[SOLVED] Tunnel Online but Not Routing to outside IPv6 Sites
-
After hours and hours of configuring, trying to figure out what was the matter with my IPv6 tunnel… why it was not routing my traffic outside my own IPv6 LAN I finally figured it out. I am posting this here for other newbies because I didn't see this included in any of the PFsense IPv6 setup guides. My tunnel now works 100% and I can browse every IPv6 address and it's quick. I am using a free Hurricane Electric tunnel. Don't also forget to configure IPv6 DNS from Hurricane Electric, your tunnel broker of choice or OpenDNS servers located at: http://www.opendns.com/ipv6/
There is one more step you have to complete after you get your tunnel online and IPv6 DHCP server working: You have to add a route to "all global IPv6 addresses".
Step 1. Go to System Drop down at the top of the Webadmin
Step 2. Click "Routing".
Step 3. Click on "Routes".
Step 4: Add a new rout by clicking the "+" button.
Step 5: Under "Destination Network" type in: "2000::" exactly without the quotes. Then select /3 from the drop-down menu on the right.
Step 6: Gateway - Select your IPv6 tunnel Gateway from the drop down
Step 7: SaveGood luck!
-
Not sure where you got the idea that you need to do this, but you dont!
You should already have a default route that says for IPv6 to use your tunnel
-
Pfsense never setup a default route for me for IPv6 through several 2.0 versions… and this is the only thing that got my router to pass traffic to outside IPv6 servers.
-
why would you not have setup a default route vs a specific route? Also I would suggest you tshoot why the default route was not created vs manually creating a route.
-
Can you please explain how to setup a default route vs the "specific" one that I setup? I don't know where to find "default routes" in the webadmin and followed the PFsense IPv6 Tunnel guides by the letter exactly, and it still never worked until I put that specific route in. Where is the default routes? Thanks!
-
It appears there are a few bugs stopping the default route from being created, see my thread.
-
Thanks ipv6kid. This may not be the "correct" way to do it but I also spent a couple hours going over every portion of my config after following the guide and nothing worked until I followed your instructions.
-
as far as I can tell it did setup default routes for most if not all of the users.
There is a checkbox to designate that gateway being the default. The not so intuitive part is that both a v6 and a v4 can be toggled default.
I should really add a tag in the listing ;-)
-
Both my v4 and my v6 gateways are set as default. There is no "default" route for V6 in my routing table though.
-
It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.
-
AFAIK there's a problem in /etc/inc/system.inc at the line 420:
mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");if I do this on pfsense's console:
# route change -inet6 default 2001:470:XXXX:XXX::1 route: writing to routing socket: No such process change net default: gateway 2001:470:XXXX:XXX::1: not in tablebut if I manually add a fake default route and then change it, it works fine..
# route add -inet6 default ::1 add net default: gateway ::1 # route change -inet6 default 2001:470:XXXX:XXX::1 change net default: gateway 2001:470:XXXX:XXX::1so, maybe it could be added to init script a fake default route for inet6 .
Another solution: check if there's a default inet6 route before changing it and using "add" instead of "change" if there's no default GW
[sorry for my poor english :) ]
-
the route binary we use in pfSense will add a route if it doesn't exist with Change. Maybe you have a older binary snapshot.
-
I updated an old 1.2.3 installation to 2.0-RC3 with full-upgrade package, then updated to 2.1-DEVELOPMENT via "playback gitsync" to master version:
# md5 /sbin/route MD5 (/sbin/route) = b8e47fdd0d5f1f3d249dd1b9ae69bd38Maybe i have to do a fresh install of 2.0?
k.
-
a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT
-
It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.
Nice! I have a "default" now after updating the snap and gitsyncing. My box still doesn't seem to gitsync automatically after updating the snap but that's another issue. Thank for all your work on this!
-
a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT
I just installed a clean 2.0 snapshot ( pfSense-memstick-2.0-RC3-i386-20110621-1650.img ) then updated via gitsync to 2.1-DEVELOPMENT and the /sbin/route binary still don't work as expected (and has the same md5sum of old installation). When it tries to "route change", it fails.
Where I'm wrong? I've installed from a wrong source?
thanks in advance.
k. -
Where I'm wrong? I've installed from a wrong source?
I've just missed a step!
Updated to "2.1-DEVELOPMENT (i386) built on Mon Sep 5 04:07:51 EDT 2011" via Auto Update, then gitsync and now /sbin/route seems working fine.
If i remove the default route for inet6, then "change" it ,route gives "No such process" error, but then the new default is set!
thanks
k.
