Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Crash when removing IPv6 over IPv4 Tunneling

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 524 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hakujou
      last edited by Hakujou

      Hello,

      I tried to uncheck "IPv6 over IPv4 Tunneling" in settings, but PHP throws an error. I attached the logs : 0_1550172918405_PHP_errors.zip.

      By the way, it doesn't seem to work. With the option checked and the IP properly set in "IPv4 address of Tunnel Peer", the secondary gateway (which has the IP defined in the primary one) doesn't see any incoming traffic on the GIF. I also tried with a manual NAT rule IPv4 protocol 41 to secondary gateway IP, no more luck.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        [14-Feb-2019 20:27:07 Europe/Paris] PHP Fatal error:  Uncaught Error: Cannot unset string offsets in /usr/local/www/system_advanced_network.php:112
        Stack trace:
        #0 {main}
          thrown in /usr/local/www/system_advanced_network.php on line 112
        

        Are you running 2.4.4p2?

        This looks like a known bug that's fixed in 2.4.5 snapshots:
        https://redmine.pfsense.org/issues/9264

        You may want to test one before snaps switch to 2.5.0 (FreeBSD 12) if you can.

        Steve

        1 Reply Last reply Reply Quote 1
        • H
          Hakujou
          last edited by Hakujou

          Oh right, that's exactly my issue, and I'm running 2.4.4p2.
          I'd rather not switch to an unstable version at the moment, so I'll leave it this way until 2.4.5 releases.

          Do you know if, when the option is enabled, it works properly ? I couldn't figure how to pass protocol 41 to an host behind pfSense. Ideally, I'd rather do NAT with source IP (to pass multiple tunnel brokers to different hosts) but I've never been able to do a working GIF tunnel behind the pfSense gateway (either from this option or with a NAT protocol 41).

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            As far as know that should work but it's not something I've ever tried personally.

            As an alternative to moving to the dev branch you could just apply those patches on that ticket using the patches package.
            You may be waiting sometime for that otherwise as there will undoubtedly be numerous things to fix when we move to FreeBSD 12 as base. There may not be a 2.4.5 release.

            Steve

            1 Reply Last reply Reply Quote 0
            • H
              Hakujou
              last edited by

              I might have to try again, then.
              But what's the difference between this option and NAT protocol 41 in the firewall ?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                It does this:

                	/* DIAG: add ipv6 NAT, if requested */
                	if ((isset($config['diag']['ipv6nat']['enable'])) &&
                	    (is_ipaddr($config['diag']['ipv6nat']['ipaddr'])) &&
                	    (is_array($FilterIflist['wan']))) {
                		/* XXX: FIX ME!	 IPV6 */
                		$natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto ipv6 from any to any -> {$config['diag']['ipv6nat']['ipaddr']}\n";
                	}
                

                At least it does once you have applied those patches or are running 2.4.5. Confirmed it's broken in 2.4.4p2.

                So you end up with a redirect rule like:
                rdr on $WAN proto ipv6 from any to any -> 192.168.82.98
                That's something you otherwise can't do in the GUI

                Steve

                1 Reply Last reply Reply Quote 0
                • H
                  Hakujou
                  last edited by

                  I don't see any difference between that rule, and NAT with protocol IPv6 on WAN, to be honest.

                  0_1550310450664_Capture.PNG

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Hmm, I agree.... let me see if I can find out what that's really supposed to be doing. 🤔

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • H
                      Hakujou
                      last edited by

                      Thanks for the help, Steve.

                      I can't get this working properly. Tried with this NAT rule:
                      0_1550324449733_Capture.PNG

                      The secondary gateway (IP 10.10.10.1) doesn't seem to be able to communicate through the GIF tunnel.

                      Also tried with the option discussed above (with patches), no more luck. No byte is going through the tunnel.

                      0_1550324584001_Capture2.PNG

                      Any idea of what's going on ?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.