Messages

this is the same as ULA just with fe80 at the beginning...
now everything is running as it should.

There is no bug :)

hmm, I think I see my mistake... I am using a ULA IPv6 address and should be using a Link Local address.
Where can I see the Link Local of a FritzBox?

Hi all,

Since the last version, I've noticed a strange behavior in the monitoring of an IPv6 gateway. When I enable it, I see the following error:

Code Select Expand

[meta sequenceId="3"] /usr/local/sbin/pluginctl: The command '/sbin/route add -host -'inet6' '2001:4860:4860::8888' 'fd00::52e6:36ff:fe01:3dca'' returned exit code '1', the output was 'add host 2001:4860:4860::8888: gateway fd00::52e6:36ff:fe01:3dca fib 0: Invalid argument'However, I can manually set the route with:

Code Select Expand

route add -host -inet6 2001:4860:4860::8888 gw fd00::52e6:36ff:fe01:3dca dev vlan0.0004and everything seems to work normally. But in the WebUI, the gateway is marked as orange at status, and when I hover over it, I get the message: "Misconfigured gateway IP".
Has anyone else experienced this behavior? I wanted to ask here before filing a bug report.

TiA
Greetz

how do you use it? I mean I couldnt find a place in WebUI/Unbound DNSBL where I can insert my own List. There are some what I can choose, but the HaGeZi's is not there.

Hi All,

Does crowdsec also replace the DNSBL of Unbound or the lists from Firehol & co? Or are these more complementary things?

TiA

* Kea DHCP will gain DHCPv6 eventually

that would be nice because of the HA features ;)

The mere fact that Kea is the only maintained effort for HA features will make it stick to the core, but honestly we do not like to see it become the default.

can you explain the reason?

yeah that was the problem... DNS64 flag was set in unbound. Disabled and now is all as it should be...

Hi All,

After configuring IPv6, a RedHat program started behaving strangely (long waiting for a timout). I checked it with strace and found that it was trying to reach the address: 64:ff9b::d184:b210. I identified this as a NAT64 address of a Red Hat host. When I opened a ticket with Red Hat, they told me that the program does not support IPv6 and asked if I had configured NAT64/DNS64. I had not. Now I am trying it with Tayga, but something is not working.

The first question is, I use both ipv4 and ipv6 in my LAN. Do I need to configure NAT64? I read that you only need NAT64 if you have at least an IPv6-only network.
If that's the case, is Red Hat doing something wrong, or is it my router configuration that's messed up?

Second:
This is my Tayga Configuration:
IPv4 Address 192.168.254.3 (not used somwhere else)
IPv4 NAT64 Interface Address 192.168.253.1 (not used somwhere else)
IPv6 Address fd00:14::1
IPv6 NAT64 Interface Address 2a02:XXXX:XX:XX00:0::1 (I've got the prefix from my ISP: 2a02:XXXX:XX:XX/56)
IPv6 Prefix 64:ff9b::/96
IPv4 Pool 192.168.254.0/24
Custom IPv6 Routing not checked

(NAT, Normalization and FW Rule for Tayga Iface are configured)

Problem:
# traceroute6 64:ff9b::d184:b210
traceroute6 to 64:ff9b::d184:b210 (64:ff9b::d184:b210) from 2a02:XXXX:XX:XX00::1, 64 hops max, 28 byte packets
1  fd00:14::1  0.124 ms  0.103 ms  0.191 ms

# ping6 64:ff9b::d184:b210
PING(56=40+8+8 bytes) 2a02:XXXX:XX:XX00::1 --> 64:ff9b::d184:b210
--- 64:ff9b::d184:b210 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss

What I'm doing wrong?

TiA
Greetz

+1

aaach have it... the backroute on the Fritz was missing/wrong :D

now everything works as it should :D

Hi all,

I have received a static IPv4 and a static IPv6 prefix from my internet provider. IPv4 is clear so far. I have a few questions about IPv6.

My setup:
ISP -> Fritzbox -> OPNsense -> LAN
Fritzbox and OPNsense are together in a DMZ (IPv4). The Fritzbox forwards everything to OPNsense (exposed host).

Is such a setup also possible with IPv6? I tried to create a /64 IPv6 DMZ network with the prefix from the ISP. OPNsense has an IPv6 address there, and I specified the fe80:: address of the Fritzbox as the gateway. I would prefer to avoid RA/DHCPv6 etc. and have everything static. Unfortunately, with this setup, I can only ping the fe80:: address of the Fritzbox from OPNsense but nothing in internet.
Am I thinking something wrong? I have some knowledge of IPv6, but I lack experience :)

Can someone help or recommend a how-to?

TiA
Greetz

manchmal will man wissen was man für eine IP am Ende des VPN Tunnels hat...

oki ich habs mit verschiedenen Speedtest URL's und statischen Regeln gelöst.

Eine Frage hätte ich noch. Es gibt ja simple Wege die eigene Public IP zu ermitteln.
curl ifconfig.me

man kann auch curl sagen von welchem Iface die Anfrage gestartet werden soll:
curl --interface $IFACE ifconfig.me

Was ich nicht verstehe ist, wenn ich hier eins von den wgX Interfaces benutze, würde ich die IP am Ende des jeweiligen Tunnels als Ausgabe erwarten. Ich bekomme aber überall die gleich und zwar die public IP OHNE TUNNEL.

Wieso?
Gleiches Prinzip wie oben? Wie könnte ich es trotzdem machen?

Danke im Voraus für Antworten!

weil? ich will einfach die 3 Wege von einem Punkt vergleichen können geschwindigkeitstechnisch... es gibt ja speedtest-cli

ja weil eben damit kann ich via speedtest die Geschwindigkeit eines Tunnels "messen".

Hmm wenn ich die "Routing" Settings sehe kann ich das so nicht machen wie ich es mir vorstelle...
Ich kann da nur Destination Address setzen.

Hmmm musste dann 3 speedtests IP's/URLs als Ziele für je einen Weg machen (wg1, wg2, plain) hmmmm