Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: IPv6 the selling point everyone missed.  (Read 6019 times)

Reformed

  • Reg Member
  • ***
  • Posts: 318
Re: IPv6 the selling point everyone missed.
« Reply #15 on: October 21, 2021, 12:21:29 PM »

Ethernet driver is stripping VLAN tag inbound. No tag being applied outbound so one-way traffic only as the v6 traffic is ending up on native VLAN.

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: IPv6 the selling point everyone missed.
« Reply #16 on: October 21, 2021, 12:39:16 PM »

Windows Home shouldnt really exist.  Microsoft trying to over segment as usual.

But I am not convinced thats Alex's problem unless he is trying to do the tagging from in windows itself.

If its done on the switch then the traffic for the other VLAN shouldnt even hit windows?  I am not using Windows Home, but at the same time I dont even have VLAN tagging enabled on the network card which means windows has no knowledge of what VLAN it is using and as such wouldnt be filtering out other VLAN traffic.

When I tried to do a poor man guest network setup (without proper VLAN configuration) I had a FreeBSD VM with the same symptoms as Alex described.

Alex I attached some screenshots, my PC is on Port 2 untagged VLAN 3 (switch managed, windows has no vlan knowledge), the WAN port (repurposed as a LAN port) is where pfSense is connected.  My other switch is also VLAN managed.  All my client devices have no VLAN configuration, all untagged. VLAN3 normal private LAN, VLAN9 guest network with restrictions, VLAN1 no longer used as advised by pfSense devs to not use it.

On the RA vs DHCPv6 thing, I think it should have been just DHCP or static configuration the same as IPv4, people who have never used IPv6 before have to learn RA and how it works, which isnt a good thing, it adds a barrier and complexity to take up.

We seem to have gone from me trying to raise a point on the potential security benefits of having sticky IPv6 on every device, to why IPv6 isnt perfect. :)  What you guys think of it?
« Last Edit: October 21, 2021, 12:59:51 PM by Chrysalis »
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #17 on: October 21, 2021, 03:19:55 PM »

Yes the traffic coming into the NIC IS TAGGED, because this works perfectly on Linux allowing me a one-click solution to enable/disabe IPv6 on that box for testing as I just disconnect the virtual NIC assigned to that VLAN, without impacting the untagged traffic whatsoever or interrupting my network shares to the NAS.

My point wasn't to troubleshoot the issue rather to highlight how idiotic Windows default behaviour is if its untagging the traffic rather than ignoring it, particularly as the NIC driver is VLAN aware and I can manually select which VLAN to use, so you'd expect the default of "none" would ignore ALL tagged traffic?  I guess its possible this is a driver issue.

The intent wasn't to fix the issue but to understand HOW its getting its fixed IP address from pfSense when surely DHCPv6 can't function if its unable to receive a response from the client?  So presumably its using RA which pfSense makes no mention of this being tied to the DHCPv6 static IP list.
« Last Edit: October 21, 2021, 03:31:55 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #18 on: October 21, 2021, 03:39:29 PM »

I said this some years back. Win Home cannot be secured properly, that’s why I hate it. But then most people have no possible way to get the help needed to establish a secured configuration so as you say it’s not such a big deal. But the point is, Win Pro is not much more money so it should be the default.

Considering my copies of Windows come from sales, upgrades, etc, they were a LOT cheaper than Pro.  When I bought them the missing functionality was much less of an issue that it is today and if you try to use Windows standard way of upgrading, the Pro upgrade is a huge rip-off.  The only way its cheap that I'm aware of is buying keys from sources that might not be trusted.

With all the claimed focus on security on 11 I thought they were finally going to ditch Home and make Pro the base version.  Needing TPM but disabling Bitlocker support is a whole new level of moronic, particularly as every other OS supports encrypted drives as standard.  (although MacOS is clear as mud if its actually working or not as its an instant toggle with no indication of WHEN its actually finished encrypting your data)
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: IPv6 the selling point everyone missed.
« Reply #19 on: October 21, 2021, 11:55:20 PM »

I can understand why they make Home so useless, it’s to prevent businesses from buying it.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: IPv6 the selling point everyone missed.
« Reply #20 on: October 22, 2021, 01:34:06 PM »

Yes the traffic coming into the NIC IS TAGGED, because this works perfectly on Linux allowing me a one-click solution to enable/disabe IPv6 on that box for testing as I just disconnect the virtual NIC assigned to that VLAN, without impacting the untagged traffic whatsoever or interrupting my network shares to the NAS.

My point wasn't to troubleshoot the issue rather to highlight how idiotic Windows default behaviour is if its untagging the traffic rather than ignoring it, particularly as the NIC driver is VLAN aware and I can manually select which VLAN to use, so you'd expect the default of "none" would ignore ALL tagged traffic?  I guess its possible this is a driver issue.

The intent wasn't to fix the issue but to understand HOW its getting its fixed IP address from pfSense when surely DHCPv6 can't function if its unable to receive a response from the client?  So presumably its using RA which pfSense makes no mention of this being tied to the DHCPv6 static IP list.


I would expect windows if not configured to use VLAN's to ignore the tags rather than ignore the traffic, thanks for confirming your setup.  This to me explains why you had the problem you had.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #21 on: October 22, 2021, 03:19:52 PM »

I would expect windows if not configured to use VLAN's to ignore the tags rather than ignore the traffic, thanks for confirming your setup.  This to me explains why you had the problem you had.

I could understand that if the NIC driver didn't support VLANs, but on Linux if the NIC isn't opted into a VLAN it ignores the traffic, which is obviously necessary if you are using tagged and untagged on the same port.  A prime example of that being OpenWRT.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: IPv6 the selling point everyone missed.
« Reply #22 on: October 22, 2021, 04:07:49 PM »

Yeah that would indicate Linux is always VLAN aware, whilst Windows when its disabled just acts dumb and accepts everything regardless of tagging.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: IPv6 the selling point everyone missed.
« Reply #23 on: October 22, 2021, 04:48:34 PM »

Yeah that would indicate Linux is always VLAN aware, whilst Windows when its disabled just acts dumb and accepts everything regardless of tagging.

Just another thing about the Windows networking stack to hate I guess.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
Pages: 1 [2]