Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: IPv6 the selling point everyone missed.  (Read 1005 times)

Reformed

  • Member
  • **
  • Posts: 47
Re: IPv6 the selling point everyone missed.
« Reply #15 on: October 21, 2021, 12:21:29 PM »

Ethernet driver is stripping VLAN tag inbound. No tag being applied outbound so one-way traffic only as the v6 traffic is ending up on native VLAN.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6681
Re: IPv6 the selling point everyone missed.
« Reply #16 on: October 21, 2021, 12:39:16 PM »

Windows Home shouldnt really exist.  Microsoft trying to over segment as usual.

But I am not convinced thats Alex's problem unless he is trying to do the tagging from in windows itself.

If its done on the switch then the traffic for the other VLAN shouldnt even hit windows?  I am not using Windows Home, but at the same time I dont even have VLAN tagging enabled on the network card which means windows has no knowledge of what VLAN it is using and as such wouldnt be filtering out other VLAN traffic.

When I tried to do a poor man guest network setup (without proper VLAN configuration) I had a FreeBSD VM with the same symptoms as Alex described.

Alex I attached some screenshots, my PC is on Port 2 untagged VLAN 3 (switch managed, windows has no vlan knowledge), the WAN port (repurposed as a LAN port) is where pfSense is connected.  My other switch is also VLAN managed.  All my client devices have no VLAN configuration, all untagged. VLAN3 normal private LAN, VLAN9 guest network with restrictions, VLAN1 no longer used as advised by pfSense devs to not use it.

On the RA vs DHCPv6 thing, I think it should have been just DHCP or static configuration the same as IPv4, people who have never used IPv6 before have to learn RA and how it works, which isnt a good thing, it adds a barrier and complexity to take up.

We seem to have gone from me trying to raise a point on the potential security benefits of having sticky IPv6 on every device, to why IPv6 isnt perfect. :)  What you guys think of it?
« Last Edit: October 21, 2021, 12:59:51 PM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 3166
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #17 on: October 21, 2021, 03:19:55 PM »

Yes the traffic coming into the NIC IS TAGGED, because this works perfectly on Linux allowing me a one-click solution to enable/disabe IPv6 on that box for testing as I just disconnect the virtual NIC assigned to that VLAN, without impacting the untagged traffic whatsoever or interrupting my network shares to the NAS.

My point wasn't to troubleshoot the issue rather to highlight how idiotic Windows default behaviour is if its untagging the traffic rather than ignoring it, particularly as the NIC driver is VLAN aware and I can manually select which VLAN to use, so you'd expect the default of "none" would ignore ALL tagged traffic?  I guess its possible this is a driver issue.

The intent wasn't to fix the issue but to understand HOW its getting its fixed IP address from pfSense when surely DHCPv6 can't function if its unable to receive a response from the client?  So presumably its using RA which pfSense makes no mention of this being tied to the DHCPv6 static IP list.
« Last Edit: October 21, 2021, 03:31:55 PM by Alex Atkin UK »
Logged
INTAKE (ECI) Home Hub 5A (OpenWRT) on Zen, Hauwei B353-232 on Libera 4G, Hauwei CPE Pro 2 H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: Zyxel NWA210AX + Ubiquiti nanoHD (OpenWRT)
My Broadband History & Ping Quality Monitors

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 3166
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #18 on: October 21, 2021, 03:39:29 PM »

I said this some years back. Win Home cannot be secured properly, thatís why I hate it. But then most people have no possible way to get the help needed to establish a secured configuration so as you say itís not such a big deal. But the point is, Win Pro is not much more money so it should be the default.

Considering my copies of Windows come from sales, upgrades, etc, they were a LOT cheaper than Pro.  When I bought them the missing functionality was much less of an issue that it is today and if you try to use Windows standard way of upgrading, the Pro upgrade is a huge rip-off.  The only way its cheap that I'm aware of is buying keys from sources that might not be trusted.

With all the claimed focus on security on 11 I thought they were finally going to ditch Home and make Pro the base version.  Needing TPM but disabling Bitlocker support is a whole new level of moronic, particularly as every other OS supports encrypted drives as standard.  (although MacOS is clear as mud if its actually working or not as its an instant toggle with no indication of WHEN its actually finished encrypting your data)
Logged
INTAKE (ECI) Home Hub 5A (OpenWRT) on Zen, Hauwei B353-232 on Libera 4G, Hauwei CPE Pro 2 H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: Zyxel NWA210AX + Ubiquiti nanoHD (OpenWRT)
My Broadband History & Ping Quality Monitors

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 the selling point everyone missed.
« Reply #19 on: October 21, 2021, 11:55:20 PM »

I can understand why they make Home so useless, itís to prevent businesses from buying it.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6681
Re: IPv6 the selling point everyone missed.
« Reply #20 on: October 22, 2021, 01:34:06 PM »

Yes the traffic coming into the NIC IS TAGGED, because this works perfectly on Linux allowing me a one-click solution to enable/disabe IPv6 on that box for testing as I just disconnect the virtual NIC assigned to that VLAN, without impacting the untagged traffic whatsoever or interrupting my network shares to the NAS.

My point wasn't to troubleshoot the issue rather to highlight how idiotic Windows default behaviour is if its untagging the traffic rather than ignoring it, particularly as the NIC driver is VLAN aware and I can manually select which VLAN to use, so you'd expect the default of "none" would ignore ALL tagged traffic?  I guess its possible this is a driver issue.

The intent wasn't to fix the issue but to understand HOW its getting its fixed IP address from pfSense when surely DHCPv6 can't function if its unable to receive a response from the client?  So presumably its using RA which pfSense makes no mention of this being tied to the DHCPv6 static IP list.


I would expect windows if not configured to use VLAN's to ignore the tags rather than ignore the traffic, thanks for confirming your setup.  This to me explains why you had the problem you had.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 3166
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #21 on: October 22, 2021, 03:19:52 PM »

I would expect windows if not configured to use VLAN's to ignore the tags rather than ignore the traffic, thanks for confirming your setup.  This to me explains why you had the problem you had.

I could understand that if the NIC driver didn't support VLANs, but on Linux if the NIC isn't opted into a VLAN it ignores the traffic, which is obviously necessary if you are using tagged and untagged on the same port.  A prime example of that being OpenWRT.
Logged
INTAKE (ECI) Home Hub 5A (OpenWRT) on Zen, Hauwei B353-232 on Libera 4G, Hauwei CPE Pro 2 H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: Zyxel NWA210AX + Ubiquiti nanoHD (OpenWRT)
My Broadband History & Ping Quality Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6681
Re: IPv6 the selling point everyone missed.
« Reply #22 on: October 22, 2021, 04:07:49 PM »

Yeah that would indicate Linux is always VLAN aware, whilst Windows when its disabled just acts dumb and accepts everything regardless of tagging.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 3166
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #23 on: October 22, 2021, 04:48:34 PM »

Yeah that would indicate Linux is always VLAN aware, whilst Windows when its disabled just acts dumb and accepts everything regardless of tagging.

Just another thing about the Windows networking stack to hate I guess.
Logged
INTAKE (ECI) Home Hub 5A (OpenWRT) on Zen, Hauwei B353-232 on Libera 4G, Hauwei CPE Pro 2 H122-373 on Three 5G Router: pfSense (i5-7200U) WiFi: Zyxel NWA210AX + Ubiquiti nanoHD (OpenWRT)
My Broadband History & Ping Quality Monitors
Pages: 1 [2]