ipfw doesn't support IPv6 PPTP VPN (IPFW2: IPV6 - Unknown Extension
Header(47))
Olivier Cochard-Labbé
olivier at cochard.me
Fri Sep 30 18:35:10 UTC 2011
Hi list,
I've got 2 PPTP VPN tunnels (using net/mpd5) between 2 FreeBSD based
router (8.2-RELEASE-p3) :
One IPv6 tunnel (IPv6 end point addresses) and one IPv4 tunnel (IPv4
end points addresses), and would to try to enable IPFW between them.
I've first begin to enable IPFW in open mode, but as soon as I enable
it, my IPv6 tunnel goes down and my console fill with theses messages
:
IPFW2: IPV6 - Unknown Extension Header(47), ext_hd=0
And there is no denied rules matched:
[root at R4]~# ipfw -a list
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 7 536 allow ipv6-icmp from :: to ff02::/16
00700 49 3336 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 20 1736 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 50 3400 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 1727 102386 allow ip from any to any
65535 0 0 deny ip from any to any
I don't think it's a normal behaviour: Does anyone know how to fix that ?
If you need more information on this setup, all configuration are
online (It's router 4):
http://bsdrp.net/documentation/examples/maximum_bsdrp_features_lab
Regards,
Olivier
More information about the freebsd-ipfw
mailing list