31
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
32
18.7 Legacy Series / Re: Map IPv6 to IPv4
« on: December 12, 2018, 10:38:02 pm »
Missed this one ... thanks for the hint !
33
18.7 Legacy Series / Re: Map IPv6 to IPv4
« on: December 12, 2018, 10:24:57 pm »
Thanks. Well I think I will use nginx as I use it to implement client certificates already. I would prefer haproxy but it does not support client certificates by gui in Opnsense AFAIK. The target client software does not support IPv6 at all so loosing the source IP is the trade off here anyway.
34
18.7 Legacy Series / Map IPv6 to IPv4
« on: December 12, 2018, 10:04:17 pm »
Hi,
for some good reason I need to map a IPv6 address to an internal RFC1918 IPv4 address.
IPv6-Client -> IPv6-Port-At-Firewall -> IPv4-Port-Internal-RFC1918-Address
E.g. a TCP relay which listens on a IPv6 address / port on the firewall and forwards all Traffic to a internal RFC 1918 IPv4 address / port. Some thing like this:
or
or using xinetd
What is the best way to do this or some thing similar with Opnsense? Can this be done by a simple pf rule or perhaps by haproxy?
TIA
for some good reason I need to map a IPv6 address to an internal RFC1918 IPv4 address.
IPv6-Client -> IPv6-Port-At-Firewall -> IPv4-Port-Internal-RFC1918-Address
E.g. a TCP relay which listens on a IPv6 address / port on the firewall and forwards all Traffic to a internal RFC 1918 IPv4 address / port. Some thing like this:
Code: [Select]
socat TCP6-LISTEN:1234,fork TCP4:1.2.3.4:1234
or
Code: [Select]
6tunnel -6 1234 1.2.3.4 1234
or using xinetd
Code: [Select]
service rdp_port_forward
{
flags = IPv6
disable = no
type = UNLISTED
socket_type = stream
protocol = tcp
user = nobody
wait = no
redirect = 1.2.3.4 1234
port = 1234
}
What is the best way to do this or some thing similar with Opnsense? Can this be done by a simple pf rule or perhaps by haproxy?
TIA
35
18.7 Legacy Series / Re: Strange IPv6 behavior after update
« on: December 06, 2018, 07:32:19 pm »36
18.7 Legacy Series / PPPoE & IPv6 Gateway
« on: December 06, 2018, 09:52:08 am »
Hi,
for policy based routing I need gateway entries for every interface. I've set static IPv6 addresses for my PPPoE interfaces and " IPv6 Upstream Gateway" is set to "auto detect". How to get an entry in the gateway table for these interfaces? The IPv4 entries get generated automatically. The IPv6 entries don't.
Now I've tried some thing different. I've use DHCPv6 as described here https://wiki.opnsense.org/manual/how-tos/ipv6_dsl.html and a gateway entry is generated automatically. This assigns a IPv6 address to the interface. How do I assign a (additional?) static IPv6 address to the interfaces? By setting a virtual IP?
TIA
for policy based routing I need gateway entries for every interface. I've set static IPv6 addresses for my PPPoE interfaces and " IPv6 Upstream Gateway" is set to "auto detect". How to get an entry in the gateway table for these interfaces? The IPv4 entries get generated automatically. The IPv6 entries don't.
Now I've tried some thing different. I've use DHCPv6 as described here https://wiki.opnsense.org/manual/how-tos/ipv6_dsl.html and a gateway entry is generated automatically. This assigns a IPv6 address to the interface. How do I assign a (additional?) static IPv6 address to the interfaces? By setting a virtual IP?
TIA
37
18.7 Legacy Series / Re: No IPv6 address on PPPoE Interface
« on: December 05, 2018, 07:42:40 pm »38
18.7 Legacy Series / Re: Strange IPv6 behavior after update
« on: December 05, 2018, 07:22:32 pm »39
18.7 Legacy Series / Re: [Sharing] some troubleshooting for IPv6 enabled system
« on: December 05, 2018, 07:11:47 pm »40
18.7 Legacy Series / Re: No IPv6 address on PPPoE Interface
« on: December 03, 2018, 10:17:08 am »"File exists" would indicate it works ...
Interesting and true. When I ping the IP I can see the ICMP echo requests on the interface. That I do not see the replies is a problem with the gateway, but it works.
... but it's not displayed by the OS.
Pretty unusual, isn't it? Some kind of bug?
41
18.7 Legacy Series / Re: Strange IPv6 behavior after update
« on: December 01, 2018, 09:37:28 am »
Just for the record: This still does not work as expected ...
42
18.7 Legacy Series / Re: No IPv6 address on PPPoE Interface
« on: December 01, 2018, 09:34:40 am »
Now I've tried to set it manually:
Code: [Select]
pppoe1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1484
inet6 fe80::290:bff:fe6d:aa96%pppoe1 prefixlen 64 scopeid 0x16
inet6 fe80::290:bff:fe6d:aa92%pppoe1 prefixlen 64 scopeid 0x16
inet xx.xx.xx.xx --> xx.xx.xx.xx netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@fw:~ # ifconfig pppoe1 inet6 xx:xx:xx:xx::1 prefixlen 64 alias
ifconfig: ioctl (SIOCAIFADDR): File exists
No success ...
43
18.7 Legacy Series / No IPv6 address on PPPoE Interface
« on: November 30, 2018, 04:58:56 pm »
Hi,
I've three WAN interfaces, one static and two PPPoE Interfaces. All interfaces with static IPv4 and IPv6 addresses. IPv6 works with the static and the first PPPoE interface. The new, second PPPoE interface receives it's static IPv4 address by PPPoE. As with the first PPPoE interface I've configured the IPv6 address manually as static but it does not get assigned to the interface pppoe1.
Any suggestions how to fix this?
TIA
Firmware: latest 18,7
I've three WAN interfaces, one static and two PPPoE Interfaces. All interfaces with static IPv4 and IPv6 addresses. IPv6 works with the static and the first PPPoE interface. The new, second PPPoE interface receives it's static IPv4 address by PPPoE. As with the first PPPoE interface I've configured the IPv6 address manually as static but it does not get assigned to the interface pppoe1.
Any suggestions how to fix this?
TIA
Firmware: latest 18,7
44
18.7 Legacy Series / Re: haproxy port 443 questions
« on: September 30, 2018, 02:08:09 pm »
I've not tested this yet, but I think you got hit by the problem I've asked a few days ago about. See @franco s answer here:
https://forum.opnsense.org/index.php?topic=9788.msg44768#msg44768
I think HAproxy binds to 443 on all interfaces. @franco suggested to me to do the configuration manually to make HAproxy (in my case NginX) to one ore more interfaces and not to all.
IMHO making service binds configurable should be # 1 on the list of development todos
https://forum.opnsense.org/index.php?topic=9788.msg44768#msg44768
I think HAproxy binds to 443 on all interfaces. @franco suggested to me to do the configuration manually to make HAproxy (in my case NginX) to one ore more interfaces and not to all.
IMHO making service binds configurable should be # 1 on the list of development todos
45
18.7 Legacy Series / Re: more than one IP at one interface
« on: September 29, 2018, 02:15:46 pm »
Thanks for pointing me to "Firewall" .. IMHO this is misleading "VirtualIP" belongs to "Inferfaces" IMHO ... and IMHO a tab or some thing like this in each interface itself would be even better and more intuitive as a "virtual IP" is bound to an interface some. At least adding an alias should be possible while editing an interface.