No traffic gets past HE ipv6 tunnel
-
@toskium said in No traffic gets past HE ipv6 tunnel:
different monitoring IP though
I've use one of my own servers to ping-reply for dpinger.
Using the console / SSH access, option 8, you can ping6 to some host ?
-
i have pppoe and he.net myself, to make it work for me I had to set mtu to 1472 and mss to 1440 on the gif interface
on tunnelbroker.net the mtu is set to 1472 -
Same thing here :
Although my WAN is connected to my ISP router, I know this routers is doing pppoe on the ADSL side.
edit : and yes, on the he.net side MTU is set to 1472.
-
@Gertjan @kiokoman
I tried what you just suggested, unfortunately no change in the behaviour.
I can't even ping the tunnel server ipv6 endpoint address even though the tunnel is up.
In theory I would need to be able to ping the ipv6 tunnel server address from my pfsense when selecting the HE tunnel interface. -
but the tunnel show it's up, can you ping from pfsense that 2001:470:6c ::1 and ::2 ?
-
@kiokoman I can ping myself -> ::2 but I can not ping the tunnel end at HE with -> ::1.
I am mystified :-) -
If you can't ping6 the remote part of the tunnel, the he.net POP, the one ending with ::1 then I advise you to use ping6 with some parameters, like :
ping6 -I gif0 2001:470:1f12:5c0::1To force it to use the correct interface.
You can get the interface name with
ifconfigBtw : starts to looks like a routing issue.
You have no IPv6 activated on your WAN_DHCP and WAN2_PPPOE as these are IPv4 only (are they ?).
-
ping6 -I gif0 -c 3 2001...works fine. So the tunnel by itself is working.
what I do not yet understand is why that doesn't work from the GUI diagnostic ping when I specifically set the interface to the HE gif0 interface. In theory it should deliver the same result.
WAN:
WAN2:
I do not see any other ipv6 related interfaces in the whole config.
-
This post is deleted! -
That's the current ipv6 routing table:
Destination Gateway Flags Use Mtu Netif Expire default 2001:470:6c:aaaa::1 UGS 151 1500 gif0 ::1 link#19 UH 1747 16384 lo0 2001:470:20::2 2001:470:6c:aaaa::1 UGHS 0 1500 gif0 2001:470:6c:aaaa::1 link#43 UH 23260 1280 gif0 2001:470:6c:aaaa::2 link#43 UHS 6 16384 lo0 2001:470:6d:aaaa::/64 link#32 U 6249 1500 lagg0.4088 2001:470:6d:aaaa::1 link#32 UHS 0 16384 lo0 2001:4860:4860::8888 2001:470:6c:aaaa::1 UGHS 0 1500 gif0 fe80::%igb0/64 link#1 U 0 1500 igb0 fe80::8261:5fff:fe04:ea3f%igb0 link#1 UHS 0 16384 lo0 fe80::%lo0/64 link#19 U 0 16384 lo0 fe80::1%lo0 link#19 UHS 0 16384 lo0 fe80::%lagg0/64 link#23 U 0 1500 lagg0 fe80::208:a2ff:fe11:5f66%lagg0 link#23 UHS 0 16384 lo0 fe80::%igb0.7/64 link#24 U 0 1500 igb0.7 fe80::8261:5fff:fe04:ea3f%igb0.7 link#24 UHS 0 16384 lo0 fe80::%lagg0.4081/64 link#25 U 0 1500 lagg0.4081 fe80::208:a2ff:fe11:5f66%lagg0.4081 link#25 UHS 0 16384 lo0 fe80::%lagg0.4082/64 link#26 U 21 1500 lagg0.4082 fe80::208:a2ff:fe11:5f66%lagg0.4082 link#26 UHS 0 16384 lo0 fe80::%lagg0.4083/64 link#27 U 0 1500 lagg0.4083 fe80::208:a2ff:fe11:5f66%lagg0.4083 link#27 UHS 0 16384 lo0 fe80::%lagg0.4084/64 link#28 U 0 1500 lagg0.4084 fe80::208:a2ff:fe11:5f66%lagg0.4084 link#28 UHS 0 16384 lo0 fe80::%lagg0.4085/64 link#29 U 0 1500 lagg0.4085 fe80::208:a2ff:fe11:5f66%lagg0.4085 link#29 UHS 0 16384 lo0 fe80::%lagg0.4086/64 link#30 U 0 1500 lagg0.4086 fe80::208:a2ff:fe11:5f66%lagg0.4086 link#30 UHS 0 16384 lo0 fe80::%lagg0.4087/64 link#31 U 0 1500 lagg0.4087 fe80::208:a2ff:fe11:5f66%lagg0.4087 link#31 UHS 0 16384 lo0 fe80::%lagg0.4088/64 link#32 U 619 1500 lagg0.4088 fe80::208:a2ff:fe11:5f66%lagg0.4088 link#32 UHS 0 16384 lo0 fe80::%lagg0.4000/64 link#33 U 0 1500 lagg0.4000 fe80::208:a2ff:fe11:5f66%lagg0.4000 link#33 UHS 0 16384 lo0 fe80::%lagg0.20/64 link#34 U 0 1500 lagg0.20 fe80::208:a2ff:fe11:5f66%lagg0.20 link#34 UHS 0 16384 lo0 fe80::%lagg0.30/64 link#35 U 0 1500 lagg0.30 fe80::208:a2ff:fe11:5f66%lagg0.30 link#35 UHS 0 16384 lo0 fe80::%lagg0.40/64 link#36 U 0 1500 lagg0.40 fe80::208:a2ff:fe11:5f66%lagg0.40 link#36 UHS 0 16384 lo0 fe80::%lagg0.50/64 link#37 U 0 1500 lagg0.50 fe80::208:a2ff:fe11:5f66%lagg0.50 link#37 UHS 0 16384 lo0 fe80::%lagg0.60/64 link#38 U 0 1500 lagg0.60 fe80::208:a2ff:fe11:5f66%lagg0.60 link#38 UHS 0 16384 lo0 fe80::%lagg0.70/64 link#39 U 0 1500 lagg0.70 fe80::208:a2ff:fe11:5f66%lagg0.70 link#39 UHS 0 16384 lo0 fe80::%lagg0.80/64 link#40 U 0 1500 lagg0.80 fe80::208:a2ff:fe11:5f66%lagg0.80 link#40 UHS 0 16384 lo0 fe80::%lagg0.90/64 link#41 U 0 1500 lagg0.90 fe80::208:a2ff:fe11:5f66%lagg0.90 link#41 UHS 0 16384 lo0 fe80::%pppoe0/64 link#42 U 0 1492 pppoe0 fe80::208:a2ff:fe11:5f66%pppoe0 link#42 UHS 0 16384 lo0 fe80::%gif0/64 link#43 U 0 1500 gif0 fe80::8261:5fff:fe04:ea3f%gif0 link#43 UHS 0 16384 lo0for better readability:
-
@toskium said in No traffic gets past HE ipv6 tunnel:
2001:470:20::2
what is it? ^
and why do you have google dns there ?ah i see it's he net dns
-
@kiokoman this comes from my general DNS settings, the howto on docs.netgate.com stated to add google DNS servers in System > General Setup like so:
-
but i don't have any dns server on my routing table (i'm also using the /48 from he net)
Internet6: Destination Gateway Flags Netif Expire default 2001:470:25:xxx::1 UGS gif0 ::1 link#4 UH lo0 2001:470:25:xxx::1 link#9 UH gif0 2001:470:25:xxx::2 link#9 UHS lo0 2001:470:26:xxx::/64 link#2 U em1 2001:470:26:xxx::1 link#2 UHS lo0 2001:470:b4e1:xxx::/64 link#3 U em2 2001:470:b4e1:xxx::1 link#3 UHS lo0 fe80::%em0/64 link#1 U em0 fe80::5054:ff:fe3d:64cc%em0 link#1 UHS lo0 fe80::%em1/64 link#2 U em1 fe80::5054:ff:fe91:db46%em1 link#2 UHS lo0 fe80::%em2/64 link#3 U em2 fe80::5054:ff:fe27:556a%em2 link#3 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 fe80::%em1.10/64 link#8 U em1.10 fe80::5054:ff:fe91:db46%em1.10 link#8 UHS lo0 fe80::%gif0/64 link#9 U gif0 fe80::6097:dd62:2e35:991d%gif0 link#9 UHS lo0 fe80::6097:dd62:2e35:991d%ovpnc1 link#10 UHS lo0 -
@kiokoman fair enough, but how did they end up there? (I guess that's a rhetorical question...)
Removing them from System > General Setup does not purge them from the routing table.Edit:
okay, restarting the gif0 interface purges them. It seems like they are added to the routing table when being entered in System > General Setup as a DNS server.Now that I am able to ping the ipv6 address of the tunnel server over at HE (2001:470:....::1) using:
ping6 -I gif0 2001...I should also be able to ping other ipv6 hosts, but I can't. For instance ipv6.google.com
ping6 -I gif0 2a00:1450:4005:803::200eleads to 100% package loss
-
manually delete it
route -6 del 2001:470:20::2 2001:470:6c:aaaa::1
route -6 del 2001:4860:4860::8888 2001:470:6c:aaaa::1
ok sorry i'm at work, i was too late on answeringi think you have discovered a bug there ^ ...
i have one of my pfsense with a route that appear at boot out of nowhere, i have setup an earlyshellscript to remove everytime that offending route, since 2.4.4-p3
https://forum.netgate.com/topic/147254/lost-ipv6-connectivity-from-one-interface -
Discovering bugs is fine :-) where can I report that properly so it has a chance of being fixed?
-
https://redmine.pfsense.org
-
@toskium said in No traffic gets past HE ipv6 tunnel:
@kiokoman this comes from my general DNS settings, the howto on docs.netgate.com stated to add google DNS servers in System > General Setup like so:
A bug, maybe -I'll add some @home and see what happens.
Why did you add all these DNS servers ?
You are aware that you don't need them ?? The resolver, out of the box is close to perfect. [ and then people start forwarding because ... / [ we never know why ] /..... and things go downhill ]edit :
When I add these :
...the IPv6 of the DNS of he.net, I wind up seeing this :
in the routing table.
Which doesn't look 'wrong' to me, as 2001:470:20::2 should be reached over the interface gif0 = he.net = my (their) 2001:470:1f12:5xx::1edit : and my IPv6 still works ....
-
because i use bind on another server and not unbound nor forwarder for example ^^
-
@Gertjan I added the DNS servers because the howto says so.
