Comcast 6to4 how-to?

irvingpop · Apr 13, 2012, 5:44 PM

Using the latest Snapshot: 2.1-DEVELOPMENT (i386) built on Fri Apr 13 00:07:05 EDT 2012

I can ping the IPv6 Gateway, but nothing beyond it.


[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(1): ping6 2002:c058:6301::1
PING6(56=40+8+8 bytes) 2002:1815:7e8a:: --> 2002:c058:6301::1
16 bytes from 2002:c058:6301::1, icmp_seq=0 hlim=64 time=28.143 ms
16 bytes from 2002:c058:6301::1, icmp_seq=1 hlim=64 time=29.553 ms
16 bytes from 2002:c058:6301::1, icmp_seq=2 hlim=64 time=29.808 ms
16 bytes from 2002:c058:6301::1, icmp_seq=3 hlim=64 time=29.654 ms
16 bytes from 2002:c058:6301::1, icmp_seq=4 hlim=64 time=30.774 ms
^C
--- 2002:c058:6301::1 ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 28.143/29.586/30.774/0.842 ms

[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(2): ping6 ipv6.google.com
ping6: UDP connect: No route to host

Netstat shows no IPv6 default gateway

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UH          lo0
2002::/16                         link#10                       U          stf0
2002:1815:7e8a::                  link#10                       UHS         lo0 =>
2002:1815:7e8a::/64               link#1                        U           vr0
2002:1815:7e8a::1                 link#1                        UHS         lo0
fe80::%vr0/64                     link#1                        U           vr0
fe80::20d:b9ff:fe24:7288%vr0      link#1                        UHS         lo0
fe80::%vr1/64                     link#2                        U           vr1
fe80::20d:b9ff:fe24:7289%vr1      link#2                        UHS         lo0
fe80::%vr2/64                     link#3                        U           vr2
fe80::20d:b9ff:fe24:728a%vr2      link#3                        UHS         lo0
fe80::%lo0/64                     link#7                        U           lo0
fe80::1%lo0                       link#7                        UHS         lo0
fe80::%ovpns1/64                  link#12                       U        ovpns1
fe80::2bd:f9ff:fe0a:1%ovpns1      link#12                       UHS         lo0
ff01::%vr0/32                     fe80::20d:b9ff:fe24:7288%vr0  U           vr0
ff01::%vr1/32                     fe80::20d:b9ff:fe24:7289%vr1  U           vr1
ff01::%vr2/32                     fe80::20d:b9ff:fe24:728a%vr2  U           vr2
ff01::%lo0/32                     ::1                           U           lo0
ff01::%ovpns1/32                  fe80::2bd:f9ff:fe0a:1%ovpns1  U        ovpns1
ff02::%vr0/32                     fe80::20d:b9ff:fe24:7288%vr0  U           vr0
ff02::%vr1/32                     fe80::20d:b9ff:fe24:7289%vr1  U           vr1
ff02::%vr2/32                     fe80::20d:b9ff:fe24:728a%vr2  U           vr2
ff02::%lo0/32                     ::1                           U           lo0
ff02::%ovpns1/32                  fe80::2bd:f9ff:fe0a:1%ovpns1  U        ovpns1

Manually adding inet6 default gateway fixes it


[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(9): route add -inet6 default 2002:c058:6301::1
add net default: gateway 2002:c058:6301::1
[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(10): ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2002:1815:7e8a:: --> 2001:4860:8005::93
16 bytes from 2001:4860:8005::93, icmp_seq=0 hlim=56 time=39.839 ms
16 bytes from 2001:4860:8005::93, icmp_seq=1 hlim=56 time=38.709 ms
16 bytes from 2001:4860:8005::93, icmp_seq=2 hlim=56 time=38.661 ms
16 bytes from 2001:4860:8005::93, icmp_seq=3 hlim=56 time=39.027 ms
16 bytes from 2001:4860:8005::93, icmp_seq=4 hlim=56 time=38.721 ms
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 38.661/38.991/39.839/0.443 ms

mrhanman · Apr 13, 2012, 10:13 PM

I can corroborate irvingpop's results with the Apr 13th snapshot.

databeestje · Apr 14, 2012, 7:13 AM

I have not yet found the time to debug this yet, it should be adding a new default route. But it isn't

databeestje · Apr 14, 2012, 9:26 AM

Can not replicate on a static IPv4 wan, need to try dhcp later. It does add the static route for me, and the gateways also still exist.

mrhanman · Apr 16, 2012, 4:22 PM

OK, I've got a strange new problem. I updated to today's snaphot, added the ipv6 gateway as default ipv6 route manually, and now my computers can ONLY browse by ipv6 - ipv4 isn't working at all. I can ping either ipv6 or ipv4 addresses from pfSense. It looks like the DHCP server on pfSense may not be handing out the default gateway for ipv4 networks. Once I added the ipv4 default route manually on my windows box, ipv4 worked fine. ::)

EDIT: Looks like I can't connect to the webConfigurator, now. Not sure what's up with that, unless it's not listening on ipv4.

databeestje · Apr 16, 2012, 5:04 PM

I just updated 2 installs with the latest snapshot and i'm not seeing anything like your issues.

May I suggest that your install is hosed? I can't even resemble anything close to your issues.

I did just commit a change that would disable the IPv4 gateway in the DHCP4 server but that is a very specific change that would only bite you if you had no ipv4 gateways at all. Dynamic or otherwise.

databeestje · Apr 16, 2012, 5:37 PM

I managed to get a install online on a public IP with dhcp and I managed to replicate your issue. Seems like a timing issue.

mrhanman · Apr 16, 2012, 5:44 PM

Easily fixed?

databeestje · Apr 16, 2012, 6:25 PM

I think it is now, I changed the default gateway address, as well as configuring the interface before trying to configure routing is generally a good idea.

fixed rc.newwanip and function interface_6to4_configure();

mrhanman · Apr 16, 2012, 7:37 PM

@databeestje:

configuring the interface before trying to configure routing is generally a good idea.

;)

So, just a gitsync, and off to the races?

databeestje · Apr 16, 2012, 8:10 PM

yep, no binary changes required

mrhanman · Apr 17, 2012, 4:27 AM

OK, I just did a gitsync and nothing seems to have changed. I then installed the latest snapshot, which was a few hours newer and did another gitsync. I still have no ipv4 gateway on my PC, and no default ipv6 route on pfSense.

Just to be clear, to do a gitsync, you SSH into the box, hit 12 for pfSense Developer Shell, type 'playback gitsync git://github.com/bsdperimeter/pfsense.git', and hit enter a couple times, right? I also rebooted a few times, just for fun - both the PC and pfSense. Did I miss something?

EDIT: Also, there is only the ipv6 gateway listed under Status -> Gateways. The ipv4 gateway is missing.

EDIT: I tried adding an ipv4 LAN gateway in the GUI, and a strange thing happened. The original ipv4 LAN gateway reappeared, but I couldn't set it as default, and I couldn't get the new LAN gateway to work. I just delelted all the ipv6 settings on the interfaces, and everything is back to normal - minus ipv6 support, of course. Now, I'm going to try to add the settings back. Maybe it'll work this time around.

EDIT: I'm about to reset to defaults. Nothing else has worked.

databeestje · Apr 17, 2012, 5:37 AM

wow, yeah, that sounds horrific, i'm really not sure what has gone wrong but it appears it's thoroughly confused.

The VM I setup for testing has a WAN_DHCP gateway for IPv4 and a WAN_6to4 gateway for ipv6.

Both of those gateways are automatically added by the system during setup. I did start with a clean install of 2.1 which may be the difference.

I had no time to setup a test vm behind it to verify I actually got a v4 gateway on the LAN, but i do see a "routers" line in /var/dhcpd/etc/dhcpd.conf do you have such a line in your dhcpd.conf?

irvingpop · Apr 17, 2012, 5:44 PM

All is working now for me. Both v4 and v6 gateways and routes came up fine at boot. Thanks again!

Using this snapshot: built on Tue Apr 17 06:39:44 EDT 2012

One question. I'm using IPv6 Prefix ID "none". Is that the correct configuration or is it better to assign a prefix ID?

![Screen Shot 2012-04-17 at 10.44.11 AM.png](/public/imported_attachments/1/Screen Shot 2012-04-17 at 10.44.11 AM.png)
![Screen Shot 2012-04-17 at 10.44.11 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-04-17 at 10.44.11 AM.png_thumb)

databeestje · Apr 17, 2012, 6:53 PM

assign something other then "none" and it will get assigned to the LAN interface.

A 6to4 wan has 65535 choices. 0000 to ffff.

irvingpop · Apr 17, 2012, 9:45 PM

Strange, after changing the Prefix ID to 1 (chosen arbitrarily) from none, pfSense could no longer ping the IPv6 gateway (WAN_6TO4) – even after reboot. However, everything else worked (ex. ping6 ipv6.google.com from both pfsense and machines on LAN).

Changing back to none (and reboot) and the WAN_6TO4 gateway is pingable from pfsense again.

mrhanman · Apr 19, 2012, 5:17 AM

I still haven't gotten around to starting over. :-[ Would a "Reset to factory defaults" be just as good, or will that leave something behind?

EDIT: Went ahead and did it and - woohoo! - 6to4 is now working as it should. Must have been all the various versions I've gone through over the last year that messed it up. I still get that error on line 42 at startup, though.

databeestje · Apr 19, 2012, 8:23 AM

I think there might be a corrupt PHP file in /usr/local/pkg from a defunct package.

mrhanman · Apr 20, 2012, 1:59 PM

Is there anyway I can check for what's causing it and remove it? If I'm not mistaken, it did this on the first boot, before I had added any packages.

databeestje · Apr 20, 2012, 2:48 PM

ls -l /usr/local/pkg see if there is a file there that you don't recognize.