IPv6

hi there,
I just set DHCP Server for IPv6. The IP Range is "2001:470:1f05:c66:0:0:0:100" to "2001:470:1f05:c66:0:0:0:200", and I keep "IPv6 Default lease time" and "IPv6 Maximum lease time" as default. Also, I keep "Send IPv6 router advertisements", "Managed address configuration" and "Other stateful configuration" as non-checked status in "Interfaces - LAN" page. The clients can obtain IPv6 address in this situation. But it can only obtain IPv6 address and IPv6 DNS, the IPv6 Gateway is always empty:

Wireless LAN adapter 無線網路連線:

   Connection-specific DNS Suffix  . : whitebear.lan
   IPv6 Address. . . . . . . . . . . : 2001:470:1f05:c66::112
   Link-local IPv6 Address . . . . . : fe80::cc9b:9fc1:399d:6fbb%13
   Default Gateway . . . . . . . . . :

At this time, I cannot ping the monowall LAN interface "2001:470:1f05:c66::1":

Pinging 2001:470:1f05:c66::1 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for 2001:470:1f05:c66::1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

But if I set IPv6 address and gateway for client manually, it can visit IPv6 website normally.
Is there anybody can give me a hand? Thanks

In ipv6 your gateway is set via the RA sent from monowall.

I'm guessing rtadvd hasn't started for some reason.  Can you check your logs for errors ?

In ipv6 your gateway is set via the RA sent from monowall.

I'm guessing rtadvd hasn't started for some reason.  Can you check your logs for errors ?

This is my process list:

$ ps -aex
ps: Process environment requires procfs(5)
  PID  TT  STAT      TIME COMMAND
    0  ??  WLs    0:00.00  [swapper]
    1  ??  SLs    0:00.06  /sbin/init --
    2  ??  DL     0:01.29  [g_event]
    3  ??  DL     0:01.09  [g_up]
    4  ??  DL     0:01.43  [g_down]
    5  ??  DL     0:00.00  [crypto]
    6  ??  DL     0:00.00  [crypto returns]
    7  ??  DL     0:00.00  [thread taskq]
    8  ??  DL     0:00.00  [acpi_task_0]
    9  ??  DL     0:00.00  [acpi_task_1]
   10  ??  RL   632:34.35  [idle]
   11  ??  WL     0:26.68  [swi1: net]
   12  ??  WL     2:02.57  [swi4: clock sio]
   13  ??  WL     0:00.00  [swi3: vm]
   14  ??  DL     0:04.82  [yarrow]
   15  ??  WL     0:00.00  [swi5: +]
   16  ??  WL     0:00.00  [swi6: Giant taskq]
   17  ??  WL     0:00.00  [swi6: task queue]
   18  ??  DL     0:00.00  [acpi_task_2]
   19  ??  DL     0:00.00  [xpt_thrd]
   20  ??  WL     0:00.00  [swi2: cambio]
   21  ??  DL     0:00.00  [kqueue taskq]
   22  ??  WL     0:00.00  [irq9: acpi0]
   23  ??  WL     0:07.64  [irq10: fxp0 uhci0]
   24  ??  WL     0:11.98  [irq11: rl0]
   25  ??  WL     0:00.05  [irq14: ata0]
   26  ??  WL     0:00.00  [irq15: ata1]
   27  ??  DL     0:00.00  [usb0]
   28  ??  DL     0:00.00  [usbtask]
   29  ??  DL     0:00.20  [fdc0]
   30  ??  WL     0:00.00  [irq1: atkbd0]
   31  ??  WL     0:00.00  [swi0: sio]
   32  ??  DL     0:01.16  [md0]
   33  ??  DL     0:00.05  [pagedaemon]
   34  ??  DL     0:37.14  [pagezero]
   35  ??  DL     0:00.06  [idlepoll]
   36  ??  DL     0:00.21  [bufdaemon]
   37  ??  DL     0:00.22  [vnlru]
   38  ??  DL     0:00.90  [syncer]
   39  ??  DL     0:00.22  [softdepflush]
   40  ??  DL     0:01.85  [schedcpu]
  102  ??  Ss     0:03.49  /usr/local/sbin/mpd4 -b -d /var/etc -p /var/run/mpd
  120  ??  Ss     0:05.13  /sbin/ipmon -sD
  141  ??  Ss     0:04.69  /usr/sbin/syslogd -ss
  144  ??  Ss     0:00.06  /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root
  148  ??  I      0:02.47  /usr/local/sbin/dnsmasq --edns-packet-max=4096 -l /
  174  ??  DL     1:59.45  [dummynet]
  201  ??  Is     0:00.38  /usr/local/sbin/mini_httpd -a -M 0 -u root -maxproc
  204  ??  Is     0:00.29  /usr/local/bin/minicron 60 /var/run/minicron.pid /e
  217  ??  I      0:00.01  /bin/sh /etc/rc.initial console
  268  ??  I      0:00.01  /usr/sbin/sntp -r -P no -l /var/run/sntp.pid -x 300
 2369  ??  INs    0:00.02  /usr/local/sbin/dhcpd -cf /var/etc/dhcpd.conf fxp0
 2397  ??  SNs    0:00.50  /usr/local/sbin/dhcp6s -c /var/etc/dhcp6s.fxp0.conf
 3125  ??  SN     0:00.18  /usr/local/bin/php exec.php
 3126  ??  Z      0:00.00  <defunct>
 3127  ??  S      0:00.00  /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root
 3128  ??  SN     0:00.00  sh -c ps -aex
 3129  ??  RN     0:00.00  ps -aex
  167 con- I      0:00.02  /bin/sh /usr/local/bin/runsntp.sh /var/run/runsntp.

I think rtadvd won't run until I check the "Send IPv6 router advertisements" in "Interfaces - LAN" page. But I tried this method. In this case, DHCP Server won't work although I enabled DHCP Server for IPv6. The client can only obtain a IPv6 address with LAN interface prefix and a random suffix and the IPv6 Gateway is a wrong value instead of empty.

Wireless LAN adapter 無線網路連線:

   Connection-specific DNS Suffix  . : whitebear.lan
   Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
   Physical Address. . . . . . . . . : D8-30-62-67-70-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f05:c66:cc9b:9fc1:399d:6fbb(Pre
ferred)
   Temporary IPv6 Address. . . . . . : 2001:470:1f05:c66:61d5:1bf5:d93c:e93b(Pre
ferred)
   Link-local IPv6 Address . . . . . : fe80::cc9b:9fc1:399d:6fbb%13(Preferred)
   Default Gateway . . . . . . . . . : fe80::202:55ff:feec:2710%13
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled

The correct value should be:

IPv6 Address: 2001:470:1f05:c66:cc9b:9fc1:399d:1xx (obtain from DHCP Server. the last field should between 100 to 200)
Default Gateway: 2001:470:1f05:c66::1 (this is the IPv6 address of my monowall)
DNS Server: 2001:470:1f05:c66::1 (same above)

I just did another test. I checked all of the three checkbox in "Interfaces - LAN" - "Send IPv6 router advertisements", "Managed address configuration" and "Other stateful configuration". At this time, client got two IPv6 address - "IPv6 Address" is allocated by DHCP Server and "Temporary IPv6 Address“ is allocated by Router Announce.  But in this case, the "Default Gateway" still incorrect, it should be the monowall static IPv6 address, but it is the "link-local IPv6 address" of monowall. What shall I do? Thanks

Wireless LAN adapter 無線網路連線:

   Connection-specific DNS Suffix  . : whitebear.lan
   Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
   Physical Address. . . . . . . . . : D8-30-62-67-70-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f05:c66::144(Preferred)
   Lease Obtained. . . . . . . . . . : 100年3月7日 下午 04:58:00
   Lease Expires . . . . . . . . . . : 100年3月8日 下午 04:57:59
   IPv6 Address. . . . . . . . . . . : 2001:470:1f05:c66:cc9b:9fc1:399d:6fbb(Pre
ferred)
   Temporary IPv6 Address. . . . . . : 2001:470:1f05:c66:61d5:1bf5:d93c:e93b(Pre
ferred)
   Link-local IPv6 Address . . . . . : fe80::cc9b:9fc1:399d:6fbb%13(Preferred)
   Default Gateway . . . . . . . . . : fe80::202:55ff:feec:2710%13
   DHCPv6 IAID . . . . . . . . . . . : 249049186
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-EF-2B-D3-00-1F-D0-9E-B3-09

   DNS Servers . . . . . . . . . . . : 2001:470:1f05:c66::1
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       whitebear.lan

the default gateway is correct.  m0n0wall announces the link local address as the gateway, this should function fine.

I assume you are having a problem, have you allowed traffic in your ipv6 rules ?

the default gateway is correct.  m0n0wall announces the link local address as the gateway, this should function fine.

I assume you are having a problem, have you allowed traffic in your ipv6 rules ?

Okay, it works well now
Another problem: I am accessing IPv6 network via he.net tunnel. But my ISP only supply me dynamic IP address. So is there any way for me to run a script after each dialup action? This script only need to access a website with this URL:

https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=PASSWORD&user_id=USERID&tunnel_id=TUNNELID

BTW: Could you explain why monowall announces the link local address as the gateway instead of the static address? Thanks

I am also interested as to why the linklocal address is used.

From the MAN page for rtadvd

By default (if nolladdr is not specified), rtadvd( will try to get link-layer address for the interface from the kernel, and attach that in source link-layer address option.

I use snmpwalk to get the address of interface ng0 which should be your ppp interface and if it is not the same as the last time I checked then I use the following command to update the tunnel endpoint at HE. You will have to look at the output of snmpwalk and find the MIB key for your ng0 interface, if someone here has info on the MIB keys for monowall PLEASE do chime in here.


wget --no-check-certificate -q -O /usr/local/IPcheck/tunnel_update "https://ipv4.tunnelbroker.net/ipv4_end.php?ip=<YOUR-NEW-IP>&pass=<YOUR-MD5HASH-PASSWORD&apikey=<YOUR-HE-USERID>&tid=<YOUR-TUNNEL-ID>"

The output file will save the result of the update if you want to look at it. It is worth noting that the folks at HE do not want you indiscriminately updating you tunnel info so have your script actually check that the address has changed before updating HE.