Captive portal IPv6 support
|Affected version:||2.1-IPv6||Affected Architecture:|
Captive portal needs IPv6 support. ipfw fwd doesn't function with IPv6 last I heard, amongst other things that need work here for v6.
#1 Updated by Thomas NOEL over 1 year ago
I'm very interrested by this topic (IPv6 for CP). Do you have any plan or any schedule for this development ? If your team is ready to work on this, is a targeted donation is possible (and does it help) ?
#2 Updated by Chris Buechler over 1 year ago
this is, like everything with IPv6, targeted for 2.1. This is likely the single most complex and time consuming piece (actually several pieces directly related to this) of anything outstanding with IPv6. We're seeking donations for IPv6 work in general, and specifically if you could put something towards this that would be very helpful. Please email me to discuss details - cmb at pfsense dot org.
#3 Updated by Ermal Luçi over 1 year ago
For CP on IPv6 to work ipfw tables need to be tought about v6 addresses and
ipfw forward at layer2 needs to be coded for v6.
#4 Updated by Chris Buechler over 1 year ago
- Target version changed from 2.1 to 2.2
there is a lot involved here, people will expect to auth both v4 and v6 IPs in a single shot which complicates everything. Our HSIA customers have indicated it's not an important feature in the immediate (or even foreseeable in some cases) future, and we're on too tight a schedule for 2.1 to get this done by then, so pushing to 2.2.
- File 0001-MFC-r232865-r232868-and-r233478.patch added
MFC r232865, r232868 and r233478 added ipfw support for IPv6 tables in stable. To apply the changes the CaptivePortal multi instance patch (CP_multi_instance_ipfw.diff) may also require a few changes.
#7 Updated by Ermal Luçi 5 months ago
I think ipv6 fwd support on ipfw is not on 8.3, though i might be wrong!
And you forgot to attach as well.
As usual github pull requests are better in general :)
- File CP_speedup.diff added
Yes, I believe there are only partial patches available for ipv6 fwd support for stable/8 such as http://www.freebsd.org/cgi/query-pr.cgi?pr=117214.
I didn't yet put any patches on github as they cannot be applied individually and they would break the current implementation.
So those modifications / patches are just tiny steps until full support. For now I have also modified and attached the CP_speedup.diff to support IPv6. The patch applies after the above 0001-MFC-r232865-r232868-and-r233478.patch (IPv6 tables support) which by the way applies to 8.3 release.
Before any of those patches can be included at least the context switching (CP_multi_instance_ipfw.diff) will have to be migrated and there are also changes required to the pfSense php module (or the ipfw binary will have to be used again). And of course to make everything work ipv6 fwd support will be needed.
I'll just add this here so that it doesn't get lost:
Add IPv6 support to 'pfSense_ip_to_mac' function https://github.com/bsdperimeter/pfsense-tools/pull/57
- File php53-pfSense-module.patch added
- File filterdns.patch added
Those patches make the required changes to the php53-pfSense-module and the filterdns ports.
- File cp_ipv6.png added
IPv6 here we are! There's still some cleanup to be done but other than that it is working.
- add ipv6 to the default ipfw rules
- captiveportal php code needs some adjustments (e.g. 32bit netmask)
I assume there won't be any major changes anymore to 2.1 thus this feature will be integrated in 2.2? So I can either upload the patches here in a zip file or on github and create a pull request. What do you prefer?
I could also provide a working iso if someone wants to test it.
Maybe an admin can also cleanup my mess here and remove the files that I have previously attached, some of them required further modifications.
#13 Updated by Chris Buechler 5 months ago
Go ahead and attach it here for now, though that will almost certainly require some updating to merge cleanly post-2.1, we don't want any v6 CP in 2.1. This likely will require a lot of work to be usable in real world scenarios for a variety of reasons and that's not something we can support for 2.1. I'll remove the files attached to this point.
#14 Updated by Chris Buechler 5 months ago
- File deleted (
- File CaptivePortal_IPv6.zip added
Attached is the zip file with the required patches. All files except for the patch captiveportal.inc.diff, which applies to the pfsense repository, are part of the pfsense-tools repository. Patches apply to the FreeBSD 8.3 sources and code in the master branch as of 2012-12-31.
If you just want to take a look at the code you can also do so on github on the ipv6_cp branch in my (pfsense)  and (pfsense-tools)  repositories. I also made an iso  for anyone that wants to do early testing of the IPv6 capability.I only tested a few Captive Portal use cases (e.g no radius) which seemed to work quite nicely, however there are still a few remaining issues which include:
- User needs to login / logout for IPv4 and IPv6 addresses
- The ipfw filter rules allow communication between IPv6 link-local addresses
- Captive Portal Settings GUI is not yet fully IPv6 compatible (e.g. only accepts IPv4 addresses under "Allowed IP Addresses")