Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 tunnel not coming up

    Scheduled Pinned Locked Moved
    IPv6
    1
    4
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grazman
      last edited by

      I followed the guide here: http://doc.pfsense.org/index.php/Using_IPv6_on_2.0

      I setup the GIF, tunnel, allowed the rules in the firewall. The gateway shows up.

      I seem to have a logic issue (running 2.0 release and did a gitsync playback on the git repo in the doc).

      My screens seem to have different options (i.e. lan I have two dropdowns, 1 for ipv4 another for ipv6, not a choice of ipv4+ipv6).

      My OPT1 shows my tunnel (server) address. When I assign the ipv6 address to the LAN and apply it it is successful, but I don't seem to be routing any ipv6. My LAN interface has a different prefix than the OPT1 interface. I have my LAN interface setup with its routed /48 and handing out ipv6 on the lan. I can resolve ipv6 from the desktop, but not from the firewall.

      I do not show the ipv6 tunnel (gateway) as being up, I've allowed the icmp4v packets as described. I tend to think that since I reboot the firewall my ipv6 gateway shows UP momentarily but I have not seen anything in the firewall logs that indicates the tunnel is being blocked.

      I am wondering if the release2.0 and the gitsync has not been proven or used yet. Is there somewhere else I can look to test this? Is there a way to test ipv6 from shell that someone can point me to?

      1 Reply Last reply Reply Quote 0
      • G
        grazman
        last edited by

        I deleted and re-created the gateway, all I see is: Could not find IPv6 gateway for interface(wan).

        It does show "up" for 5-6 seconds, then down. This might just be a cosmetic bug, but I also suspect the message above is also a cosmetic bug or is this valid? Since it's a tunnel and IPv6 is not enabled for WAN why would it do this?

        1 Reply Last reply Reply Quote 0
        • G
          grazman
          last edited by

          If I run a packet capture it shows the packets from the tunnel provider hitting my WAN ipv4 address, but the ICMP says it is unreachable, though the pcap shows the ICMP type as ipv6, which doesn't sound right to me. If I open the wan address to all icmp traffic (ipv4 & ipv6), I can ping the ipv4 wan address from the outside without issue, yet I still get the same

          ICMP Destination unreachable (Port unreachable)

          Message

          It seems to be a firewall issue, yet I followed the examples to the letter with the exception of doing the git playback using the 2.0 release branch, which was recently suggested on this board.

          1 Reply Last reply Reply Quote 0
          • G
            grazman
            last edited by

            OK. So I solved this by deleting my tunnel and assignment with the tunnel broker. I then created a new tunnel and routed assignments, and replaced those in my non-working configuration and they worked. I have to surmise it was something at the other end (tunnelbroker).

            ipv6 gateway came right up, once I changed the ipv6 assignment for LAN/DHCP and refreshed, it all worked.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post