New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
6rd support upgrade original patch to freebsd 11 #1501
Comments
Hello opnsense team. It looks like the issue has been resolved within pfsense. Best regards, |
Hi @cobradevil, pfSense did not release a single patch for their upcoming 2.4 version since July 24 despite their claims that they are open source and actively working on it: https://github.com/pfsense/FreeBSD-src/tree/RELENG_2_4 Until this changes or hits FreeBSD, there is nothing we will do, because the patch they claim they have is not available publicly. pfSense did not respond to my inquiries to why they do not open source their changes anymore. Thus, I am closing this until further notice. Cheers, |
Hi @fichtner Best regards, |
If something changes, we are glad to revive this. But I have no willingness to go through the drama that happened in 2014 one more time in a slightly different wrapping. If they want to mess with their community and ultimately the FreeBSD community at large they are certainly free to try. Last time it created OPNsense, something they did not expect. ;) |
Any news on this? Has pfSense finally released their 6rd patches? |
@paride no, see https://forum.pfsense.org/index.php?topic=138822.0 contributors raising the issue are expelled from the community rather than the simple solution of bringing the source code back or saying that it's not open source anymore. ;) |
Hello Frank, Best regards, |
It would seem so, let me reopen and check what we have :) |
If you have any news on this like testing the functionality then give me a message. Best regards, |
I'm also available to test stuff, just ping me. Given the number of providers using 6rd, I think it's very important for OPNsense to support it. |
I see this has been removed from the 18.7 milestone. Is there any news on when this will be implemented? I am looking to migrate from pfsense to opnsense but this feature would be needed to get ipv6 connectivity. |
Sorry, GitHub added „projects“ but the global projects are not visible to end users. We initially switched from milestone to project „18.7“, but didn’t know it looked like there was no designation at all now. |
Ah, no worries. Glad it didn't fall off the radar for the project as a whole. |
If you need any help testing, this is a highly desired feature for me. I'm in the states with CenturyLink Gigabit Fiber service, a dedicated /29 block of IPv4 addresses from them (currently 1 unused that I can assign to testing OPNsense+6RD out for a while), and they use 6RD for their IPv6 implementation. I have dedicated lab hardware I can shove on this connection and open up SSH or other access to any devs that need to poke around (since I know not everyone has access to a live 6RD network) |
Alright, this is the patch not yet added to the 18.7 release candidate opnsense/src@2bab086d4 You can test this update on an all up-to-date 18.1.x like so:
I would expect there is more to do in the GUI but if this doesn't crash we have a way forward. Please note that I have no viable test setup whatsoever so we need your help in bringing it back. Cheers, |
Hello Franco, I can confirm that the wan_stf interface is back but it does not work yet. Not sure what is wrong but this is the first attempt so I wanted to let you know it seems to work. Best regards, |
Hi William, Splendid! Can you poke the system log for ifconfig errors? And maybe an ifconfig output for wan_stf from a working system and our system to compare. Best case this is only a minor hiccup in the interface management code. Thanks, |
Ok, after looking at the working setup from 16.7 I saw my error in the 6rd prefix. Anyone else too confirm this working without interfering the rest of the system? Best regards, |
This sounds shiny. 1-2 more confirms would be awesome indeed. :) |
Sounds like I need to migrate my firewall when I get home :) |
I can provide test images if you need them.... easy to check with live mode boot without clobbering your install |
Not a bad idea, if thats something easy to roll together and I can just boot it off a usb stick I will give it a go. |
yeah, of course... amd64 in serial or vga ? |
stf patch was merged into 18.7-RC1, thanks for the feedback so far! @RyuunoAelia not sure about swisscom yet, it would be best to have a larger discussion here as soon as RC1 is out in a week hopefully https://forum.opnsense.org/index.php?board=30.0 |
I tested again with 18.1.11, and can confirm that it works now also with private networks. This is great news - I can finally get rid of pfSense! (Well, I can get rid of that once the Denverton drivers are backported, different topic, but that seems to be under way). Thanks! |
@uica thanks for confirming! Denverton ? For network? The stf test kernel also has the network backports from 11.2... can you check? If not we still need to do something, I'm not entirely sure. |
@fichtner: Yes, for network. Good to know that the backports are supposed to be there! I will test this, but it'll take some time, since I only have that Denverton hardware in my production system, which is currently running pfSense. I'll need to plan the migration carefully, so I can stay on that system if it works and wouldn't have to reinstall / restore the old system. |
well we do have a live system usb install... if you need one based on 18.1.11 let me know. |
Patches seem to work so I'm closing this. If you have specific issues with configuration please open a new ticket so we can look at it. Thanks to all for your patience ❤️ |
Good point, didn't think of a live system. Yes, would be great if you could provide one based on 18.1.11, I can then do the test much sooner. |
@uica amd64 ... vga or serial? |
amd64 vga |
Thanks! I will test that tonight. |
@fichtner: I have tested the live system. The good news is that the backported Denverton network driver worked; 6rd with those interfaces looked good. |
Is pfSense already on 11.2 ? I don't feel so great about backporting AHCI. Is this not solvable with BIOS tweaking the controller ? |
pfSense releases are not yet on 11.2, development snapshots for 2.4.4 are. |
I'm just curious at this time to hear how much it differs from FreeBSD, because 11.2 is barely out. Let me check the sources again... |
okay, so this would be our backport, but not yet tested opnsense/src@4d136a0d91 can we move this discussion to #2473 ? |
@fichtner I quintuple-checked my configuration with as many sources as I could but still didn't find any problem with it. Is it possible to get an stf module with debugging enabled (since this is a compile-time option)? I tested in my installed system by enabling your update source so I can do it again no problem. |
btw I made some comments on the patch for things I find weird I'll let you have a look if these are accurate. |
@RyuunoAelia thanks for the source code review! I'll comment when I have more time because I would assume that it works in general but we can always go back and improve it on our own. I don't have a setup to test so we have to be careful about this though. For now, would you mind opening a ticket for your specific case and insert all info about your connection / ISP again? And does this in fact work in pfSense for you (which version) or defunct there as well? I don't want to assume it, but there is the possibility that this code is not the code that is used to build the binary versions giving earlier trouble with the visibility of the code and their owner's attitude towards open source. I'll look into the debug thing, but it will take till Monday to give you such a kernel. |
For the "ticket" could you be more specific where I should open it? As for switching to pfsense I would rather let that as a last resort since swisscom is really a pain with custom routers since their infrastructure is made to control the routers with TR-069 and gives the router a token that needs to be passed in Option dhcp-class-identifier and pfsense did not support the format of that option correctly (full of commas everywhere). This is why I switched to opnsense in the first place since your dhcp configuration generation code was much smarter than the pfsense one. If I do not set this DHCP option correctly, I will have a few hours downtime on my internet connection (EACH time I change routers) resolved by a phone call to the technical support of swisscom getting to the support level 2/3 and having them whitelist my custom router... No problem waiting a bit for the debug. Last time I had 6rd working for swisscom was during their test phase some years ago. |
Ticket here in core is fine and I understand your motivation. We can make this work eventually. Worst case there are Swisscom contacts that I can ask if they know something. 😊 |
For whatever reason, I couldn't get this to work on 18.1.11 with the patch, but upgrading to 18.7-RC1 today, everything is working beautifully. ISP: CenturyLink Gigabit FttH (United States) As a note for others trying: make sure your IPv6 prefix is correct. I was trying to configure this thing based on some notes in some online forums, and they had the ISP's prefix wrong. A note for the UI. In one of my tests, I put in the IPv6 prefix without specifying the bit mask length (because they're the same field, and I forgot about that). Maybe make this into two separate fields with a drop-down for the IPv6 bitmask, just like the IPv4 bitmask? Also, another interesting issue. Setting up 6RD on the WAN interface creates the 6RD virtual interface. In the UI, you can "assign" and then configure the interface from there. This causes all sorts of issues, such as the IPv6 address being lost. Perhaps it would be best to now allow manual assignment of the virtual interface in the UI? |
Might be linked to a bunch of patches that went through due to #2521 |
@darkain yay, thanks for the update! We're collecting all the bits and pieces and hopefully land all of them in said beautifully working 18.7 release. FWIW, everything we discussed up until now will be in 18.7-RC2 for further testing. :)
I'm adding proper validation while not changing the field's input. It's too late to split the prefix from the input, but fixes your issue nevertheless.
Yes, it makes total sense to avoid selecting them as they already belong to an interface. Both fixed in cc2902e -- you can try via:
|
Goodmorning,
I still would like to have proper 6rd support but lack the skills to do this myself.
https://forum.opnsense.org/index.php?topic=4566.msg17514#msg17514
And the original patch:
pfsense/FreeBSD-src@62498dd
https://redmine.pfsense.org/issues/7272
I can give access to my setup if needed.
My provider is telfort (KPN) in the Netherlands which has support for 6rd.
Another option could be to support it through a gif interface like this post:
https://blog.feld.me/posts/2015/02/ipv6-via-6rd-on-freebsd/
The only problem then would be not to have access to hosts on the same 6rd implementation.
With best regards,
William van de Velde
The text was updated successfully, but these errors were encountered: