Charter 6RD connection not working in latest snaps
-
Hi guys,
I use Charter's 6RD service to get ipv6 connectivity. I'm currently running the Jan 18th snapshot and my ipv6 connectivity is working fine. I usually update my pfsense version about once a week so when I updated near the end of January the 6RD connection didin't work so I rolled back the snapshot (running pfsense in an ESXi VM) and the 6RD connection started working again.
I just updated to the today's (Feb 27th) snapshot and it's still not working. It appears that I get an address from Charter on the WAN interface…I can see it listed in the console and in the GUI but my monitored gateway in the dashboard shows off-line and connectivity tests to test-ipv6.com and to ipv6.google.com both show ipv6 isn't working.
Any idea what might have changed in pfsense to cause this?
-Will
-
Mine hasn't been working since early January either. I'll test new builds occasionally to see if it has been fixed but need a reliable connection so I've disabled IPv6 completely.
-
updated to
March 1stMarch 3rd, and still no luck. Did anyone save the Jan 18 snapshot? -
I have the x86 build from the 22nd in which 6rd still worked.
-
Hi guys,
I wonder if this change:
http://redmine.pfsense.org/projects/pfsense/repository/revisions/a6bc492fecd64a3a9f3b4cc4a003d6761494a694
has anything to do with the problems we all seem to be having.
Might have to edit that file and see.
-Will
-
Hi guys,
Well editing the file as suggested in the previous port did not seem to work.
-Will
-
Not sure if the Jan 23 snapshot worked or not, but this seems to be close to where 6rd started breaking.
-
6rd isn't broken in general. I use it for my production v6 at home, upgrade at least once a week, and it's worked on every version since I first enabled it several months ago. I'm posting this via 6rd on a snapshot from within the past few days. Going to need more than "it's broken" since that's not true.
What does ifconfig look like? What does your v6 routing table on the firewall look like? Host's IPv6 config and routing table? Packet captures on WAN, wan_stf, LAN?
-
My apologies, Charter's 6RD implementation doesn't seem to be working with the current snapshot of pfsense 2.1 last known working snapshot was the Jan 22nd snapshot
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd Border Relay. If you are interested in participating in our early trials and own a device that supports 6RD use this configuration information to begin experiencing the Next Generation Internet:6rd Prefix = 2602
:/32
Border Relay Address = 68.114.165.1
6rd prefix length = 32
IPv4 mask length = 0Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
Version: 2.1-BETA1 (amd64) built on Sun Mar 3 10:04:04 EST 2013
How I setup 6RD:
Followed the above instructions for WAN interface
IPv6 Configuration Type : 6rd Tunnel
6RD prefix : 2602:/32
6RD Border Relay : 68.114.165.1
6RD IPv4 Prefix length : 0 bitsFor the LAN interface:
IPv6 Configuration Type : Track interface
IPv6 Interface : WAN
IPv6 Prefix ID : blankifcongfig output:
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57 inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1 inet6 2602:100:yyyy:xxxx::1 prefixlen 64 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48 inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2 inet 68.184.84.xxx netmask 0xfffffc00 broadcast 255.255.255.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49 media: Ethernet autoselect status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d inet 192.168.2.1 netmask 0xfffffff8 broadcast 192.168.2.7 inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8 nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:14:d1:1b:86:e1 inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15 inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9 nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>) status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280 inet6 2602:100:44b8:5481:: prefixlen 32 nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>netstat -rn output:
Destination Gateway Flags Refs Use Netif Expire default 68.184.84.1 UGS 0 390 em0 8.8.8.8 68.184.84.1 UGHS 0 1231 em0 24.197.160.17 68.184.84.1 UGHS 0 1231 em0 68.114.165.1 68.184.84.1 UGHS 0 0 em0 68.184.84.0/22 link#2 U 0 10290 em0 68.184.84.xxx link#2 UHS 0 0 lo0 127.0.0.1 link#6 UH 0 188 lo0 192.168.1.0/24 link#1 U 0 61038 re0 192.168.1.1 link#1 UHS 0 0 lo0 192.168.2.0/29 link#8 U 0 663 ue0 192.168.2.1 link#8 UHS 0 0 lo0 192.168.10.0/28 link#9 U 0 0 ue1 192.168.10.1 link#9 UHS 0 0 lo0 205.171.2.65 68.184.84.1 UGHS 0 1231 em0 Internet6: Destination Gateway Flags Netif Expire default 2602:100:4472:a501:: UGS wan_stf ::1 ::1 UH lo0 2602:100::/32 link#10 U wan_stf 2602:100:44b8:5481:: link#10 UHS lo0 => 2602:100:44b8:5481::/64 link#1 U re0 2602:100:44b8:5481::1 link#1 UHS lo0 2607:f428:1::5353:1 2602:100:4472:a501:: UGHS wan_stf fe80::%re0/64 link#1 U re0 fe80::1:1%re0 link#1 UHS lo0 fe80::21c:c0ff:fe7f:6457%re0 link#1 UHS lo0 fe80::%em0/64 link#2 U em0 fe80::207:e9ff:fe1f:a948%em0 link#2 UHS lo0 fe80::%lo0/64 link#6 U lo0 fe80::1%lo0 link#6 UHS lo0 fe80::%ue0/64 link#8 U ue0 fe80::250:b6ff:fe0d:389d%ue0 link#8 UHS lo0 fe80::%ue1/64 link#9 U ue1 fe80::214:d1ff:fe1b:86e1%ue1 link#9 UHS lo0 ff01::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff01::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff01::%lo0/32 ::1 U lo0 ff01::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff01::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1 ff02::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff02::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff02::%lo0/32 ::1 U lo0 ff02::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff02::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1Packet Capture is showing nothing for WAN interface IPv6 address family
even though I was getting ping responses from 2607:f428:1::5353:1 and ipv6.google.com directly on the pfsense box. -
That looks sane, what doesn't work if you're getting IPv6 ping responses? Capturing on WAN won't show any v6, it's v4 at that point, but you should see the outside of the tunnel as v4 to 68.114.165.1 from the looks of that. Capturing on wan_stf with tcpdump will show what's on the inside of the 6rd tunnel.
-
@cmb:
That looks sane, what doesn't work if you're getting IPv6 ping responses? Capturing on WAN won't show any v6, it's v4 at that point, but you should see the outside of the tunnel as v4 to 68.114.165.1 from the looks of that. Capturing on wan_stf with tcpdump will show what's on the inside of the 6rd tunnel.
I went back through my notes / log. Seems that I can't read or was completely brain dead as I was not getting ping responses from 2607:f428:1::5353:1 and ipv6.google.com while ssh on the pfsense box. So I reran it again and no ping response from both a ssh session and the web interface even when I try Charter's primary dns (2607:f428:1::5353:1).
-
Ok, open one SSH session to the firewall, 8 to get a command prompt, and run:
tcpdump -ni wan_stf
Then start a ping from the firewall and what do you see there? Then a ping from a LAN host and what does it show?
-
Starting from the beginning to make sure nothing has changed.
ifcongfig output:ifconfig re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57 inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1 inet6 2602:100:xxxx:yyyy::1 prefixlen 64 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48 inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2 inet 68.184.xxx.yyy netmask 0xfffffc00 broadcast 255.255.255.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49 media: Ethernet autoselect status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d inet 192.168.2.1 netmask 0xfffffff8 broadcast 192.168.2.7 inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8 nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:14:d1:1b:86:e1 inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15 inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9 nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>) status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280 inet6 2602:100:xxxx:yyyy:: prefixlen 32 nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>netstat -rn output:
netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 68.184.84.1 UGS 0 2505 em0 8.8.8.8 68.184.84.1 UGHS 0 21921 em0 24.197.160.17 68.184.84.1 UGHS 0 21917 em0 68.114.165.1 68.184.84.1 UGHS 0 0 em0 68.184.84.0/22 link#2 U 0 163548 em0 68.184.xxx.yyy link#2 UHS 0 0 lo0 127.0.0.1 link#6 UH 0 580 lo0 192.168.1.0/24 link#1 U 0 2552332 re0 192.168.1.1 link#1 UHS 0 0 lo0 192.168.2.0/29 link#8 U 0 3420 ue0 192.168.2.1 link#8 UHS 0 0 lo0 192.168.10.0/28 link#9 U 0 44839 ue1 192.168.10.1 link#9 UHS 0 0 lo0 205.171.2.65 68.184.84.1 UGHS 0 21917 em0 Internet6: Destination Gateway Flags Netif Expire default 2602:100:4472:a501:: UGS wan_stf ::1 ::1 UH lo0 2602:100::/32 link#10 U wan_stf 2602:100:xxxx:yyyy:: link#10 UHS lo0 => 2602:100:xxxx:yyyy::/64 link#1 U re0 2602:100:xxxx:yyyy::1 link#1 UHS lo0 2607:f428:1::5353:1 2602:100:4472:a501:: UGHS wan_stf fe80::%re0/64 link#1 U re0 fe80::1:1%re0 link#1 UHS lo0 fe80::21c:c0ff:fe7f:6457%re0 link#1 UHS lo0 fe80::%em0/64 link#2 U em0 fe80::207:e9ff:fe1f:a948%em0 link#2 UHS lo0 fe80::%lo0/64 link#6 U lo0 fe80::1%lo0 link#6 UHS lo0 fe80::%ue0/64 link#8 U ue0 fe80::250:b6ff:fe0d:389d%ue0 link#8 UHS lo0 fe80::%ue1/64 link#9 U ue1 fe80::214:d1ff:fe1b:86e1%ue1 link#9 UHS lo0 ff01::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff01::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff01::%lo0/32 ::1 U lo0 ff01::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff01::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1 ff02::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff02::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff02::%lo0/32 ::1 U lo0 ff02::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff02::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1tcpdumps
tcpdump -nnvvi re0 proto 41 tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 8646 packets received by filter 0 packets dropped by kernel tcpdump -nnvvi em0 proto 41 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 2398 packets received by filter 0 packets dropped by kernel tcpdump -ni wan_stf tcpdump: WARNING: wan_stf: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wan_stf, link-type NULL (BSD loopback), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel/tmp/rules.debug
# Gateways GWWAN_6RD = " route-to ( wan_stf 2602:100:4472:a501:: ) " GWWAN_DHCP = " route-to ( em0 68.184.84.1 ) " # allow our proto 41 traffic from the 6RD border relay in pass in on $WAN proto 41 from 68.114.165.1 to any label "Allow 6in4 traffic in f or 6rd on WAN" pass out on $WAN proto 41 from any to 68.114.165.1 label "Allow 6in4 traffic out for 6rd on WAN" pass in on $WAN inet6 from any to 2602:100:xxxx:yyyy::/32 label "Allow 6rd traff ic in for 6rd on WAN" pass out on $WAN inet6 from 2602:100:xxxx:yyyy::/32 to any label "Allow 6rd traf fic out for 6rd on WAN"radvd.conf
# Automatically Generated, do not edit # Generated for DHCPv6 Server lan interface re0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvLinkMTU 1500; AdvDefaultPreference medium; prefix 2602:100:xxxx:yyyy::/64 { DeprecatePrefix on; }; route ::/0 { RemoveRoute on; }; RDNSS 2602:100:xxxx:yyyy::1 { }; DNSSL localdomain { }; };dhcpdv6.conf
option domain-name "localdomain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 2602:100:xxxx:yyyy::/64 { range6 2602:100:xxxx:yyyy::1000 2602:100:xxxx:yyyy::2000; option dhcp6.name-servers 2602:100:xxxx:yyyy::1; }Edit: since i'm C&P anyways added radvd.conf and dhcpdv6.conf
-
That all looks sane but nothing appears to go over the 6rd. Could we get access to your system? If so, please email me to arrange - cmb at pfsense dot org - with a link to this thread.
-
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
-
@ermal:
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
CMB has access to the box, but yes I'll try tomorrow's snapshot :)
-
After the Tue Mar 19 16:39:04 EDT 2013 build, I did have to go to the Interfaces menu for both the Wan and Lan and hit save and apply for the Ipv6 portion to update. No changes were made to either interfaces.
ifcongfig output:
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57 inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1 inet6 2602:100:44b8:yyyy::1 prefixlen 64 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48 inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2 inet 68.184.84.xxx netmask 0xfffffc00 broadcast 255.255.255.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49 media: Ethernet autoselect status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8 nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:14:d1:1b:86:e1 inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9 inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15 nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>) status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280 inet6 2602:100:44b8:yyyy:: prefixlen 32 nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>netstat -rn output:
netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 68.184.84.1 UGS 0 1671 em0 8.8.8.8 68.184.84.1 UGHS 0 2616 em0 24.197.160.17 68.184.84.1 UGHS 0 2606 em0 68.114.165.1 68.184.84.1 UGHS 0 0 em0 68.184.84.0/22 link#2 U 0 39934 em0 68.184.84.xxx link#2 UHS 0 0 lo0 127.0.0.1 link#6 UH 0 126 lo0 192.168.1.0/24 link#1 U 0 275560 re0 192.168.1.1 link#1 UHS 0 0 lo0 192.168.10.0/28 link#9 U 0 817 ue1 192.168.10.1 link#9 UHS 0 0 lo0 205.171.2.65 68.184.84.1 UGHS 0 2606 em0 Internet6: Destination Gateway Flags Netif Expire default 2602:100:4472:a501:: UGS wan_stf ::1 ::1 UH lo0 2602:100::/32 link#10 U wan_stf 2602:100:44b8:yyyy:: link#10 UHS lo0 => 2602:100:44b8:yyyy::/64 link#1 U re0 2602:100:44b8:yyyy::1 link#1 UHS lo0 fe80::%re0/64 link#1 U re0 fe80::1:1%re0 link#1 UHS lo0 fe80::21c:c0ff:fe7f:6457%re0 link#1 UHS lo0 fe80::%em0/64 link#2 U em0 fe80::207:e9ff:fe1f:a948%em0 link#2 UHS lo0 fe80::%lo0/64 link#6 U lo0 fe80::1%lo0 link#6 UHS lo0 fe80::%ue0/64 link#8 U ue0 fe80::250:b6ff:fe0d:389d%ue0 link#8 UHS lo0 fe80::%ue1/64 link#9 U ue1 fe80::214:d1ff:fe1b:86e1%ue1 link#9 UHS lo0 ff01::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff01::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff01::%lo0/32 ::1 U lo0 ff01::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff01::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1 ff02::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff02::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff02::%lo0/32 ::1 U lo0 ff02::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff02::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1tcpdumps:
tcpdump -nnvvi re0 proto 41 tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 2020 packets received by filter 0 packets dropped by kernel tcpdump -nnvvi em0 proto 41 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 1802 packets received by filter 0 packets dropped by kernel tcpdump -ni wan_stf tcpdump: WARNING: wan_stf: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wan_stf, link-type NULL (BSD loopback), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel/tmp/rules.debug
#System aliases loopback = "{ lo0 }" WAN = "{ em0 wan_stf }" LAN = "{ re0 }" WLAN = "{ ue1 }" PHONEDMZ = "{ ue0 }" # Gateways GWWAN_6RD = " route-to ( wan_stf 2602:100:4472:a501:: ) " GWWAN_DHCP = " route-to ( em0 68.184.84.1 ) " # IPv6 ICMP is not auxilary, it is required for operation # See man icmp6(4) # 1 unreach Destination unreachable # 2 toobig Packet too big # 128 echoreq Echo service request # xxx echorep Echo service reply # 133 routersol Router solicitation # 134 routeradv Router advertisement # 135 neighbrsol Neighbor solicitation # 136 neighbradv Neighbor advertisement pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state # Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {xxx,133,134,135,136} keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {xxx,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state # We use the mighty pf, we cannot be fooled. block quick inet proto { tcp, udp } from any port = 0 to any block quick inet proto { tcp, udp } from any to any port = 0 block quick inet6 proto { tcp, udp } from any port = 0 to any block quick inet6 proto { tcp, udp } from any to any port = 0 # loopback pass in on $loopback inet all label "pass IPv4 loopback" pass out on $loopback inet all label "pass IPv4 loopback" pass in on $loopback inet6 all label "pass IPv6 loopback" pass out on $loopback inet6 all label "pass IPv6 loopback" # let out anything from the firewall host itself and decrypted IPsec traffic pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself" pass out route-to ( em0 68.184.84.1 ) from 68.184.84.xxx to !68.184.84.0/22 keep state allow-opts label "let out anything from firewall host itself" pass out route-to ( wan_stf 2602:100:4472:a501:: ) inet6 from 2602:100:44b8:yyyy:: to !2602:100:44b8:yyyy::/64 keep state allow-opts label "let out anything from firewall host itself" # make sure the user cannot lock himself out of the webConfigurator or SSH pass in quick on re0 proto tcp from any to (re0) port { 443 22 } keep state label "anti-lockout rule"radvd.conf :
# Automatically Generated, do not edit # Generated for DHCPv6 Server lan interface re0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvLinkMTU 1500; AdvDefaultPreference medium; prefix 2602:100:44b8:5481::/64 { DeprecatePrefix on; }; route ::/0 { RemoveRoute on; }; RDNSS 2602:100:44b8:5481::1 { }; DNSSL localdomain { }; };dhcpdv6.conf :
option domain-name "localdomain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 2602:100:44b8:5481::/64 { range6 2602:100:44b8:5481::1000 2602:100:44b8:5481::2000; option dhcp6.name-servers 2602:100:44b8:5481::1; } -
What have you configured as your 6rd border ipv4 gateway?
-
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd Border Relay. If you are interested in participating in our early trials and own a device that supports 6RD use this configuration information to begin experiencing the Next Generation Internet:6rd Prefix = 2602
:/32
Border Relay Address = 68.114.165.1
6rd prefix length = 32
IPv4 mask length = 0Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
-
Can you try issuing these commands until it works:
1- route add -inet6 default 260244b8:yyyy::1
Check if it works
2 - ifconfig wan_stf inet6 260244b8:yyyy:0::1/32
Check if it works
3 - route add -inet6 default 260244b8:yyyy::68.114.165.1
Check if it works
