IPv6 routing



  • I, know you don't support it and that everything is under the hood in FreeBSD, but I'm looking for someone like me interested to make a IPv6 tunnel to by routed, or more gateway through pfSense…

    So far I'm able to connect my tunnel from the shell of pfSense and I able to ping IPv6 address. What I need to do now if configure rtadvd and start it. Everywhere I look we have to modify the rc.conf to make that thing work, but as you know pfSense doesn't have a rc.conf, so I'm looking to start this from the shell... I don't mind starting my tunnel manually, maybe some day I will start it with a script.

    Here is what I do to start the tunnel and make it work in pfSense assuming this
        * 10.10.10.10 - Your IP address, most likely that of your gateway. It's the address your ISP gives you. This IP address will be one end of the tunnel.
        * 10.20.20.20 - The address of your tunnel broker's server. This will be the other end of the tunnel.
        * 2001:0DB8:0:8002:EAF - The IPv6 address assigned to your end of the tunnel.
        * 2001:0DB8:0:8002:EAE - The IPv6 address of the other end of the tunnel.
        * 2001:0DB8:0:8002:F00:: - Your prefix allocation, provided by your tunnel broker.

    ifconfig gif0 create
    ifconfig gif0 tunnel 10.10.10.10 10.20.20.20
    ifconfig gif0 inet6 2001:0DB8:0:8002:EAF 2001:0DB8:0:8002:EAE prefixlen 128
    route -n add -inet6 default 2001:0DB8:0:8002:EAE 
    ifconfig gif0 up
    

    Ideally that would go into the rc.conf like this

    ipv6_enable="YES"
    gif_interfaces="gif0"
    gifconfig_gif0="10.10.10.10 10.20.20.20"
    ipv6_ifconfig_gif0="2001:0DB8:0:8002:EAF 2001:0DB8:0:8002:EAE prefixlen 128"
    

    Now all that need to be started is rtadvd to advertise the lan of the IPv6 gateway, so my lan workstations can get IPv6 address in the /64 range that my brooker allocate me.

    Source of information: http://www.freebsddiary.org/ipv6.php



  • I just found that beta version 1.3 of m0n0wall just add support for IPv6-in-IPv4 tunnels on WAN (for use with tunnel brokers). I don't know if they added the Router Advertisement Daemon too, but hey, their website is accessible in IPv6… I'll take a look this weekend...



  • A quick test during lunch tio show that m0n0wall 1.3b doesn't even boot my actual generic pc, that run pfSense … Bummer, I tested it on VMWare and yes there is place to configure the IPv6 Tunnel in the WAN configuration, than you have the option to enable radvd on the LAN and this actually works pretty well, all my test IPv6 clients Workstation got their IPv6 address within the range instantly ...Since my VMWare test was behind a router that doesn't support IPv6-to-IPv4 Protocol 41 (the test was conducted at work) I could not test actual connectivity to my broker, but I was gettin a reply from m0n0 then nothing obviously blocked by the work router.

    If m0n0 did it, it should be very hard to port their setup into pfSense...

    MageMinds


Log in to reply