6rd support added

survive

Hi puithove,

Best I can tell you is to be patient, I've been waiting for a year and a half.

I just hope it gets fixed so there's enough time using it that fixing it was even worthwhile.

That said, based on what I've read in the 2.2 forums here: https://forum.pfsense.org/index.php?topic=78078.msg425758#msg425758

Most of the "problems" lately are non-issues or temporary issues with snapshots. There are a couple more features we're waiting to integrate/test and then it is clear to progress to Beta, so … it's difficult to say. For some, it might be OK now, for most, perhaps not quite yet. If it works, it'll keep working, but if you obsessively track snapshots, maybe not.

6RD might be fixed, might not. Bums me out....

-Will

Burg3rMak3r

FYI, added a bounty for this issue:
https://forum.pfsense.org/index.php?topic=78216.0

I have the same ISP as 2 users in this thread, hopefully someone picks this up now ;)

Pertan

Still doesn't work in snapshot 2.2-BETA (amd64) built on Sun Oct 12 11:15:43 CDT 2014 FreeBSD 10.1-RC2.

eri--

You can try the latest snapshots.

https://redmine.pfsense.org/issues/2882 Just check that you have a default gw.
The default gw will be fixed ASAP.

cmb

Confirmed this works now. Probably be the first snapshot on the 20th that includes all the changes. Being on a snapshot from the 19th plus a gitsync to master will also fix.

Pertan

@cmb:

Confirmed this works now. Probably be the first snapshot on the 20th that includes all the changes. Being on a snapshot from the 19th plus a gitsync to master will also fix.

Running Nov 19 08:31:57 CST 2014 build and it did not work until I gitsynced it and now it works. Thanks :)

Edit: Gateway still shows as offline though, but I can ping outside addresses.

Your readiness score: 10/10 @ http://test-ipv6.com

cmb

Put a monitor IP in for the gateway that'll actually reply (such as Google's public DNS 2001:4860:4860::8888), the 6rd gateway generally won't reply, which is why it shows offline.

jjstecchino

6rd working for me now. using centurylink/qwest. What was the problem?

jjstecchino

Is 6rd broken again? I noticed on latest snapshot 6rd is not working anymore.

jjstecchino

I think around late November to make it work I had to gitsync to master. I suppose the latest snapshots are built from master. Am I correct or do I still need to gitsync?
I really enjoyed having working 6rd and IPV6 connectivity and I would love to have it working again.

On interface status, WAN gets:

IPv6 address	2602:47:3004:c800::	 
Subnet mask IPv6	24
Gateway IPv6	2602:cdab:240::

LAN set to track wan gets:

IPv6 address	2602:47:3004:c800::1	 
Subnet mask IPv6	64

IPV6 Routing table:

::1	link#11	UH	0	16384	lo0
2602::/24	link#13	U	0	1280	wan_stf
2602:47:3004:c800::	link#13	UHS	0	16384	lo0
2602:47:3004:c800::/64	link#6	U	4713	1500	sk1
2602:47:3004:c800::1	link#6	UHS	0	16384	lo0
fe80::%sk0/64	link#5	U	0	1500	sk0
fe80::290:7fff:fe3c:52bd%sk0	link#5	UHS	0	16384	lo0
fe80::%sk1/64	link#6	U	787	1500	sk1
fe80::1:1%sk1	link#6	UHS	0	16384	lo0
fe80::%sk3/64	link#8	U	0	1500	sk3
fe80::290:7fff:fe3c:52ba%sk3	link#8	UHS	0	16384	lo0
fe80::%lo0/64	link#11	U	0	16384	lo0
fe80::1%lo0	link#11	UHS	0	16384	lo0
fe80::%ovpns1/64	link#14	U	0	1500	ovpns1
fe80::290:7fff:fe3c:52c1%ovpns1	link#14	UHS	0	16384	lo0
ff01::%sk0/32	fe80::290:7fff:fe3c:52bd%sk0	U	0	1500	sk0
ff01::%sk1/32	fe80::1:1%sk1	U	0	1500	sk1
ff01::%sk3/32	fe80::290:7fff:fe3c:52ba%sk3	U	0	1500	sk3
ff01::%lo0/32	::1	U	0	16384	lo0
ff01::%ovpns1/32	fe80::290:7fff:fe3c:52c1%ovpns1	U	0	1500	ovpns1
ff02::%sk0/32	fe80::290:7fff:fe3c:52bd%sk0	U	0	1500	sk0
ff02::%sk1/32	fe80::1:1%sk1	U	3	1500	sk1
ff02::%sk3/32	fe80::290:7fff:fe3c:52ba%sk3	U	0	1500	sk3
ff02::%lo0/32	::1	U	0	16384	lo0
ff02::%ovpns1/32	fe80::290:7fff:fe3c:52c1%ovpns1	U	0	1500	ovpns1

Is it missing a default gateway?

Please be patient with me as I am learning IPV6 and I may be doing something wrong. With the exception of the routing tabe which I have no way to compare to the previous working setup, interfaces seem to get the same addresses as the previous working setup as my dynamic IPV4 has not changed since (It is dynamic but the same ipv4 address tends to stick for months at the time). Your IPV6 on 6rd is calculated based to your IPV4 right?

Also how do you check if wan_stf is passing traffic?

cmb

It still works, no need to gitsync. Make sure your 6rd gateway is marked as default for v6 under System>Routing.

jjstecchino

WAN_6RD gateway already marked as default in system->routing, however I do not see any gateway marked as default in the routing table. Still I have still no traffic routed after a fresh reinstall. I used centurylink/quest 6RD with 2602::/24 prefix, 205.171.2.64 border relay and 0 prefix length as per centurylink docs (this worked previously). LAN is set to track wan. Clients on the network get IPV6 addresses in the 2602:47:3004:c800:: range, can ping6 LAN ipv6 address, can't ping anything past pfsense an address. WAN_6RD shows offline (setup to ping google ipv6 dns). From pfsense shell can ping a plan client, cannot ping google dns -> no route to host.  Do you see anything abnormal in my routing table? I did not add or remove any routes. Have 2 pfsense boxes with carp both with same problem.

jjstecchino

As additional info, I do not see a ::0 route or a default gateway in the routing table.

Looking at the logs I found this:

php-fpm[71649]: /system_gateways.php: The command '/sbin/route change -inet6 default '2602:cdab:240::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2602:cdab:240:: fib 0: Network is unreachable'

So my box is unable to add a default route for IPV6.

I double checked my 6RD configuration and it appears correct for Centurylink/quest which is my isp

Any suggestion or any further test I can do?

eri--

Can you provide an ifconfig output?
Also your config.xml for this WAN configuration?

jjstecchino

Here you go…. and thank you for looking at it.

/root: ifconfig
msk0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=c011a <txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate>ether 00:90:7f:3c:52:c1
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
msk1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=c011a <txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate>ether 00:90:7f:3c:52:c0
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
msk2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=c011a <txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate>ether 00:90:7f:3c:52:bf
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
msk3: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=c011a <txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate>ether 00:90:7f:3c:52:be
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
sk0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=8000b <rxcsum,txcsum,vlan_mtu,linkstate>ether 00:90:7f:3c:52:bd
        inet6 fe80::290:7fff:fe3c:52bd%sk0 prefixlen 64 scopeid 0x5
        inet 71.48.4.200 netmask 0xfffff800 broadcast 71.48.7.255
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
sk1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=8000b <rxcsum,txcsum,vlan_mtu,linkstate>ether 00:90:7f:3c:52:bc
        inet 192.168.100.252 netmask 0xffffff00 broadcast 192.168.100.255
        inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255 vhid 1
        inet6 fe80::1:1%sk1 prefixlen 64 duplicated scopeid 0x6
        inet6 2602:47:3004:c800::1 prefixlen 64
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        carp: BACKUP vhid 1 advbase 1 advskew 100
sk2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:90:7f:3c:52:bb
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (none)
        status: no carrier
sk3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=8000b <rxcsum,txcsum,vlan_mtu,linkstate>ether 00:90:7f:3c:52:ba
        inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255
        inet6 fe80::290:7fff:fe3c:52ba%sk3 prefixlen 64 scopeid 0x8
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
pflog0: flags=100 <promisc>metric 0 mtu 33172
pfsync0: flags=41 <up,running>metric 0 mtu 1500
        pfsync: syncdev: sk3 syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
        nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21 <performnud,auto_linklocal>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::290:7fff:fe3c:52c1%ovpns1 prefixlen 64 scopeid 0xe
        inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffffff
        nd6 options=21 <performnud,auto_linklocal>Opened by PID 91717
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::290:7fff:fe3c:52c1%ovpns2 prefixlen 64 scopeid 0xf
        inet 192.168.150.1 --> 192.168.150.2 netmask 0xffffffff
        nd6 options=21 <performnud,auto_linklocal>Opened by PID 93991
wan_stf: flags=4001 <up,link2>metric 0 mtu 1280
        inet6 2602:47:3004:c800:: prefixlen 24
        nd6 options=1 <performnud>v4net 71.48.4.200/32 -> tv4br 205.171.2.64</performnud></up,link2></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,vlan_mtu,linkstate></broadcast,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate></broadcast,simplex,multicast></performnud,auto_linklocal></txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate></broadcast,simplex,multicast></performnud,auto_linklocal></txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate></broadcast,simplex,multicast></performnud,auto_linklocal></txcsum,vlan_mtu,vlan_hwtagging,tso4,vlan_hwtso,linkstate></broadcast,simplex,multicast> 

               <wan><enable><if>sk0</if>
                        <blockpriv><blockbogons><alias-address><alias-subnet>32</alias-subnet>
                        <spoofmac><ipaddr>dhcp</ipaddr>
                        <dhcphostname><dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
                        <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced></adv_dhcp_config_advanced>
                        <adv_dhcp_config_file_override></adv_dhcp_config_file_override>
                        <adv_dhcp_config_file_override_path><ipaddrv6>6rd</ipaddrv6>
                        <prefix-6rd>2602::/24</prefix-6rd>
                        <prefix-6rd-v4plen>0</prefix-6rd-v4plen>
                        <gateway-6rd>205.171.2.64</gateway-6rd></adv_dhcp_config_file_override_path></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></dhcphostname></spoofmac></alias-address></blockbogons></blockpriv></enable></wan> 

jjstecchino

Anybody willing to lend a helping hand?

eri--

This seems ok.
Probably something else wrong in your config.

jjstecchino

Ermal, could you try to point me toward the right direction?
This was a fresh install to a watchguard firebox x-750-e.
I see this in the System log if I save and apply changes on Wan interface:

php-fpm[63614]: /rc.newwanip: rc.newwanip: Info: starting on sk0.
Dec 17 09:56:00	php-fpm[63614]: /rc.newwanip: rc.newwanip: on (IP address: 71.51.251.64) (interface: WAN[wan]) (real interface: sk0).
Dec 17 09:56:01	php-fpm[63614]: /rc.newwanip: rd6 lan with ipv6 address 2602:47:33fb:4000::1 based on wan ipv4 71.51.251.64
Dec 17 09:56:01	kernel: stf0: changing name to 'wan_stf'
Dec 17 09:56:01	php-fpm[60185]: /rc.filter_synchronize: Filter sync successfully completed with http://10.10.10.2:80.
Dec 17 09:56:01	php-fpm[63209]: /interfaces.php: ROUTING: setting default route to 71.51.248.1
Dec 17 09:56:01	php-fpm[63209]: /interfaces.php: ROUTING: setting IPv6 default route to 2602:cdab:240::
Dec 17 09:56:01	php-fpm[63209]: /interfaces.php: The command '/sbin/route change -inet6 default '2602:cdab:240::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2602:cdab:240:: fib 0: Network is unreachable'
Dec 17 09:56:03	php-fpm[63614]: /rc.newwanip: ROUTING: setting default route to 71.51.248.1
Dec 17 09:56:03	php-fpm[63614]: /rc.newwanip: ROUTING: setting IPv6 default route to 2602:cdab:240::
Dec 17 09:56:03	php-fpm[63614]: /rc.newwanip: The command '/sbin/route change -inet6 default '2602:cdab:240::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2602:cdab:240:: fib 0: Network is unreachable'

Is that the route creation fails because wan_stf is not passing ipv6 traffic?

How can I troubleshoot wan_stf?

Thanks for looking at this

eri--

Yes that is the issue.
Which version of pfSense is this ?

jjstecchino

2.2 RC Dec 17 snapshot.
Retried fresh install, removed carp, just in case it was messing up things, turned off backup pfsense box. running plain vanilla box now. wanstf still not passing traffic. all the config seems ok to me so I dont understand. The centurylink 6rd gateway does not respond to ping by their choice so there is no way to see if it is alive but I would be surprised if it is not (google search would have turned up at least some complaints and it has not).I then updated firmware of the dsl bridge just in case but still no go. The dsl modem is a bridge working below level 3 so it shouldn't matter anyway.

Next step I guess it would be to set up a freebsd or linux vm with 2 interfaces and try to setup a link from the command line. Any suggestion before I do that?