Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: ipv6

MacOS pptp client + IPv6

 

 

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded


jared at puck

Feb 7, 2011, 6:23 AM

Post #1 of 10 (3326 views)
Permalink
MacOS pptp client + IPv6

Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.

- Jared

interface Virtual-Template1
ip unnumbered FastEthernet2/0
ipv6 unnumbered FastEthernet2/0
ipv6 enable
ipv6 nd reachable-time 30
no ipv6 nd suppress-ra
peer default ip address pool DIAL-IN
peer default ipv6 pool DIAL-IN6
ppp encrypt mppe 128
ppp authentication ms-chap
ppp ipcp dns 129.250.35.250 129.250.35.251
end


gert at space

Feb 7, 2011, 6:29 AM

Post #2 of 10 (3245 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

Hi,

On Mon, Feb 07, 2011 at 09:23:15AM -0500, Jared Mauch wrote:
> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.
>
> - Jared
>
> interface Virtual-Template1
> ip unnumbered FastEthernet2/0
> ipv6 unnumbered FastEthernet2/0
> ipv6 enable
> ipv6 nd reachable-time 30
> no ipv6 nd suppress-ra

Are you actually seeing RAs with a prefix being sent out by the Cisco?

I'm wondering whether the combination with "ipv6 unnumbered" might
make the Cisco consider the interface as "there's no prefix here" so
it will only announce a "naked" RA...

We use radius to stick IPv6 prefixes to virtual-interface interfaces,
so I'm not sure whether this...

> peer default ip address pool DIAL-IN
> peer default ipv6 pool DIAL-IN6

... would achieve the same job (grab a /64, stick it on the vif,
send out proper RAs).

I'd tcpdump to be sure :-)

Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279


simon.perreault at viagenie

Feb 7, 2011, 6:31 AM

Post #3 of 10 (3244 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On 2011-02-07 09:23, Jared Mauch wrote:
> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.

Maybe this will be helpful:
http://marcblanchet.blogspot.com/2010/08/ipv6-pppoe-on-macosx.html

Especially this part:

> However, the IPv6 global addresses are now shown anywhere, either in the Network Settings Panel, nor with ifconfig ppp0. The IPv6 PPP specification(RFC5072) says that the global address is obtained by router advertisements on the PPP link or by DHCPv6.
> Inspection of MacOSX shows that router advertisements were not enabled (surprisingly, becauseI'm using IPv6 RA at the office without having to do any change in the kernel config) in the kernel, so I enable them.
> # sudo sysctl -w net.inet6.ip6.accept_rtadv=1
> net.inet6.ip6.accept_rtadv: 0 -> 1

Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca


jared at puck

Feb 7, 2011, 6:39 AM

Post #4 of 10 (3240 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On Feb 7, 2011, at 9:31 AM, Simon Perreault wrote:

> On 2011-02-07 09:23, Jared Mauch wrote:
>> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.
>
> Maybe this will be helpful:
> http://marcblanchet.blogspot.com/2010/08/ipv6-pppoe-on-macosx.html
>
> Especially this part:
>
>> However, the IPv6 global addresses are now shown anywhere, either in the Network Settings Panel, nor with ifconfig ppp0. The IPv6 PPP specification(RFC5072) says that the global address is obtained by router advertisements on the PPP link or by DHCPv6.
>> Inspection of MacOSX shows that router advertisements were not enabled (surprisingly, becauseI'm using IPv6 RA at the office without having to do any change in the kernel config) in the kernel, so I enable them.
>> # sudo sysctl -w net.inet6.ip6.accept_rtadv=1
>> net.inet6.ip6.accept_rtadv: 0 -> 1


This seemed to fix it.

Thanks.. Was trying to find a good aggregated location with all the configs and it's a bit hard..

Will finish fixing my configs up and post them.

- Jared


jared at puck

Feb 7, 2011, 7:04 AM

Post #5 of 10 (3273 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On Feb 7, 2011, at 9:39 AM, Jared Mauch wrote:

>
> On Feb 7, 2011, at 9:31 AM, Simon Perreault wrote:
>
>> On 2011-02-07 09:23, Jared Mauch wrote:
>>> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.
>>
>> Maybe this will be helpful:
>> http://marcblanchet.blogspot.com/2010/08/ipv6-pppoe-on-macosx.html
>>
>> Especially this part:
>>
>>> However, the IPv6 global addresses are now shown anywhere, either in the Network Settings Panel, nor with ifconfig ppp0. The IPv6 PPP specification(RFC5072) says that the global address is obtained by router advertisements on the PPP link or by DHCPv6.
>>> Inspection of MacOSX shows that router advertisements were not enabled (surprisingly, becauseI'm using IPv6 RA at the office without having to do any change in the kernel config) in the kernel, so I enable them.
>>> # sudo sysctl -w net.inet6.ip6.accept_rtadv=1
>>> net.inet6.ip6.accept_rtadv: 0 -> 1
>
>
> This seemed to fix it.
>
> Thanks.. Was trying to find a good aggregated location with all the configs and it's a bit hard..
>
> Will finish fixing my configs up and post them.


here's the 'full config' that appears to work with the sysctl change:

!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
interface Virtual-Template1
ip unnumbered FastEthernet2/0
ipv6 unnumbered FastEthernet2/0
ipv6 enable
ipv6 nd reachable-time 30
no ipv6 nd suppress-ra
peer default ip address pool DIAL-IN
peer default ipv6 pool DIAL-IN6
ppp encrypt mppe 128
ppp authentication ms-chap
ppp ipcp dns 129.250.35.250 129.250.35.251
!
ip local pool DIAL-IN 10.10.15.72 10.10.15.79
ipv6 local pool DIAL-IN6 3ffe:3ffe:0:7080::/62 64
!


jared at puck

Feb 7, 2011, 7:06 AM

Post #6 of 10 (3257 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On Feb 7, 2011, at 9:29 AM, Gert Doering wrote:

> Hi,
>
> On Mon, Feb 07, 2011 at 09:23:15AM -0500, Jared Mauch wrote:
>> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.
>>
>> - Jared
>>
>> interface Virtual-Template1
>> ip unnumbered FastEthernet2/0
>> ipv6 unnumbered FastEthernet2/0
>> ipv6 enable
>> ipv6 nd reachable-time 30
>> no ipv6 nd suppress-ra
>
> Are you actually seeing RAs with a prefix being sent out by the Cisco?
>
> I'm wondering whether the combination with "ipv6 unnumbered" might
> make the Cisco consider the interface as "there's no prefix here" so
> it will only announce a "naked" RA...
>
> We use radius to stick IPv6 prefixes to virtual-interface interfaces,
> so I'm not sure whether this...
>
>> peer default ip address pool DIAL-IN
>> peer default ipv6 pool DIAL-IN6
>
> ... would achieve the same job (grab a /64, stick it on the vif,
> send out proper RAs).
>
> I'd tcpdump to be sure :-)


So what I am seeing as the 'created' config when the pptp/vpn session is up:

!
interface Virtual-Access3
ip unnumbered FastEthernet2/0
ipv6 unnumbered FastEthernet2/0
ipv6 enable
ipv6 nd reachable-time 30
ipv6 nd prefix 3ffe:3ffe:0:7080::/64 2592000 604800 no-rtr-address
no ipv6 nd suppress-ra
peer default ipv6 pool DIAL-IN6
!

As you can see the rt_adv solved it, but I do wonder how to solve this for iPhone/iPad devices as well.

- Jared


gert at space

Feb 7, 2011, 9:34 AM

Post #7 of 10 (3250 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

Hi,

On Mon, Feb 07, 2011 at 10:06:39AM -0500, Jared Mauch wrote:
> So what I am seeing as the 'created' config when the pptp/vpn session is up:
>
> !
> interface Virtual-Access3
> ip unnumbered FastEthernet2/0
> ipv6 unnumbered FastEthernet2/0
> ipv6 enable
> ipv6 nd reachable-time 30
> ipv6 nd prefix 3ffe:3ffe:0:7080::/64 2592000 604800 no-rtr-address
> no ipv6 nd suppress-ra
> peer default ipv6 pool DIAL-IN6

Should do the job just fine, yes...

> As you can see the rt_adv solved it, but I do wonder how to solve this for iPhone/iPad devices as well.

Good question. Maybe it works by default? Otherwise... bash Apple...

(Having IPv6 support on 3G would also be a nice change)

Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279


jared at puck

Feb 7, 2011, 10:00 AM

Post #8 of 10 (3248 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On Feb 7, 2011, at 12:34 PM, Gert Doering wrote:

>>
>> As you can see the rt_adv solved it, but I do wonder how to solve this for iPhone/iPad devices as well.
>
> Good question. Maybe it works by default? Otherwise... bash Apple...

heh, may need to raise an issue in the bug tracker. also noticed that if i launched system preferences -> network while ipv6 was enabled on the ppp0 it freaked out and cleared the v6 address until next router adv interval.

it doesn't appear to work automatically, vpn'ed in with iPhone with ... highly modern firmware.. ^W NDA? Appears to only select the v4 address.

> (Having IPv6 support on 3G would also be a nice change)

I think tmo in us has a v6 APN. Not sure what other carriers are operating a v6 APNs but seems like a comprehensive list might be worthwhile.

- Jared


gert at space

Feb 7, 2011, 10:18 AM

Post #9 of 10 (3246 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

Hi,

On Mon, Feb 07, 2011 at 01:00:06PM -0500, Jared Mauch wrote:
> > (Having IPv6 support on 3G would also be a nice change)
>
> I think tmo in us has a v6 APN. Not sure what other carriers are operating a v6 APNs but seems like a comprehensive list might be worthwhile.

Actually, my snide remark was pointed at apple - even if the APN has v6,
the iOS devices won't make use of it (at least that's what I understand
from people that have tried somewhat recently).

These days, pretty much only Nokia mobiles do IPv6 on 3G :-(

Of course, the other side of the radio is lacking as well - there's a
few networks in Slovenia, TMO US (of course), and "closed testing"
in a few other countries...

Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279


bill.hulley at gmail

Feb 10, 2011, 7:35 AM

Post #10 of 10 (3406 views)
Permalink
Re: MacOS pptp client + IPv6 [In reply to]

On 7 Feb 2011, at 14:31, Simon Perreault wrote:

> On 2011-02-07 09:23, Jared Mauch wrote:
>> Anyone gotten the MacOS PPTP/VPN client to obtain an IPv6 address? I'm using a Cisco router on the other end, and am looking for anything obvious i'm missing. It appears to be sending the traffic out the virtual-access interface just fine, but I'm not seeing an IPv6 address on the ppp0 interface.
>
> Maybe this will be helpful:
> http://marcblanchet.blogspot.com/2010/08/ipv6-pppoe-on-macosx.html
>
> Especially this part:
>
>> However, the IPv6 global addresses are now shown anywhere, either in the Network Settings Panel, nor with ifconfig ppp0. The IPv6 PPP specification(RFC5072) says that the global address is obtained by router advertisements on the PPP link or by DHCPv6.
>> Inspection of MacOSX shows that router advertisements were not enabled (surprisingly, becauseI'm using IPv6 RA at the office without having to do any change in the kernel config) in the kernel, so I enable them.
>> # sudo sysctl -w net.inet6.ip6.accept_rtadv=1
>> net.inet6.ip6.accept_rtadv: 0 -> 1

I've been using a similar config for a couple of years now, but with L2TP/IPsec instead of PPTP.

Older versions of Mac OS X needed a ppp up script to add the ipv6 defaut route, but more
recently that seems to have been fixed.

Since enabling IPv6 on my office network I've noticed another bug with the v6 default route.

With a IPv6 address and default route on the underlying interface (ethernet, wifi) if I make a v6
enabled VPN connection to my Cisco at home it gets a v6 address on the ppp interface just fine
but then it wont install an additional IPv6 default route. A secondary IPv4 default route to the
ppp interface is installed as you'd expect with the 'send all traffic over vpn connection' box
ticked.

Manually adding a ipv6 default route results with this message:
# route add -inet6 default -interface ppp0
route: writing to routing socket: File exists
add net default: gateway ppp0: File exists

I can remove the ethernet default and then add one via ppp0 but ping6 still wants to bind to the
IPv6 address of the ethernet interface not the ppp interface.

If I take the VPN down, disable IPv6 on the ethernet interface and bring the VPN back up all works
as expected and v6 works fine on the ppp interface.

Any ideas?

Bill.

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.