IPv6 over IPv4 Tunneling
-
maybe i remember wrong couse i had done something similar long time ago, now i configure a new vm and check for you.
-
@kiokoman said in IPv6 over IPv4 Tunneling:
maybe i remember wrong couse i had done something similar long time ago, now i configure a new vm and check for you.
And I have tried making my own NAT rules to forward the IPV6 protocol from HE endpoint to my WAN redirect to internal IP but it does nothing. But I don't know what is broken with my pfsense from these errors I am getting and I do not want to reboot it right now.
-
here it is
you need to put the vm ip inside
sorry for the late reply, i had to do it in my office because at home i have only a notebook with virtualbox that does not do bridge with my wireless card -
@kiokoman said in IPv6 over IPv4 Tunneling:
here it is
you need to put the vm ip inside
sorry for the late reply, i had to do it in my office because at home i have only a notebook with virtualbox that does not do bridge with my wireless cardThanks for the confirmation. That's how I originally had it configured.
What firewall rules did you add?
This still doesn't help me as any config changes on that Advanced - Networking page result in the error I posted above. Something is broken in pfsense. How do I report this?
I worked around the issue by creating a cron job to ping out the tunnel every 5 minutes. This keeps the NAT/Firewall states alive.
-
Hi,
So I saw your thread and let me say pfSense TunnelBroker configuration is pretty straightforward had it working in 10 minutes. - https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
Secondly you don't need to select the option "Enable IPv6 over IPv4 tunnelling" - that is wrong, that IP there (on the screenshot) is wrong.Stick to the documentation. Follow the steps and you'll have it working pronto. If you are configuring things out of your hat because you "feel it" ... that's how it breaks, you have a bunch of settings that have no place here, thus doesn't work.
- Create a GIF Interface, parent interface WAN, configure with the information provided by HE.
- Assign the GIF interface and enable it, set as default.
- Configure LAN and DHCPv6 / RA
- Add traffic rules
BTW it doesn't say so in the docs, but pfSense created the GATEWAY automatically for WAN IPv6, so just confirm you're all set.
Instead of Manual NAT, select HYBRID, and its easy as eating cake. Have fun.
EDIT (after reading other replies more carefully): if you are trying to configure the IPv6 termination on your VM, then you have no business to configure anything on the pfSense but the IPv6 tunnelling AND firewall rules for IPv6 protocol, and then just configure everything else on the VM.
-
@maverickws
that was my first suggestion.
you need to read the conversation, that is a valid tutorial if you end the tunnel to the pfsense machine, he need to transport it out of the pfsense and inside a virtual machine. he does not want ipv6 to be managed by pfsense.@Bun-Bun
i had opened all the port for the test
If you have php errors, that is not normal. I suggest you start over with a clean pfsense installation -
@kiokoman yes you are right I did not read it through and after I did more carefully I added an edit for it.
Anyway in that regard the IPv6 over IPv4 tunnelling is OK, but still firewall rules to allow protocol 41 traffic must be added, otherwise won't work.
It's not enough to just select that option (the enable tunnelling). -
@maverickws said in IPv6 over IPv4 Tunneling:
@kiokoman yes you are right I did not read it through and after I did more carefully I added an edit for it.
Anyway in that regard the IPv6 over IPv4 tunnelling is OK, but still firewall rules to allow protocol 41 traffic must be added, otherwise won't work.
It's not enough to just select that option (the enable tunnelling).I've enabled the option and added all the firewall rules that I can think of as I explained in my first post. And the one rule I made does match the state that gets created but after it times out I lose connectivity until I start communicating from my end again. Telling me the inbound NAT isn't working.
And see the error I am getting in the first post.
As long as I ping out from my end, the states get configured and stay alive and it works. It's just frustrating that the documented feature isn't working.
-
You don't need to configure NAT for this.
The rule you need is a Pass on the WAN interface (Firewall > Rules > WAN), I believe allow any to any or any to host and on protocol (not address family) you select IPv6 I think that's it.
-
@maverickws said in IPv6 over IPv4 Tunneling:
You don't need to configure NAT for this.
The rule you need is a Pass on the WAN interface (Firewall > Rules > WAN), I believe allow any to any or any to host and on protocol (not address family) you select IPv6 I think that's it.
Yes, I did that. Protocol IPv4 IPV6 Source any Destination (tried any or my VM IP) and this rule does match the state that is created when I ping out. But still after it times out incoming connections are dropped and don't show up in firewall logs. So it's inbound NAT that isn't working and I suspect it has to do with that error I'm getting in the original post.