MadaMada
@madamada@snac.void.my
SysAdmin with a simple life..interested in FOSS, FreeBSD, Linux, IPv6, cloud stuff and whatever things that come along the way I find interesting..
MadaMada
@madamada@snac.void.my
#wg_gui Now has multi dynamic interfaces.
Why is the IPv4 addresses used in IPv6 address?
WHY??
๐คฆโโ๏ธ
@miyuru did you try to click the DNS4EU logo on the website? Results in a error as it links to https://142290803.hs-sites-eu1.com/?hsLang=en
So, *@discuss.systems ; still trying to wrap me head around this IPv6 thing, couldn't sleep last night thinking about it; even though in the past I have successfully setup an IPv6 network via Hurricane Electric Tunnel and receiving a badge at the time for having set it up to the point I could have my #OpenWrt router pinged on the other end of the tunnel.
Had no actual #IPv6 connection at that point, but now I believe I do.
Now I have muddled through a few tutorials on the subject and I am confused as ever.
I have at my disposal, the tools subnetcalc and the ipaddr library of python which is capable of calculating address ranges based on CIDR notation and for telling you if an address is a network address ranges, from what part of the world, or if an unicast single host address.
Half way through watching a video that recommends first watching another video with a painfully German guy who seems to really know his stuff and looks like my old coworker Brewbaker were he a bit taller, they must be relatives.
Allowing the Delegation of Global Address prefix seems to allow for sub-sub netting amongst the original address space, and if you want to prevent this it you disallow it like a land lord disallowing subletting in the lease agreement.
Also, my Xfinity connection seems to indicate that this prefix will change weekly. And if I want any of my servers to keep their static address they seem as though they will need to be readdressed manually every week, with a Global static address since the downstream prefix of their subnet would change with the weekly prefix change. And then I would have to change the firewall rules too!!!
Also it seems that somehow #arp has been replaced by #ICMPv6 and some totally confusing process called Neighbor Detection #ND in which routers and hosts advertise and solicitate.
Also, Site-Local addressing with a FEC0 range appears to have replaced the 172.0.0.0, 10.0.0.0 and 192.168.0.0 ranges but these have also been deprecated so they shouldn't be used.
And the I didn't-get-an-address, address, 169.0.0.0 has been replaced by FE80 addresses but they can oddly still be communicated with.
Seems like a mess to me, but learning something new tends to be like that.
Any tips for the blind group of men trying to describe the elephant to each other you can provide me would be appreciated.
- 2001:: = Global Unique Address
- fd00:: = Unique Local Address
- fe80:: = Link Local Address
Knowing those 3 is enough to get you going in most cases..
ARP is for IPv4 what NDP is for IPv6..
There is no broadcast address in IPv6..
IPv6 is a completely different protocol and addressing..looking at it from an IPv4 mindset just complicates things..
@madamada @leean00
Changing prefix and FW rules is easy to handle with #OpenWrt as FW4 allows for negative subnet masks. e.g. ::a1/-64
If you run services on a dynamic prefix delegation, you need to update your DNS records in a dynamic way, Depending what is at your disposal.
If you have a dyndns provider which allows only for a prefix update and updates all RRs is the easiest.
As @madamada said, forget you legacy protocol mind set. And start with a clean sheet.
However most of us live with dynamic prefixes, and this becomes a problem..luckily one way around this is to use ULA addressing internally, and map those addresses in DNS.
Then combine that with DynDNS or nsupdate if you are using your own domain name for the WAN side and configure port forwarding or a reverse proxy. You could also probably use NPTv6 to deal with dynamic prefix mapping but that's another beast all together..
@leean00
Negative network masks with the FW4 in #OpenWrt works the way that you allow whatever network prefix you have this rule will allow access to the host with the ::a1 host address.
DynDNS or nsupdate depending on your setup works. There are a few DynDNS providers that allow to update only the prefix and all AAAA RRs are updated automatically. Meaning that the router could run a script or ddnsclient and no need on the hosts.
My take on ULAs: use only where necessary.
@madamada Are adhock network connection possible?
@madamada When I was younger, I used to take my wiki on the train with me and I'd create a direct IPv4 connection between the laptop and the Raspberry Pi.
It required that you set the gateway and the netmask the same as to that of the other machine. No router involved, but a cross over cable.
Then I'd use the routing percentage thing to make sure I was equally connected between the ethernet to the pi and the wifi of the train (MTU, I think).
And I could access both the raspberry pi and the wifi internet.
@madamada okay thanks again, I'll have to try that out too
In IPv6, it's the same, for example:
pi
- fdaa::1/64
Laptop
- fdaa::2/64
On Laptop, after connecting cable, ping fdaa::1, if you get reply, then proceed to route -6n add default fdaa::1 and update /etc/resolv.conf to use fdaa::1 as default nameserver
@madamada One more ... sorry, if I want to redo the HE.net Cert, any idea what domains it will accept?
Already tried Gmail and protonmail
If you can load the following domain, you have working IPv6 and a DNS resolver that has IPv6 support.
| Worked ๐: | 68 |
| Did not work but have IPv6: | 7 |
Closed
Added ๐จ๐ฃ๐๐๐ง๐ ๐ฏ - ๐ ๐ผ๐ฟ๐ฒ ๐ง๐ฟ๐๐ฒ๐ก๐๐ฆ ๐ฆ๐๐๐๐ ๐๐ถ๐ป๐๐ ๐๐ฟ๐ฎ๐บ๐ฎ to the ๐ง๐ฟ๐๐ฒ๐ก๐๐ฆ ๐๐ข๐ฅ๐ ๐๐ฒ๐ฟ๐๐๐ ๐ง๐ฟ๐๐ฒ๐ก๐๐ฆ ๐ฆ๐๐๐๐ article.
https://vermaden.wordpress.com/2024/04/20/truenas-core-versus-truenas-scale/#truenas-drama
#freebsd #freenas #truenas #linux #openzfs #server #trueos #debian #zfs #ubuntu
I wanted a #Wireguard GUI client for #FreeBSD and there wasn't none so I put this QT6 thing together last night.
@madamada Isn't this more of a Linux issue? I' haven't seen /bin/bash /usr/bin/wg-quick up wg0 lingering after destroying the connection, but I haven't been looking. I'm using 14.3-BETA4 and my stability issues with WiFi are more prescient in my mind ;0
@madamada Do you have is posted somewhere, your postDown, I will implement it.
PostDown = killall -9 route
@madamada Added:
flush_wg_routes.sh
This script runs automatically on disconnect and:
Identifies and removes any active routes associated with wg0
Ensures the system routing table is clean after tunnel teardown
If no tunnel-specific routes are present, it exits safely:
[flush_wg_routes] No routes found for interface wg0
Okay, so I have a little gripe with Contabo, I have a VPS with their EU HUB and for some reason, IPv6 there seems flawed.
I added prefix::1/64 to vtnet0 and this address is pingable. However when I add an IP alias prefix::2/128 and use this source address in ping, I get no replies.
Contabo says they assign a /64 per-VPS..
PF is disabled during the test. ndp -na shows their gateway address in the table with an Expire of a few seconds..
netstat -rn6 | grep default shows the default gateway pointing to them, all seems good yet somehow a mystery..
Anyone face similar issues like this with them ?
@madamada maybe @namedbird can contribute?
@madamada I have toyed around with multiple IPv6 addresses in the past and am pretty sure it worked that time. ๐
(but i ain't exactly an expert)
Try checking your firewall and routing config one last time and if you don't spot anything amiss there, then you could try asking their support.
I'll be escalating this to their support for sure..
-- https://youtu.be/WlQH8KubgiA?si=0Axb9tvYh2_hONsP
-- https://github.com/apalrd/tayga/
I just tested this on FreeBSD 14.2 and it works on the main Host and usable in a vnet jail.
![[?]](https://snac.void.my/madamada/s/avatar-db29b53530cce56ebd89a06f3456f9e4.png){kind=avatar}
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/111/861/252/987/458/799/original/e72e943243b2a512.png)
![[?]](https://ipv6.social/system/accounts/avatars/109/267/917/602/685/335/original/1cc9d1e32a1c6faa.jpg)
![[?]](https://ipv6.social/system/accounts/avatars/113/736/943/907/071/758/original/ddf07928182b3bda.jpeg)
![[?]](https://fd.discuss.systems/accounts/avatars/109/719/835/717/364/604/original/6af56ec78b563bc1.jpeg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/753/691/400/011/788/original/7decba5a2514dda4.png)
![[?]](https://files.mastodon.online/accounts/avatars/000/031/889/original/b8c911c64aee8826.png)
![[?]](https://mastodon.gyptazy.com/system/accounts/avatars/113/171/994/681/921/556/original/0e29cf7db7621054.png)
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAUUlEQVQoz43R0QkAMQwCUDdw/y3dwEvsvzlL4X1IoQkAisKmwfAFT3RgJHbQezpSRoXEqeqCL9BJBf7h3QbOCCxV5EVWMEMwG7K1/WODtlvxAYTtEsDU9F34AAAAAElFTkSuQmCC)