Multi-Wan IPV6
-
Just playing devils advocate here. What is IPv6 getting you actually - is there some resource(s) that is only available via ipv6? Since your having a problem with your failover solution, wouldn't it just be easier solution to just not use ipv6.
While we all agree ipv6 is the future, and yeah its kewl and slick and all. Seems to me you have highlighted one of the many pitfalls that comes with trying to run dualstack. So unless you can state an actual use case that requires your ipv6 connectivity. Wouldn't the simple solution to guess something that happens now and then and not once in a blue moon.
-
Thanks for the replies.
@Derelict - I've actually done as suggested, two load balanced gateway groups (1 ipv4, 1 ipv6). My HE.NET tunnel works....but getting pfsense to use it when my primary IPV6 is down isn't going to plan...my guess is that the NPt isn't working correctly.
I'll admit my IPV6 knowledge isn't amazing, I've only recently started dabbling in it. When that NPt rule is enabled, I get stacks of errors along these lines -
There were error(s) loading the rules: /tmp/rules.debug:78: syntax error - The line in question reads [78]: binat on $HENETV6 inet6 from to any ->@johnpoz I know what you mean, I think it's just something new to learn from my point of view. Something to say I've done and works....doesn't really serve me a great purpose, but more of a nice to have and a nice to play with.
-
Ok if your just playing with it - GREAT!... Are your users complaining? If not or you don't mind then yeah take the opportunity to learn for sure.. Derelicts solution would be the way I would do it if needed to do something like this.
Or just use the HE tunnel through both connections, and let the tunnel move over to your other isp when/if the first isp fails.
This removes the need to do any Npt.. Since your clients will always just have your HE network and your just taking using different path to setup the tunnel over the other ISP when the first ISP goes down. You might need to have the tunnel updated to reflect your different source IP.
https://forums.he.net/index.php?topic=1994.0
-
@crucialguy said in Multi-Wan IPV6:
/tmp/rules.debug:78: syntax error - The line in question reads [78]: binat on $HENETV6 inet6 from to any ->
Well that certainly doesn't look right. What did you put for the NPt settings?
-
cheers @johnpoz - that's a good call actually, a much cleaner way of achiving what I'm trying to do.
I'm not worried about users, this is on a lab setup at the moment - so I can play around to my hearts content.
-
@derelict - so on my rule It's following interface 'WAN2' which doesn't have IPV6. The first address/profiix is what my ISP has allocated me and I distribute to my LAN clients
The destination prefix is my routable one from HE.net....if that's right. As I said, my IPV6 knoweldge is in the early days so please bear with me!
Attached is a screen grab...(I've probably made a basic mistake somewhere)
https://ibb.co/jisjky -
You would need two policy-routing gateway groups and rule sets. one for IPv4 and one for IPv6.
IPv4
WAN Tier 1
WAN2 Tier 2IPv6
WAN Tier 1
HENET Tier 2Then you would policy route IPv4 to the IPv4 gateway group and IPv6 to the IPv6 gateway group.
/tmp/rules.debug:78: syntax error - The line in question reads [78]: binat on $HENETV6 inet6 from to any ->
None of that has anything to do with that broken rule you posted however. What is in the NPt settings for that?
-
@derelict my NPt rule is here -
https://ibb.co/jisjky
I've got the two policy-routing groups setup, it's just the NPt routing which is stopping it from working I think.
-
The interface should not be WAN2. The interface should be the HE.NET tunnel.
Sorry missed the external link to the image. You can just post them locally so they're easier to see.
-
@derelict doh'
I knew it would be something as dumb as that! Jeez.
Thanks a lot to everyone for your help.
it works now :) !!
