[ previous ] [ next ] [ threads ]
 From:  Nil Einne <m0n0wall at lty dot my>
 Cc:  Everyone on m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IGNORE FOR NOW Re: AICCU broken in 1.3b16?
 Date:  Tue, 05 May 2009 03:16:41 +1200
Ignore my e-mail for now. Further testing shows I'm partially mistaken, 
I'll give a better follow up later

Nil Einne wrote:
> I've been using m0n0wall with AICCU for several months and it's been
> working well until now. I recently upgraded to 1.3b16 and it seems to
> have broken AICCU support. Downgrading to 1.3b15 confirms this problem 
> started with 1.3b16. Basically the problem is that it's not receiving 
> the proper v6-IP on the WAN side instead stays with a link-local 
> address. More details if necessary below.
> What seems to happen is this:
> When I first connect to the internet, I get something like this in the
> interfaces tab:
> IPv6 address       fe80::240:caff:fe14:c908%ng0/64
> A link local IPv6 address.
> After a short while, m0n0wall contacts the PoP successful and get this:
> IPv6 address       fe80::240:caff:fe14:c908%ng0/64
> fe80::240:caff:fe14:c908%gif0/64
> IPv6 gateway     2001:4428:XX:XX::1
> For privacy reasons, I've removed the full gateway IP. But as you can
> see, the problem appears to be that while it is getting the gateway
> information, it's not getting an IP for the WAN side instead it's stuck
> with link-local addresses. Obviously this isn't going to work and sure
> enough a ping or traceroute from the WAN side doesn't work. And it's not 
> possible to assign the WAN IP with AICCU (I'm not sure but perhaps it 
> was in an older version but it definitely isn't now or in 1.3b15).
> I downgraded back to 1.3b15 and it works fine. It doesn't actually show
> the IPv6 address in ther interfaces tab, instead just the gateway. But
> when you ping or traceroute from the WAN side you get
> traceroute6 to ipv6.l.google.com (2001:4860:c003::68) from
> 2001:4428:XX:XX::2, 18 hops max, 12 byte packets
> which shows the right v6-IP (since it should be ::2 of the gateway). I'm
> not sure whether it's receiving this IP from the PoP or simply guessing
> it but regardless it works.
> BTW, I didn't change any config options between 1.3b16 and 1.3b15. I
> looked at the config and it doesn't look like anything need's changing
> (well the 'Send IPv6 router advertisements' is now available on the WAN
> side). Also I looked in the log but there doesn't seem to be anything of
> use, actually nothing about IPv6 at all.
> I found out that if you change the LAN IP to the WAN IP (i.e. the tunnel 
> IP) 2001:4428:XX:XX::2 you can ping/traceroute from m0n0wall whether WAN 
> or LAN but it doesn't work on actual LAN clients since LAN clients 
> receive IPs in the tunnel range which is not allowed under SixXs (see
> https://www.sixxs.net/forum/?msg=setup-136867). Well perhaps if you 
> manually configure hosts in the LAN but obviously that's not desired. 
> You can't set up the right range under DHCP because that's out of the 
> range.
> A little background. Not really that important but just as a way of 
> thanks/feedback to the m0n0wall devs and it may also help to understand 
> some of the above. I've been using m0n0wall's recent addition of IPv6 
> support and it's been working well, except perhaps for the annoyance of 
> no traffic shaper support. Originally I used 6to4 but that didn't work 
> that well because either the 6to4 gateway or my ISP was severely shaping 
> any traffic so my IPv6 was very slow. I had hoped to use SixXs as there 
> is a local PoP and in my tests bypassing m0n0wall it seemed to work 
> well. I even e-mailed about this once. So once AICCU - heartbeat support 
> was added I jumped at the opportunity. After some initial set up hickups 
> I worked out how to set up a tunnel for my m0n0wall router (/64) and a 
> subnet for my LAN (/48). Well this is according to the way SixXs works, 
> they don't allow you to allocate IPs from the tunnel to the LAN.
> Cheers and thanks for m0n0wall