schrieb: And we keep being told how far behind the rest of the world the UK is for broadband ;-) It's pretty sad actually. 10 years ago, US was so far ahead of Europe with regards to Internet connectivity. Since then it has pretty much rested on its laurels - and it shows. This is true, but cable or DSL providers who provide IPv6 are still very rare. At least here in Switzerland. Ihsan -- [EMAIL PROTECTED] http://blog.dogan.ch/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Sat, Sep 27, 2008 at 11:54 PM, Chris Bagnall [EMAIL PROTECTED] wrote: Availability is a major constraint. At least for Scott and myself, neither of us have an option to even get IPv6 connectivity on a residential grade connection. Obviously I don't know where Scott and yourself are based, but that's kinda... shocking, for want of a better way of putting it. Are there no *DSL providers in your neck of the woods that'll offer an IP6-compatible connection? And we keep being told how far behind the rest of the world the UK is for broadband ;-) Anyway, back to the original topic, are there any pfSense developers who might have time available to tackle a project of this size and scope? In my experience, time is usually the major limiting factor, especially as I'm sure many developers have full-time jobs that get in the way. ;-) To put it bluntly, I (and I'm sure others here) need to try and grasp at least a rough idea of the financial implications before we know how far into our pockets we need to dig to fund it. I am interested in this and have the possibility of getting such a link at local ISP though somewhat 'expenssive' at present. Basically this is something that, one person, can deliver in 4-6 months depending on hours put into development. But i am definitely interested. The estimation of the cost is something that needs to be investigated though. Though Chris in a previous thread might have given a quick approximation. Regards, -- Ermal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Chris Bagnall wrote: Availability is a major constraint. At least for Scott and myself, neither of us have an option to even get IPv6 connectivity on a residential grade connection. Obviously I don't know where Scott and yourself are based, but that's kinda... shocking, for want of a better way of putting it. Are there no *DSL providers in your neck of the woods that'll offer an IP6-compatible connection? And we keep being told how far behind the rest of the world the UK is for broadband ;-) You have strong proponents inside British Telecom for IPv6 stuff... AFAIK BT ran their core network on experimental IOS releses just to have dual stack for 2 years. Now they implemented official releases, as Cisco put IPv6 stack into stable branch :) You english types a quite advanced on that area :) /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Beat Siegenthaler wrote: RB wrote: This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Maybe it's the simple argument: Jump on the Train!!! Hype or not, IPv6 is coming. Let the we get out of IP's yells beside this time. It's like talk about that a cellular does not need a camera. Or that cameras with more than 5Megapixels are never needed. Or 640k are enough Take it or leave it as Customer. But: Take it or dissapear as Manufacturer. I love pfSense!! But I play around with IPv6 because I want to have a advance. If there is suddenly a other project that has IPv6 and it is similar to pfSense: Bye Bye faithfulness. Many good products made this way... Last Point: The energy we put in NAT, overlapping Networks, strange VPN's in legacy v4 is enormous. Many of this Problems are inexistant with v6. And a Firewall would be again what it ever was: A routing device were I can enforce who, what, when, why can talk to some other Node Amen. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipv6 possibility
We use pfSense in client environments. We use ISPs that offer IP6 support at no extra charge. Does anyone know how much £/€/$ would be needed to encourage the developers to move IP6 support up the development timeframe? With that information, perhaps those members of the community using pfSense in a commercial environment (me included) can get together and raise the necessary funding to make the development commercially viable. Regards, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Sat, Sep 27, 2008 at 3:15 PM, Chris Bagnall [EMAIL PROTECTED] wrote: We use pfSense in client environments. We use ISPs that offer IP6 support at no extra charge. Does anyone know how much £/€/$ would be needed to encourage the developers to move IP6 support up the development timeframe? With that information, perhaps those members of the community using pfSense in a commercial environment (me included) can get together and raise the necessary funding to make the development commercially viable. Please considering figuring in costs for the developer to obtain a real IPV6 connection at their lab as well. Without this support it will be difficult in many cases. And no, a proxy is not an option. Scott
Re: [pfSense Support] ipv6 possibility
On Sat, Sep 27, 2008 at 3:48 PM, Scott Ullrich [EMAIL PROTECTED] wrote: On Sat, Sep 27, 2008 at 3:15 PM, Chris Bagnall [EMAIL PROTECTED] wrote: We use pfSense in client environments. We use ISPs that offer IP6 support at no extra charge. Does anyone know how much £/€/$ would be needed to encourage the developers to move IP6 support up the development timeframe? With that information, perhaps those members of the community using pfSense in a commercial environment (me included) can get together and raise the necessary funding to make the development commercially viable. Please considering figuring in costs for the developer to obtain a real IPV6 connection at their lab as well. Without this support it will be difficult in many cases. Availability is a major constraint. At least for Scott and myself, neither of us have an option to even get IPv6 connectivity on a residential grade connection. Then I guess the issue does go back to cost, as you're looking at a T1 at that point. It's not of much interest to most of the developers because we couldn't get real IPv6 Internet connectivity if we wanted it. No, tunneling is not a valid option, you can't implement and fully and properly test IPv6 without real IPv6 connectivity. If it's going to be done, it's not going to be half assed. Another issue is time availability, I'm not sure if there is anyone with adequate time available for this regardless of how much money you want to throw at it. There might be one or two developers, since I personally don't have time to be involved I won't give you a number on how much it would take to interest someone. This is a huge amount of work to properly implement in all the services, probably a couple full time months of work, so I would guess you're looking at into 5 figures USD. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Scott Ullrich wrote: And no, a proxy is not an option. Why ? what is the difference for the firewalling stuff? The Protocol is interesting. Most of us need a IPv6 Ruleset, radvd/rtadvd and a 4in6 Tunnel. That's what i am doing on a FreeBSD-Box behind my IPv4 Gateway (pfSense). For many intercontinental connections I have better latency in my IPv6 Tunnels than directly via IPv4. I remember I had a Atari, a Modem and logged in to Usenet. I did not even know that this was Internet... But I learned much I would never know if I waited for a broadband access... It's also my opinion, that money will be not the best actuator for pfSense IPv6 development. It should be curiosity. (Scott, please don't shoot at me...) For my part, for production I will move my IPv6 Tunnel(s) from FreeBSD Boxes to a M0n0wall-Wrap/Alix next months.. Then I have two similar Firewalls. Who cares. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Sat, Sep 27, 2008 at 5:22 PM, Beat Siegenthaler [EMAIL PROTECTED] wrote: Scott Ullrich wrote: And no, a proxy is not an option. Why ? what is the difference for the firewalling stuff? The Protocol is interesting. Most of us need a IPv6 Ruleset, radvd/rtadvd and a 4in6 Tunnel. That's what i am doing on a FreeBSD-Box behind my IPv4 Gateway (pfSense). For many intercontinental connections I have better latency in my IPv6 Tunnels than directly via IPv4. Chris summed this up quite well but we cannot just half ass implement IPv6. It requires a real testing environment and a lot of work to implement it fully vs. doing it for just most of us needs. Scott
RE: [pfSense Support] ipv6 possibility
Availability is a major constraint. At least for Scott and myself, neither of us have an option to even get IPv6 connectivity on a residential grade connection. Obviously I don't know where Scott and yourself are based, but that's kinda... shocking, for want of a better way of putting it. Are there no *DSL providers in your neck of the woods that'll offer an IP6-compatible connection? And we keep being told how far behind the rest of the world the UK is for broadband ;-) Anyway, back to the original topic, are there any pfSense developers who might have time available to tackle a project of this size and scope? In my experience, time is usually the major limiting factor, especially as I'm sure many developers have full-time jobs that get in the way. ;-) To put it bluntly, I (and I'm sure others here) need to try and grasp at least a rough idea of the financial implications before we know how far into our pockets we need to dig to fund it. Regards, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Sat, Sep 27, 2008 at 5:54 PM, Chris Bagnall [EMAIL PROTECTED] wrote: Availability is a major constraint. At least for Scott and myself, neither of us have an option to even get IPv6 connectivity on a residential grade connection. Obviously I don't know where Scott and yourself are based, but that's kinda... shocking, for want of a better way of putting it. Are there no *DSL providers in your neck of the woods that'll offer an IP6-compatible connection? That is correct. Scott
Re: [pfSense Support] ipv6 possibility
Obviously I don't know where Scott and yourself are based, but that's kinda... shocking, for want of a better way of putting it. Are there no *DSL providers in your neck of the woods that'll offer an IP6-compatible connection? And we keep being told how far behind the rest of the world the UK is for broadband ;-) It's pretty sad actually. 10 years ago, US was so far ahead of Europe with regards to Internet connectivity. Since then it has pretty much rested on its laurels - and it shows. Now, Europe is far ahead when it comes to speed and availability (Well aside from Japan/Korea) ... sounds like they are ahead on features too. Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
RB wrote: This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Maybe it's the simple argument: Jump on the Train!!! Hype or not, IPv6 is coming. Let the we get out of IP's yells beside this time. It's like talk about that a cellular does not need a camera. Or that cameras with more than 5Megapixels are never needed. Or 640k are enough Take it or leave it as Customer. But: Take it or dissapear as Manufacturer. I love pfSense!! But I play around with IPv6 because I want to have a advance. If there is suddenly a other project that has IPv6 and it is similar to pfSense: Bye Bye faithfulness. Many good products made this way... Last Point: The energy we put in NAT, overlapping Networks, strange VPN's in legacy v4 is enormous. Many of this Problems are inexistant with v6. And a Firewall would be again what it ever was: A routing device were I can enforce who, what, when, why can talk to some other Node - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Wed, Sep 24, 2008 at 04:22:00PM -0600, RB wrote: This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Aside from those home We're running out of addresses, and we better start deploying two years ago. Unless you want to start living with NAT at ISP level, which would suck. hackers that are desperate for a full 128 bits of addressing to route the twelve devices on their network (never mind my public wifi network that eats an entire /17 with all its churn), where are the potential users? Who has put off rolling out pfSense or a similar platform Everybody. Mobile device users for starters. because it didn't implement IPv6? What about the fact that for the You're talking about the past. There has been no address scarcity in the past. huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some Why can't I terminate a 6to4 tunnel in pfSense? So I can offer my customers native IPv6 connectivity, which my hoster doesn't, yet? 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I have a small business with a /24. In order for me to make money I will soon have to order another /24. And then another. I'm not against IPv6, I just disagree with the periodic Slashdot-induced handwaving 'emergency'. We've been on the cusp of Slashdot-induced, huh. an addressing crisis for years, and the fact that someone has slapped a ruler on the current allocation trend and come up with a number of days under 1000 doesn't really cause me concern. Who can present a reasonable case for adoption before the current 2-3 year timeline? Do you realize how long hardware deployment takes? Right now we're driving at a nearby brick wall with a floored pedal. It's going to hurt, a lot. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
an addressing crisis for years, and the fact that someone has slapped a ruler on the current allocation trend and come up with a number of days under 1000 doesn't really cause me concern. Who can present a reasonable case for adoption before the current 2-3 year timeline? Do you realize how long hardware deployment takes? Right now we're driving at a nearby brick wall with a floored pedal. It's going to hurt, a lot. Couldn't agree more. Bravo! As would Randy Bush say, we are on a train, that is soon to be train-wreck. But, we at least know, that we're gonna crash, so we can fasten our seatbelts and hurry up a bit to finish with desert. Imagine all those people on Titanic, that was never able to finish their desert... I suggest we take our heads out of the sand and start deploying IPv6 stuff. Personally I don't like the idea of two separate firewalls, pfsense for IPv4 and whatever else for IPv6. But, sadly, this is what I am doing now. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Eugen Leitl wrote: I have a small business with a /24. In order for me to make money I will soon have to order another /24. And then another. there's also the problem of getting globally routable PI space - you need a /23 to ensure your prefix isn't discarded by some ISPs, but getting a /23 these days is very difficult without very good justification - we found it easier to team up with an ISP to make use of their /22 for load-balancing and failover! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Paul Mansfield wrote: Eugen Leitl wrote: I have a small business with a /24. In order for me to make money I will soon have to order another /24. And then another. there's also the problem of getting globally routable PI space - you need a /23 to ensure your prefix isn't discarded by some ISPs, but getting a /23 these days is very difficult without very good justification - we found it easier to team up with an ISP to make use of their /22 for load-balancing and failover! Yup, you got that right... but after Pakistan Telekom - Youtube fsck-up even /23 announces are not safe anymore and filtered out by some IX-es and ISP-s. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Thu, Sep 25, 2008 at 12:28 PM, Paul Mansfield [EMAIL PROTECTED] wrote: Eugen Leitl wrote: I have a small business with a /24. In order for me to make money I will soon have to order another /24. And then another. there's also the problem of getting globally routable PI space - you need a /23 to ensure your prefix isn't discarded by some ISPs, but getting a /23 these days is very difficult without very good justification - we found it easier to team up with an ISP to make use of their /22 for load-balancing and failover! Well you guys want to make money but are trying to push something free! It just doesn't make sense to me, really how about cooperate/contribute/involve/whatever... you 'business' consider appropriate to push the products over. -- Ermal P.S. Sorry couldn't resist. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Eugen Leitl wrote: Do you realize how long hardware deployment takes? Right now we're driving at a nearby brick wall with a floored pedal. at least pfSense is theoretically capable of being upgraded to ipv6, but there are millions of people still buying cheap routers/modem/switches (linksys, belkin, netgear, dlink). for example: whilst smart people might be aware and, say, buy the L model of the linksys wrtg54* which can run linux and thus be able to install an ipv6 aware distro, the vast majority will buy the cheaper model for which (IIRC) there is no ipv6 support and it might not ever be possible with its rom and ram limits! I think we're going to see ISPs forcing NAT on users unless they pay a premium, just as cell phone operators do to handsets. If you think getting VOIP/SIP working now is a pain with a single level of NAT, it's going to truly fugly then! Paul * http://en.wikipedia.org/wiki/DD-WRT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Thu, Sep 25, 2008 at 12:33:54PM +0200, Ermal Luçi wrote: Well you guys want to make money but are trying to push something free! Free/libre and donations aren't mutex. I donate $10 for every instance of pfsense I have in production (notice: I'm not making any money yet), and I've paid for a year of commercial support for pfsense at my dayjob. I encourage everybody to pitch in inasmuch it is possible. It just doesn't make sense to me, really how about cooperate/contribute/involve/whatever... you 'business' consider You don't want any nontrivial patches from me. Trust me on that. appropriate to push the products over. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
I suggest we take our heads out of the sand and start deploying IPv6 stuff. It is regrettable you consider asking for a valid business case for accelerating a largely hobbyist project to be sticking one's head in the sand. Personally I don't like the idea of two separate firewalls, pfsense for IPv4 and whatever else for IPv6. But, sadly, this is what I am doing now. Yet you still do not answer the question - what value is v6 providing you now? Would you mind sharing what made you make the agreeably painful decision to run two separate gateways? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Thu, Sep 25, 2008 at 10:51 AM, RB [EMAIL PROTECTED] wrote: Personally I don't like the idea of two separate firewalls, pfsense for IPv4 and whatever else for IPv6. But, sadly, this is what I am doing now. Yet you still do not answer the question - what value is v6 providing you now? Would you mind sharing what made you make the agreeably painful decision to run two separate gateways? Either you believe that IPv6 is coming, or you don't. I fall in the former camp though there are people who believe IPv6 is not necessary. I agree that it will be a long time before there are hosts that are IPv6 that are not also visible via IPv4. That all being said, it is important to start gaining experience with IPv6 deployments, and that pretty much makes it necessary that your firewall support it as well. In short, there may not be a strong business case to *need* IPv6 today, but it is prudent to start exploring it and gaining the experience necessary to manage it in preparation for the day when it is necessary and when the bulk of traffic flows via it. The sooner the better, I say. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
To preface: I'm not making arguments against IPv6; rather against the lack of sound reasoning being the driving force behind it. I like the next shiny obstacle as much as the next engineer, but have had too much PHB experience to allow it to distract me from making a valid case. This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Aside from those home We're running out of addresses, and we better start deploying two years ago. Unless you want to start living with NAT at ISP level, which would suck. This has been happening for years; some ISPs are selling it as 'enhanced security' connections, others are just doing it silently. For 90% of the population, ISP NAT is 'good enough' and often better than what they have. Although distasteful, I also believe the pay for a public IP scenario is awfully likely; they'll just roll it into the T's C's of a business-class connection and treat it the same as a static allocation. hackers that are desperate for a full 128 bits of addressing to route the twelve devices on their network (never mind my public wifi network that eats an entire /17 with all its churn), where are the potential users? Who has put off rolling out pfSense or a similar platform Everybody. Mobile device users for starters. I presume you mean mobile devices are potential users. Unfortunately, you have a theoretical disconnect - not only would (my number) less than 0.5% of mobile device users _need_ a publicly routable IP, the truth of the matter is that on most cellular connections I've worked with even though you're assigned a public IP (unless connecting via a Windows phone), you are allowed zero inbound connectivity and have to initiate everything from the mobile. How is that any different from NAT? I've been around the block a time or three in the mobile space, and although global addressing is attractive I just don't see that market as a driving factor. because it didn't implement IPv6? What about the fact that for the You're talking about the past. There has been no address scarcity in the past. I am most certainly speaking in the past tense, but allow me to alter it for your strawman: who won't roll out platform X tomorrow because it doesn't provide v6 services? Ever since IPv6 was ratified people have been moaning about address scarcity - why are 39 /8's still unallocated and many huge spaces are not even publicly routed?. You make the case earlier that we should have been deploying this two years ago, and now try to say I shouldn't talk about the past. Why the double standard? huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some Why can't I terminate a 6to4 tunnel in pfSense? So I can offer my customers native IPv6 connectivity, which my hoster doesn't, yet? Same question - you want to provide it, but what justification is there? Are you losing or missing clients because you don't offer native v6? Why (if they are) are customers requesting it other than it's a shiny new foo? Surely you've done supporting cost and market analysis? If you could prove even one lost customer, that would be a viable case for directly funding adding a 6to4 tunnel to pfSense; two, and you'd likely be coming out ahead. 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I have a small business with a /24. In order for me to make money I will soon have to order another /24. And then another. This is the normal course of business: you purchase a fixed amount of a consumable asset and when said asset is depleted you make the business decision to replenish your supply, go out of business, or pursue other venues. Where is the problem? If you have failed to keep up with the cost of that asset and plan for the expense of replenishing it, suddenly being gifted 72 quadrillion times more of the asset is only going to postpone your business' demise from poor planning. I'm not against IPv6, I just disagree with the periodic Slashdot-induced handwaving 'emergency'. We've been on the cusp of Slashdot-induced, huh. The query is posted on the same day a hand-waving article hits Slashdot's front page; the first response is you posting a link to said article. Make the connection? an addressing crisis for years, and the fact that someone has slapped a ruler on the current allocation trend and come up with a number of days under 1000 doesn't really cause me concern. Who can present a reasonable case for adoption before the current 2-3 year timeline? Do you realize how long hardware deployment takes? Right now we're driving at a nearby brick wall with a floored pedal. Yes, yes I do. My first IT job was working on a wireless hardware team wherein we managed both the infrastructure and clients for ~4.5k international locations and 50 client devices per locale. We went
Re: [pfSense Support] ipv6 possibility
On Thu, Sep 25, 2008 at 08:59, Vivek Khera [EMAIL PROTECTED] wrote: Either you believe that IPv6 is coming, or you don't. I fall in the former camp though there are people who believe IPv6 is not necessary. I agree that it will be a long time before there are hosts that are IPv6 that are not also visible via IPv4. That all being said, it is important to start gaining experience with IPv6 deployments, and that pretty much makes it necessary that your firewall support it as well. In short, there may not be a strong business case to *need* IPv6 today, but it is prudent to start exploring it and gaining the experience necessary to manage it in preparation for the day when it is necessary and when the bulk of traffic flows via it. The sooner the better, I say. Thanks for a reasoned response - prudence FTW! I would venture to guess that most of us fall in the former camp to some extent; I certainly do, but am still skeptical of the hand-wringing that seems to happen all too often in our industry. Guess I've heard (and made) far too many excuses to be swayed very easily. As an aside, it would be far easier for 3rd-party developers to add this and other features themselves if SCM (even read-only) were available. Maybe this year? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
RB wrote: I suggest we take our heads out of the sand and start deploying IPv6 stuff. It is regrettable you consider asking for a valid business case for accelerating a largely hobbyist project to be sticking one's head in the sand. I meant this one widely. Much more widely and on larger scale. Not just pfsense project, untill the magic date 10.10.2010 we are supposed to have criticall mass of deployment of IPv6 done, this is the only way we can go through this transition process with as less pain as possible. Is there gonna be IPv6 as main protocol? - this is not a question anymore. There are no other ways. On RIPE meetings I spoke with a lot of exchange providers and european largest ISP-s, the common idea I got from these guys was hey, we must grow as a company, when there is no more IPv4 available, we are ready to make a switch to v6. We calculate, that it is far too expensive for an ISP to mantain dual-stack for long time. So, ISP will not break any part of contract with you, providing you IPv6 only access. Being said that, on the other hand we know, that translation mechanisms are total crap. NAT-PT is deprecated by IETF, maybe there is a little hope for SIIT (ptrtd), that does translation on 3rd level and not trying to translate IP headers from v4 to v6, which is nonsense. How can we get away with this, possibly with as less mess as possible? Content providers, hosting providers, everybody that is providing any sort of content *must* deploy dual-stack and start serving content on both protocols. Ideally, if everybody would do that, there would be no need for any rubbish translation devices... That's why I chose to run two gateways, pfsense as brilliant v4 firewall and one linux box with v6 stuff and firewall on it, providing access for dual-stack servers in the system. That's the only way we can test our applications and you would be surprised, the v6 network is not dead and silent, there is increasing amount of traffic going on... Google is preparing their site, to go dual stack, for now they are testing on http://ipv6.google.com/ . I spoke with Lorenzo, main guy @ google for this stuff, they are still experiencing some problems with dual-stack. So, if google is experiencing problems and is testing and developing two years ahead, why woul that not be the good example for everybody in internet business? I hope I answered most of your questions. Regards, /jan Personally I don't like the idea of two separate firewalls, pfsense for IPv4 and whatever else for IPv6. But, sadly, this is what I am doing now. Yet you still do not answer the question - what value is v6 providing you now? Would you mind sharing what made you make the agreeably painful decision to run two separate gateways? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipv6 possibility
My only input into the matter is that if you NEED ipv6 implemented into pfSense that you submit a proposal to the developers through their corporate support for development services. They have stated before that from a hobbyist development point of view, they do not have access to ipv6 systems to warrant them to do it in the near future but would work on it if there was an official paid development effort. In the mean time, pf as a service can run ipv6 and can run dual stacked with ipv4 for those that need it. https://solarflux.org/pf/pf+IPv6.php in summary, unless someone pays for it or adds it themselves, it wont be added anytime soon. -Sean
[pfSense Support] ipv6 possibility
Hello, As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? See the announcement of monowall: http://m0n0.ch/wall/list/showmsg.php?id=346/12 Regards, Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Wed, Sep 24, 2008 at 09:23:11AM +0200, R. Th. Boots wrote: As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? See the announcement of monowall: http://m0n0.ch/wall/list/showmsg.php?id=346/12 Speaking about IPv6 http://tech.slashdot.org/tech/08/09/24/1254235.shtml http://entne.jp/tool/toollist/index_en.html sez teotwawki in 768 days. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Wed, Sep 24, 2008 at 3:23 AM, R. Th. Boots [EMAIL PROTECTED] wrote: Hello, As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? The two are vastly different at this point, so that isn't much help. So much so that it would probably be easier to start from scratch. IPv6 is still a project that none of our current developers have any interest in undertaking until the version after 1.3. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Aside from those home hackers that are desperate for a full 128 bits of addressing to route the twelve devices on their network (never mind my public wifi network that eats an entire /17 with all its churn), where are the potential users? Who has put off rolling out pfSense or a similar platform because it didn't implement IPv6? What about the fact that for the huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I'm not against IPv6, I just disagree with the periodic Slashdot-induced handwaving 'emergency'. We've been on the cusp of an addressing crisis for years, and the fact that someone has slapped a ruler on the current allocation trend and come up with a number of days under 1000 doesn't really cause me concern. Who can present a reasonable case for adoption before the current 2-3 year timeline? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
Amen. -phil On Sep 24, 2008, at 5:22 PM, RB wrote: As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? This question comes back up every few months, and every time I wonder: what is the justification case for IPv6? Aside from those home hackers that are desperate for a full 128 bits of addressing to route the twelve devices on their network (never mind my public wifi network that eats an entire /17 with all its churn), where are the potential users? Who has put off rolling out pfSense or a similar platform because it didn't implement IPv6? What about the fact that for the huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I'm not against IPv6, I just disagree with the periodic Slashdot-induced handwaving 'emergency'. We've been on the cusp of an addressing crisis for years, and the fact that someone has slapped a ruler on the current allocation trend and come up with a number of days under 1000 doesn't really cause me concern. Who can present a reasonable case for adoption before the current 2-3 year timeline? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Wed, Sep 24, 2008 at 3:22 PM, RB [EMAIL PROTECTED] wrote: Who has put off rolling out pfSense or a similar platform because it didn't implement IPv6? Anything for the US Government is required to be IPv6 ready. What about the fact that for the huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I think you will start to see IPv6 adoption rapidly pick up steam, but as you indicate, anything that is 2-3 years off still leaves most people thinking that they have plenty of time. -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
On Wed, Sep 24, 2008 at 16:26, David Rees [EMAIL PROTECTED] wrote: On Wed, Sep 24, 2008 at 3:22 PM, RB [EMAIL PROTECTED] wrote: Who has put off rolling out pfSense or a similar platform because it didn't implement IPv6? Anything for the US Government is required to be IPv6 ready. Accepted and reasonable, but did pfSense pass EAL when I wasn't looking? I know not everything has to pass, but you get the idea. For that matter, in the current US marketing environment, pfSense would be considered IPv6 ready - the underlying OS has full support even though the UI does not. I think you will start to see IPv6 adoption rapidly pick up steam, but as you indicate, anything that is 2-3 years off still leaves most people thinking that they have plenty of time. Agreed, but it is my opinion we won't see this until it starts threatening large ISPs' bottom end: when they can't take on any more new customers. Then (and only then) will IPv6 become anything more than an esoteric issue to those holding the purse-strings. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipv6 possibility
for the IPV6 stuff we run - we happily use vYatta not as nice - but works well. We can wait. :-) On Sep 24, 2008, at 6:26 PM, David Rees wrote: On Wed, Sep 24, 2008 at 3:22 PM, RB [EMAIL PROTECTED] wrote: Who has put off rolling out pfSense or a similar platform because it didn't implement IPv6? Anything for the US Government is required to be IPv6 ready. What about the fact that for the huge majority of users, the magical IPv6 land of ponies and sugar cakes will end at their border unless they tunnel it out to some 3rd-party provider? Yes, some ISPs are starting to offer v6 connectivity, but those are few and far between. I think you will start to see IPv6 adoption rapidly pick up steam, but as you indicate, anything that is 2-3 years off still leaves most people thinking that they have plenty of time. -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
does vmware server do ipv6? that would make a convenient development sandbox. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
How hard can it be? Maybe if m0n0wall takes the lead a little softer ;-)... http://m0n0.ch/wall/ has basic ipv6 support since a few weeks. True :) What I see from changes, only basiv tunneling is implemented. What we need is also stateless autoconfiguration daemon (radvd), statefull autoconfig support (dhcpv6), full graphical config support (interfaces IP-s, rules definitions, etc...), OSPFv6, DNS tip or trick daemon (totd) and pTRTd as v6 to v4 translator... That would suffice for a start of even thinking of the idea of using pfsense (or m0n0wall) in ipv6 environment as router :) I have several networks on dual-stack, some of them even on v6 only and I think development on ipv6 in firewall area should be quicker. A lot quicker. I don't want to sound like an clairvoyant, but 10.10.2010 date as predicted v.4 dead-end is near. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
Jan Zorz wrote: What I see from changes, only basiv tunneling is implemented. What we need is also stateless autoconfiguration daemon (radvd), statefull autoconfig support (dhcpv6), full graphical config support (interfaces IP-s, rules definitions, etc...), OSPFv6, DNS tip or trick daemon (totd) and pTRTd as v6 to v4 translator... That would suffice for a start of even thinking of the idea of using pfsense (or m0n0wall) in ipv6 environment as router :) Shure, but instead of waiting, i decided to make a Tunnelrouter inside my private Network with this services. Therefore i can play with v6 without waiting for miracles ;-) (but for graphical IPv6 Firewall-Rules will still Checkpoint products be the Choice) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
Currently none of the developers has an IPv6 network with which to do testing. IPv6 lab network can be very easily setup, if you know how to do it. No expensive hardware involved, just a bunch od bsd and linux boxes, some IPv6 daemons and a tunnel to IPv6 broker, if there is no native IPv6 connectivity. How hard can it be? /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
Am 1.8.2008 15:40 Uhr, Gary Buckmaster schrieb: Are there any plans to improve the IPv6 support of pfSense? Currently none of the developers has an IPv6 network with which to do testing. There have been a number of queries on this subject, including a fairly long thread on this mailing list. For further details, I'd encourage you to review the archives of this thread. Ok. Thanks for your reply. Ihsan -- [EMAIL PROTECTED] http://blog.dogan.ch/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPv6
Hello, Are there any plans to improve the IPv6 support of pfSense? Ihsan -- [EMAIL PROTECTED] http://blog.dogan.ch/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
Ihsan Dogan wrote: Hello, Are there any plans to improve the IPv6 support of pfSense? Ihsan Currently none of the developers has an IPv6 network with which to do testing. There have been a number of queries on this subject, including a fairly long thread on this mailing list. For further details, I'd encourage you to review the archives of this thread. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPv6
Hello all, I was wondering if pfsense was supporting ipv6 and ipv6-in-ipv4 tunnels? If not, are there plans to support support it any time soon? If needed I am able to do some testing. Regards, Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
On Sat, Jan 26, 2008 at 01:00:52PM +0100, R. Th. Boots wrote: Hello all, I was wondering if pfsense was supporting ipv6 and ipv6-in-ipv4 tunnels? 6to4 on WAN and native IPv6 on LAN side would be nice indeed. If not, are there plans to support support it any time soon? If needed I am able to do some testing. Yes, please. Me too. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6
R. Th. Boots wrote: I was wondering if pfsense was supporting ipv6 and ipv6-in-ipv4 tunnels? It is my understanding that the kernel that runs under pfsense has supported IPv6 fully for a long time. If not, are there plans to support support it any time soon? If needed I am able to do some testing. You should be able to get something working through shell scripted configurations. Those configuration options need to be integrated into the web front-end however for pfsense to properly support IPv6. -- Graham Beneke Apolix Internet Services E-Mail/MSN/Jabber: [EMAIL PROTECTED] Skype: grbeneke VoIP: 087-750-5696 Cell: 082-432-1873 http://www.apolix.co.za/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6 tunnel BUG
On 9/21/05, Scott Ullrich [EMAIL PROTECTED] wrote: That is a portion that I have not converted as of yet. I don't have any type of ipv6 devices to test with, etc. I'll see what I can do but this may be feature that is marked for removing. Could it be that this is fixed in the latest version? I no longer have this problem. Hopefully the tunnel will not die on me anymore. -- Jeroen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPv6 tunnel BUG
Hi, When i enable IPv6 tunneling in system/advanced, incorrect pf rules are generated: Sep 21 14:28:11 php: : There were error(s) loading the rules: /tmp/rules.debug:55: dst port only applies to tcp/udp /tmp/rules.debug:55: skipping rule due to errors /tmp/rules.debug:55: rule expands to no valid combination pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [55]: rdr on xl0 proto ipv6 from any to any port 0 - 192.168.10.14 I am using the latest version (0.84.6) -- Jeroen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
