IPv6

Hi all!

I'm running a m0n0wall 1.32 setup on an VMWare ESXi host.

Amongst other things, I've got the OPT2 interface running a network with an IPv4 subnet
routed from the outside. That works fine.

Now I want to setup IPv6 and my ISP assigned me the following:
   My Subnet: xxx:24e2:: /64

In accordance with that I configured m0n0wall the following way:
   WAN IPv6 address  : xxxx:24e2::2 /59 (static)
   WAN IPv6 gateway : xxxx:24e0::1 /59
   LAN IPv6 address   : xxxx:24e2:0:2:0:1 /96
   OPT2 IPv6 address  : xxxx:24e2:0:1:0:1 /96

One of the vHosts on the OPT2 interface now has been given a static IP from the subnet above.
   Test Host address   : xxxx:24e2:0:1:0:8 (attached to OPT2)

When I ping a host in the LAN subnet (i.e. xxxx:24e2:0:2:0:2) it works perfectly, ECHO REQUEST goes out, ECHO RESPONSE comes back.

When I ping a host on the Internet, the problem appears:
The ECHO REQUEST goes out fine, but when the ISP attempts to route the reply back to me, it sends an IPv6 Neighbor Solicitation asking for the route to xxxx:24e2:0:1:0:8.

That Neighbor Solicitation arrives at m0n0wall, but my router (the m0n0wall box) doesn't respond, meaning that the ISP router doesn't find a route to the pinging host (xxxx:24e2:0:1:0: and the ECHO REPLY never makes it back from the internet.

Does anyone have an idea what might be the problem?

TheDecker

Can anyone confirm the bug?

Does anyone have a working setup with IPv6 on WAN (no tunnel) ?

Your isp is dsl or cable modem or   The opt and lan interfaces are not neighbours of the wan, they are routed subnets, so I don't see why you receive this on your wan and not a routered via your wan subnet

Actually I'm talking about a hosting provider where I have a dedicated server. The m0n0wall installation runs as a virtual machine on that dedicated server.

The hoster's network requests a route to my subnet via IPv6 Neighbor Solicitation message, which arrives at m0n0wall on the WAN interface, but m0n0wall doesn't respond.

, which strikes me as unusual. Does the hosting provider have sample configs ?Check out 7.2.r. Here http://www.faqs.org/rfcs/rfc2461.html

This could only work if monowall was to respond as a proxy

Ah, thanks for that insight. I understand what you mean. Apparently the hosting provider expects the assigned subnet to be used "on-link" (that is, iirc, in the samte L2 segment).

In that case I understand why m0n0wall is not responding.

Thanks so far for the help, although it does not yet solve the problem.

Do you know of any possibility to, as a workaround, enable m0n0wall to act as a proxy for neighbor solicitations? Or at least as a "transparent" firewall for IPv6? (The latter would probably be possible through a dedicated interface that is bridged, I assume?)

TheDecker

http://tools.ietf.org/html/rfc4389  Indicates this is desired in some situations. Freebsd has the ndp -s option which might help, but I'd have to do some research.  I would have though the provider would route the subnet as this rfc is experimental