Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense as HE Tunnel Router

    IPv6
    2
    3
    726
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomah
      last edited by

      Dear forum members,

      I'd like to use pfSense as central router and IPv6 router in my home network. I already tried a lot but I never got it to work as expected.
      My current network setup:
      DSL-Line with ipv4 connected to an AVM fritzbox router. Since I'm also using VOIP on it, it has to connected directly to the DSL line.
      Connected is a smart switch which is distributing the internet connection to my kvm host and other clients.
      KVM host is connected via a power line and an additional (stupid) switch (+ desktop, printer etc) Not sure if this is important.
      On the kvm host, a debian vm is acting as HE ipv6 tunnel router and providing static IPv6 to my clients (With SLAAC).
      This setup is fully functional.

      My goal:
      I'd like to replace the debian vm with a pfSense vm acting as single IPv4 and IPv6 router to the whole network.
      Therefor I created a vlan to transport the pure Internet connection from the fritzbox to the pfSense VM.
      Using the uptodate version of pfSense, I was able to provide IPv4 to the rest of the network. IPv6 was installed following the guide from
      https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
      Gateway is up, I can ping IPv6 hosts from the pfSense vm.
      SLAAC is also working so my clients receive an IP and they can even ping IPv6 hosts in the internet.

      But no webtraffic is working… (timeout in browser)

      What I already tested:

      • replacing the vm with an old laptop to avoid problems with kvm and the virtualized setup.
      • using no vlans for setup, connected the laptop directly to the fritzbox
      • switching of the firewall in pfSense
      • playing around with the MTU values at the pfSense and HE side

      but I was never successful :-(

      l'd be very happy for any suggestions on how to get IPv6 work in my network.

      Many thanks in advance

      tomah

      PS: It's my first post here in the forum, I hope I included all needed informations
      PPS: I know it's a double NAT setup for IPv4

      1 Reply Last reply Reply Quote 0
      • junicastJ
        junicast
        last edited by

        Hi,

        just trying to get this right. Everything except HTTP is working or everything is NOT working but ping?

        It's a little bit hard to tell what might be the problem remotely. It might be something wrong with the routing. Could you please include you routing table of the pfsense. I suggest to censor the third chapter of the IPv6 prefix just to be safe :-)
        Do a tcpdump on the firewall and have a look if maybe the firewall is sending some ICMPv6 messages to your LAN host that that maybe the destination is not reachable.

        I have experimented a lot with such setups and I can tell that running IPv6 tunnels is not hassle free. Especially with those tunnels he.net offers you either need a static IPv4 address or you have to rely on some dynamic DNS methods. Second of all you obviously DNAT IPv4 tunnel packages to your pfSense, since it establishes the tunneled connection, right?

        I strongly suggest to get native IPv6 connectivity. I can see how such a static prefix handed out by HE might look appealing but for me everything works a lot better eversince I ordered a business VDSL connection with no regular disconnects, 1 static IPv4 address and a static /48 prefix. Sadly there's no way for me to set reverse DNS entries for my prefix but that's the only downside I have to live with.
        My provider also hands out Fritz Boxes which I don't like. I replaced those with a dedicated VSDL Modem (Vigor 130) and got me SIP from someone else. Your problems sound very German btw.

        1 Reply Last reply Reply Quote 0
        • T
          tomah
          last edited by

          Hi pmisch,

          thanks a lot for your reply!

          Only ping is (was) working, nothing else. I did not dig into routing issues because ping was working. If ICMP packages are routed correctly, I assume correct routing tables.
          I was already looking into the tcpdump on the firewall, I'm not an expert in reading this traffic but I did not see any problems here.

          Over the xmas days I had some time to review my whole network, and I found a really embarrassing fault. I 've had an additional network interface activ on my server I 've never used and used the same IPv4 address for pfSense. After disabling this interface pfSense is now working as expected. Still testing everything, but this post goes already over the pfSense VM.

          Nevertheless thank you again for replying!

          Btw: What does sounds german? My english or my problem? ;-) But yes, you nailed it…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post