From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 30 18:35:10 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80AE0106564A for ; Fri, 30 Sep 2011 18:35:10 +0000 (UTC) (envelope-from cochard@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3EE408FC15 for ; Fri, 30 Sep 2011 18:35:10 +0000 (UTC) Received: by qyk4 with SMTP id 4so2381977qyk.13 for ; Fri, 30 Sep 2011 11:35:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:cc:content-type; bh=7E/IXWbweAIYaFkFF0P7jKTk3cJfw35p+0xeslS0jKI=; b=moY+UhAqidhIDu1zNliR8d74jqMcDUTPVmcBy8KxWvL+ncxKO7YBf+YwHMxh/ugdp0 F67lV+l3Ee6i6rMGyWv+TIydHWH4sBAspNQOTFWreZ4aaLMFRkXavZLGWRcSONmVybIb uvT1QK8Jm62dnctHDuv2wrM+Ecvhs+JUtSQc0= Received: by 10.229.101.68 with SMTP id b4mr7270724qco.68.1317406222245; Fri, 30 Sep 2011 11:10:22 -0700 (PDT) MIME-Version: 1.0 Sender: cochard@gmail.com Received: by 10.229.80.13 with HTTP; Fri, 30 Sep 2011 11:10:02 -0700 (PDT) From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= Date: Fri, 30 Sep 2011 20:10:02 +0200 X-Google-Sender-Auth: XD_B02XmoXmOvqQ_NPWRTMzW9HY Message-ID: To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: mav@freebsd.org Subject: ipfw doesn't support IPv6 PPTP VPN (IPFW2: IPV6 - Unknown Extension Header(47)) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2011 18:35:10 -0000 Hi list, I've got 2 PPTP VPN tunnels (using net/mpd5) between 2 FreeBSD based router (8.2-RELEASE-p3) : One IPv6 tunnel (IPv6 end point addresses) and one IPv4 tunnel (IPv4 end points addresses), and would to try to enable IPFW between them. I've first begin to enable IPFW in open mode, but as soon as I enable it, my IPv6 tunnel goes down and my console fill with theses messages : IPFW2: IPV6 - Unknown Extension Header(47), ext_hd=0 And there is no denied rules matched: [root@R4]~# ipfw -a list 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from any to ::1 00500 0 0 deny ip from ::1 to any 00600 7 536 allow ipv6-icmp from :: to ff02::/16 00700 49 3336 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 20 1736 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 50 3400 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 65000 1727 102386 allow ip from any to any 65535 0 0 deny ip from any to any I don't think it's a normal behaviour: Does anyone know how to fix that ? If you need more information on this setup, all configuration are online (It's router 4): http://bsdrp.net/documentation/examples/maximum_bsdrp_features_lab Regards, Olivier