@mrancier. See the pm. Another thought, you might need to update wpa_supplicant to 2.5 or newer. I couldn't get an older (.5 or .7something) to work on utm.
@SlabUlkhead
We'll beat this bitch into submission one way or another!@#
Dls's comment above made me think outside the box a bit.
We knows it pulls a useless /128 ip when configued as dhcpv6 for wan.
So... From the ipv6/global page it shows (still don't know how I got /60?!@#???). It was /64 after connecting through the bgw (passthrough mode). And stayed /64 for some time.
Delegated Prefix: 2600:1700:XXXX:XXX0::/60
Also, when set to dhcpv6 it will indicated some fe80:: gateway IP under interface, wan. Make a note of this address.
For wan interface uncheck dynamic ipv6.
I recorded the values from the ipv6 global tab when I had utm connected to the bgw210. First 4 sections mirrored the /60 DP address. Next 4 were a combination of the wan mac (cert's mac).
ipv6 7a 96:84ff:fe12:3456
mac 78:96:84: 12:34:56
So put together it looks like this. 12:34:56 are just place holders for digits in those positions. Note the 0 after the xxx's.
2600:1700:XXXX:XXX0:7a96:84ff:fe12:3456
netmask: 64
gateway: fe80::1234
This became my wan static IP. Utm itself could now ping and traceroute to ipv6 addresses.
For the local lan interface I did something different. I incremented the fourth (from the left) segment by 1 (XXX1).
ipv6 address: 2600:1700:XXXX:XXX1::1
Netmask : 64
Paste this ipv6 addr under ipv6/prefix advertisement. Check Stateless integrated server box then save. I was scratching my head for a good 5 min because nothing happened.
Turn off ipv6, wait about 30 sec then turn it back on. Do a wpa_cli logoff followed by a logon, or wait about a min.
Disable/re-enable your pc's nic. It should now generate a 2600:1700:XXXX:XXX1:abcd:efgh:ijkl:mnop IP addr. In my case, the ip generated had nothing to do with the mac address unlike the utm ip.
You should now have ipv6 connectivity on both utm and your pc. Ipv6-test.com reveals the above generated ipv6 address. It gets better! Turn web filtering back on. Now the test shows the utm's ipv6, web filtering log indicates activity.
All is still not well. After an hr (lease duration), ipv6 stops working. @dls, I'm still not seeing any firewall entries pertaining to blocked ipv6 icmp packets.
For icmp v6 there's many different service definitions possible. I don't see a single one that covers them all.
»
i.imgur.com/kMnDEou.png»
i.imgur.com/hWQ9nmD.pngRunning
chroot /var/sec/chroot-dhcpc /usr/sbin/dhclient6 -6 -P --prefix-len-hint 60 -d -D LLT -cf /etc/eth4.conf6 -lf /var/db/eth4_na.leases6 -pf /var/run/dhclient6_na_eth4.pid eth4
Renews connectivity. It appears unless wan is set to dhcpv6, the dhclient6 doesn't run. Note the "-d" is missing from below. This starts the client then leaves it running in the background.
»
manpages.debian.org/jess ··· .en.html For full parameter description.
chroot /var/sec/chroot-dhcpc /usr/sbin/dhclient6 -6 -P --prefix-len-hint 60 -D LLT -cf /etc/eth4.conf6 -lf /var/db/eth4_na.leases6 -pf /var/run/dhclient6_na_eth4.pid eth4 > /dev/null 2>&1
Seems to get the job done. We'll find out in an hour if there's still ipv6 connectivity and/or if it renewed succesfully.