MultiWAN IPv6 using SIXXS
-
I've succesfully set up 2.1-RELEASE using two pppoe WAN links and load balancing for IPv4 using this guide: https://doc.pfsense.org/index.php/Multi-WAN_2.0
Now I'm trying to setup two SIXXS tunnel and load balancing for IPv6 using those guides:
https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker
https://doc.pfsense.org/index.php/Multi-WAN_for_IPv6My problem is, that only one my v6 gateways is reachable. After I setup up the first tunnel, the first gateway was working. After setting up the second tunnel (and the second gateway as default) the second gateway was working, but the first was unreachable.
I've set up the whole box from scratch two times and always have the same behaviour (only one v6 gateway working, but not always the same).
I've already patched the interfaces.inc (missing "/" for prefixlen on gif interfaces).
My last step was to capture the traffic on all involved interfaces while pinging both gateway directly from pfsense ssh console and now I'm totally confused. I see my ICMPv6 packets encapsulated in v4 packets on the corresponding pppoe interfaces ans also the replies from the gateway. The ICMPv6 requests are also visible on both gif interfaces but the replies are only visible on one gif interface.
#tcpdump -n -i pppoe0 host 78.35.24.124 or host 212.224.0.188 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pppoe0, link-type NULL (BSD loopback), capture size 96 bytes 12:51:04.509909 IP 93.220.xx.xx > 78.35.24.124: IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 19470, length 24 12:51:04.540057 IP 78.35.24.124 > 93.220.xx.xx: IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 19470, length 24 12:51:05.522582 IP 93.220.xx.xx > 78.35.24.124: IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 19726, length 24 12:51:05.553248 IP 78.35.24.124 > 93.220.xx.xx: IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 19726, length 24 12:51:06.534635 IP 93.220.xx.xx > 78.35.24.124: IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 19982, length 24 12:51:06.564812 IP 78.35.24.124 > 93.220.xx.xx: IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 19982, length 24 12:51:06.594756 IP 78.35.24.124 > 93.220.xx.xx: IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo request, seq 3969, length 988 12:51:06.594890 IP 93.220.xx.xx > 78.35.24.124: IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo reply, seq 3969, length 988
#tcpdump -n -i pppoe1 host 78.35.24.124 or host 212.224.0.188 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pppoe1, link-type NULL (BSD loopback), capture size 96 bytes 12:51:04.509744 IP 62.226.xx.xx > 212.224.0.188: IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 59914, length 24 12:51:04.539208 IP 212.224.0.188 > 62.226.xx.xx: IP6 2001:6f8:900:10da::1 > 2001:6f8:900:10da::2: ICMP6, echo reply, seq 59914, length 24 12:51:05.522416 IP 62.226.xx.xx > 212.224.0.188: IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 60170, length 24 12:51:05.552192 IP 212.224.0.188 > 62.226.xx.xx: IP6 2001:6f8:900:10da::1 > 2001:6f8:900:10da::2: ICMP6, echo reply, seq 60170, length 24 12:51:06.534465 IP 62.226.xx.xx > 212.224.0.188: IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 60426, length 24 12:51:06.546602 IP 62.226.xx.xx > 212.224.0.188: IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, neighbor solicitation, who has 2001:6f8:900:10da::1, length 24 12:51:06.564419 IP 212.224.0.188 > 62.226.xx.xx: IP6 2001:6f8:900:10da::1 > 2001:6f8:900:10da::2: ICMP6, echo reply, seq 60426, length 24 12:51:06.576261 IP 212.224.0.188 > 62.226.xx.xx: IP6 2001:6f8:900:10da::1 > 2001:6f8:900:10da::2: ICMP6, neighbor advertisement, tgt is 2001:6f8:900:10da::1, length 24
#tcpdump -n -i gif0 tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 12:51:05.522569 IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 19726, length 24 12:51:05.553266 IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 19726, length 24 12:51:06.534624 IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 19982, length 24 12:51:06.564826 IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 19982, length 24 12:51:06.594769 IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo request, seq 3969, length 988 12:51:06.594875 IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo reply, seq 3969, length 988 12:51:07.547113 IP6 2001:4dd0:ff00:12a9::2 > 2001:4dd0:ff00:12a9::1: ICMP6, echo request, seq 20238, length 24 12:51:07.577503 IP6 2001:4dd0:ff00:12a9::1 > 2001:4dd0:ff00:12a9::2: ICMP6, echo reply, seq 20238, length 24
#tcpdump -n -i gif1 tcpdump: WARNING: gif1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif1, link-type NULL (BSD loopback), capture size 96 bytes 12:51:05.522385 IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 60170, length 24 12:51:06.534446 IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 60426, length 24 12:51:06.546581 IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, neighbor solicitation, who has 2001:6f8:900:10da::1, length 24 12:51:07.546931 IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, echo request, seq 60682, length 24 12:51:07.559631 IP6 2001:6f8:900:10da::2 > 2001:6f8:900:10da::1: ICMP6, neighbor solicitation, who has 2001:6f8:900:10da::1, length 24
#netstat -nr Internet6: Destination Gateway Flags Netif Expire default 2001:6f8:900:10da::1 UGS gif1 ::1 ::1 UH lo0 2001:6f8:900:10da::/64 link#14 U gif1 2001:6f8:900:10da::2 link#14 UHS lo0 2001:4dd0:ff00:12a9::/64 link#13 U gif0 2001:4dd0:ff00:12a9::2 link#13 UHS lo0 ff01::%pppoe0/32 fe80::222:4dff:fea4:ec30%pppoe0 U pppoe0 ff01::%pppoe1/32 fe80::222:4dff:fea4:ec30%pppoe1 U pppoe1 ff01::%gif0/32 fe80::222:4dff:fea4:ec30%gif0 U gif0 ff01::%gif1/32 fe80::222:4dff:fea4:ec30%gif1 U gif1 ff02::%pppoe0/32 fe80::222:4dff:fea4:ec30%pppoe0 U pppoe0 ff02::%pppoe1/32 fe80::222:4dff:fea4:ec30%pppoe1 U pppoe1 ff02::%gif0/32 fe80::222:4dff:fea4:ec30%gif0 U gif0 ff02::%gif1/32 fe80::222:4dff:fea4:ec30%gif1 U gif1
#pfctl -sr | grep gif scrub on gif0 all fragment reassemble scrub on gif1 all fragment reassemble block drop in log quick on gif0 from <bogons>to any label "block bogon IPv4 networks from SIXXS" block drop in log quick on gif0 from <bogonsv6>to any label "block bogon IPv6 networks from SIXXS" block drop in on ! gif0 inet6 from 2001:4dd0:ff00:12a9::/64 to any block drop in on gif0 inet6 from fe80::222:4dff:fea4:ec30 to any block drop in log quick on gif0 inet from 10.0.0.0/8 to any label "Block private networks from SIXXS block 10/8" block drop in log quick on gif0 inet from 127.0.0.0/8 to any label "Block private networks from SIXXS block 127/8" block drop in log quick on gif0 inet from 100.64.0.0/10 to any label "Block private networks from SIXXS block 100.64/10" block drop in log quick on gif0 inet from 172.16.0.0/12 to any label "Block private networks from SIXXS block 172.16/12" block drop in log quick on gif0 inet from 192.168.0.0/16 to any label "Block private networks from SIXXS block 192.168/16" block drop in log quick on gif0 inet6 from fc00::/7 to any label "Block ULA networks from SIXXS block fc00::/7" block drop in log quick on gif1 from <bogons>to any label "block bogon IPv4 networks from SIXXS2" block drop in log quick on gif1 from <bogonsv6>to any label "block bogon IPv6 networks from SIXXS2" block drop in on ! gif1 inet6 from 2001:6f8:900:10da::/64 to any block drop in on gif1 inet6 from fe80::222:4dff:fea4:ec30 to any block drop in log quick on gif1 inet from 10.0.0.0/8 to any label "Block private networks from SIXXS2 block 10/8" block drop in log quick on gif1 inet from 127.0.0.0/8 to any label "Block private networks from SIXXS2 block 127/8" block drop in log quick on gif1 inet from 100.64.0.0/10 to any label "Block private networks from SIXXS2 block 100.64/10" block drop in log quick on gif1 inet from 172.16.0.0/12 to any label "Block private networks from SIXXS2 block 172.16/12" block drop in log quick on gif1 inet from 192.168.0.0/16 to any label "Block private networks from SIXXS2 block 192.168/16" block drop in log quick on gif1 inet6 from fc00::/7 to any label "Block ULA networks from SIXXS2 block fc00::/7" pass out route-to (gif0 2001:4dd0:ff00:12a9::1) inet6 from 2001:4dd0:ff00:12a9::2 to ! 2001:4dd0:ff00:12a9::/64 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out route-to (gif1 2001:6f8:900:10da::1) inet6 from 2001:6f8:900:10da::2 to ! 2001:6f8:900:10da::/64 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass in quick on em1_vlan1 route-to (gif0 2001:4dd0:ff00:12a9::1) inet6 from 2001:4dd0:xxxx:xxxx::/64 to any flags S/SA keep state label "USER_RULE: Default allow LAN IPv6 to any rule" pass in quick on em1_vlan13 route-to (gif0 2001:4dd0:ff00:12a9::1) inet6 all flags S/SA keep state label "USER_RULE" pass in log quick on gif0 inet proto icmp all keep state label "USER_RULE" pass in log quick on gif0 inet6 proto ipv6-icmp all keep state label "USER_RULE" pass in log quick on gif1 inet proto icmp all keep state label "USER_RULE" pass in log quick on gif1 inet6 proto ipv6-icmp all keep state label "USER_RULE"</bogonsv6></bogons></bogonsv6></bogons>
-
Were you ever able to solve this? I just ran into the same problems with 2 GIF tunnels to HE.net terminated on different WAN interfaces (Cable/DSL). Only one gateway is seen as up.
-
Unfortunately not, I'm still having only one of my IPv6 Tunnels working.
-
Did you try the latest snapshots of 2.1.1 they have fixes for this situation.
-
I tried with
2.1.1-PRERELEASE (i386)
built on Sat Mar 1 03:30:07 EST 2014
FreeBSD 8.3-RELEASE-p14Thanks for the info, I am going to try a newer one soon when I find the time.
-
Maybe this topic should be moved to the 2.1.1 forum.
I have now tried with:
2.1.1-PRERELEASE (i386) built on Sat Mar 8 11:52:39 EST 2014 FreeBSD 8.3-RELEASE-p14
Setup an additional HE.net tunnel on my second WAN interface. Still only one tunnel works. The problem is still that answers from the IPv6 gateway at HE.net are getting lost somewhere between the WAN and GIF interface.
tcpdump on the WAN interface looks good:
tcpdump -s1600 -nvvi em1 host 216.66.80.30 tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1600 bytes 06:50:42.600454 IP (tos 0x0, ttl 30, id 60399, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22711 06:50:42.616693 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 22711 06:50:43.603969 IP (tos 0x0, ttl 30, id 44264, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22967 06:50:43.620818 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 22967 06:50:44.610546 IP (tos 0x0, ttl 30, id 40805, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23223 06:50:44.626985 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 23223 06:50:45.572646 IP (tos 0x0, ttl 30, id 33608, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:45.585132 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is 2001:470:****:****::1, Flags [router, solicited] 06:50:45.623895 IP (tos 0x0, ttl 30, id 58383, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23479 06:50:45.639155 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 23479 06:50:46.572674 IP (tos 0x0, ttl 30, id 59642, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:46.585204 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is 2001:470:****:****::1, Flags [router, solicited] 06:50:46.633658 IP (tos 0x0, ttl 30, id 44540, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23735 06:50:46.649263 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 23735 06:50:47.572683 IP (tos 0x0, ttl 30, id 56542, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:47.585437 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is 2001:470:****:****::1, Flags [router, solicited] 06:50:47.640561 IP (tos 0x0, ttl 30, id 42701, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23991 06:50:47.657396 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 23991 06:50:48.654155 IP (tos 0x0, ttl 30, id 20255, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 24247 06:50:48.669570 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 24247 06:50:49.660724 IP (tos 0x0, ttl 30, id 10954, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 24503 06:50:49.675878 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 24503 06:50:50.670905 IP (tos 0x0, ttl 30, id 16076, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 24759 06:50:50.685841 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 24759 06:50:51.678833 IP (tos 0x0, ttl 30, id 41390, offset 0, flags [none], proto IPv6 (41), length 84) 5.146.32.147 > 216.66.80.30: IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 25015 06:50:51.695959 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto IPv6 (41), length 84) 216.66.80.30 > 5.146.32.147: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::1 > 2001:470:****:****::2: [icmp6 sum ok] ICMP6, echo reply, length 24, seq 25015
tcpdump on the GIF interface is missing all the answer packets from HE.net:
tcpdump -s1600 -nvvi gif0 tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: listening on gif0, link-type NULL (BSD loopback), capture size 1600 bytes 06:50:40.580377 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22199 06:50:41.590159 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22455 06:50:42.600240 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22711 06:50:43.603689 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 22967 06:50:44.610307 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23223 06:50:45.572301 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:45.623676 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23479 06:50:46.572297 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:46.633439 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23735 06:50:47.572317 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:470:****:****::1 06:50:47.640302 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 23991 06:50:48.653890 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 24247 06:50:49.660500 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 24) 2001:470:****:****::2 > 2001:470:****:****::1: [icmp6 sum ok] ICMP6, echo request, length 24, seq 24503
-
I'm wondering if your issue and mine (last post in particular) are one in the same. I haven't tried the 2.1.1 snapshots yet, though.
-
At least both problems are suffering from packets not going where they are supposed to ;) Ermal should take a look at this. Meanwhile I have found a dirty workaround to use 2 IPv6 gateways. If you can work with static IPv6 IPs and an IPv6 enabled router, you can Hide-NAT your IPv6 LAN net behind the secondary IPv6 gateway's address. Outgoing NAT works when you use IPv6 aliases. I originally tried this here: https://forum.pfsense.org/index.php?topic=73693.0 and now I use it on my secondary IPv6 connection.
I do not recommend this though, because nobody would expect you doing NAT on v6 and it might break things.
But it's the only way I found to make IPv6 MulitWAN actually work at all.- 2 tunnels don't work
- using DHCPv6 with a delegated prefix on WAN2 won't work, the prefix is lost after approx. an hour. And even if it weren't lost I could not find any way to dynamically Npt the delegated prefix to my LAN net. It would require manual intervention everytime the delegated net changes.
- 2 IPv6 routers in the same net distributing global addresses should be the solution (at least that's what I learned on a conference 2 years ago), but while Windows 7 has no problem with multiple IPv6 default gws through routers using different priorities, Ubuntu has. I have read Debian works but have not tried. So that is no option either. Have not tried iOS oder OSX though, just gave up on that because the Linux boxes are a showstopper.
Has anyone found a better way to make IPv6 Multi WAN work with partly or fully dynamic IPv6 nets?
-
Normally you have to use NAT for this.
It is very dependant and error prone to change prefixes like that on failure.
That is because definition of failure is very vague.Also presently there is no way you can follow(track6) 2 different WANs in pfSense.