Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN IPv6 with HE.net TunnelBroker

    Scheduled Pinned Locked Moved IPv6
    10 Posts 2 Posters 995 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kamushadenes
      last edited by

      Hello everyone, hope you're staying safe.

      I have two internet links here which provide IPv6 support, but my ISP must have really messed things up because it is unstable to say the least.

      I then decided to resort to HE.net tunnels for both links, and I have set them up following https://docs.netgate.com/pfsense/en/latest/interfaces/using-ipv6-with-a-tunnel-broker.html.

      I then used https://docs.netgate.com/pfsense/en/latest/routing/multi-wan-for-ipv6.html to setup the routing, using the "Alternate Tactics" path of setting up a private subnet on the LAN and setting NPt to both my WANs.

      My config looks like so:

      LAN IPv6 (Static IPv6): fd80:6eb0:95fc::/48

      2020-05-08-1588922780_1139x150_scrot.png

      2020-05-08-1588923125_1146x257_scrot.png 2020-05-08-1588923138_1140x236_scrot.png

      But I get no IPv6 connection (4/20 on https://ipv6-test.com/)

      Can anyone please help me figure out what I'm doing wrong?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @kamushadenes said in Multi-WAN IPv6 with HE.net TunnelBroker:

        /48

        Use a /64

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          kamushadenes
          last edited by

          That didn't worl. I tried setting LAN to /64 and the external on NPt both to the /64 and the /48 prefixes, no avail.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            You should be using fc00::/7 not link local..

            Oh you are - my bad ;) Give me a sec an see if I can set that up here..

            No you are using link-local fe80::/10 - its early need more coffee ;)

            Ugghh - I can't see this morning ;) sorry... Let the coffee kick in and I will set this up here on my /48

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              Ok - works just fine here.

              So I set my lan to use the ula range..
              fd80:80c6:5beb:6b7c::1/64

              Then enable dhcp.. Then setup Npt to convert my local ual to one of the /64 out of my /48

              npt.jpg

              Ran a test, and looks to be working just fine - shows my global address, with the host being the same as my ::2000 address on pc. Yes my browser is set not to want to use ipv6 ;) So that is normal for me.. I could turn it off, but I normally don't run IPv6 on this lan network where my main pc sits... I only turn it on when testing something (like this) heheh

              workingfinejpg.jpg

              For your interfaces - that is what your calling your Tunnel interfaces - you would need to use the tunnel interface, not your normal wan.. See how I am using the henetv6 interface..

              edit: Let me know when you have it working, so I can tear this back down I have no use for it.. Put it back to using GUA out my /48

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • K
                kamushadenes
                last edited by

                @johnpoz said in Multi-WAN IPv6 with HE.net TunnelBroker:

                fd80:80c6:5beb:6b7c::1

                No good =/

                I did the exact same setup as yours, down to the ULA range, but ipv6-test and test-ipv6 both report I don't support IPv6.

                Now, curiously enough, I can ping ipv6.google.com from the same machine

                PING ipv6.google.com(2800:xxx (2800:xxx)) 56 data bytes
                64 bytes from 2800:xxx (2800:xxx): icmp_seq=1 ttl=51 time=261 ms
                64 bytes from 2800:xxx (2800:xxx): icmp_seq=2 ttl=51 time=272 ms
                64 bytes from 2800:xxx (2800:xxx): icmp_seq=3 ttl=51 time=273 ms

                Now I'm lost.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  why and the fuck would you hide googles ipv6 address? ;)

                  are you allowing ipv6 out on tcp?

                  If you have ipv6 connectivity.. You have ipv6 connectivity...

                  that is really high rtt to google ;)

                  Pinging ipv6.l.google.com [2607:f8b0:4009:80d::200e] with 32 bytes of data:
                  Reply from 2607:f8b0:4009:80d::200e: time=27ms
                  Reply from 2607:f8b0:4009:80d::200e: time=20ms
                  Reply from 2607:f8b0:4009:80d::200e: time=28ms

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • K
                    kamushadenes
                    last edited by

                    Akismet was flagging it as spam and not allowing me to post xD

                    I opened everything to and from everything, same results. Tried different browsers and different machines and OSes.

                    Guess I'll revert back to the ISP-provided IPv6. Any tips on making that more reliable?

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      lets see your traceroute - when you try and go to say test

                      Can you ping this address for example

                      ipv6.vm1.test-ipv6.com. 3508 IN AAAA 2001:470:1:18::119

                      $ ping ipv6.vm1.test-ipv6.com

                      Pinging ipv6.vm1.test-ipv6.com [2001:470:1:18::119] with 32 bytes of data:
                      Reply from 2001:470:1:18::119: time=56ms
                      Reply from 2001:470:1:18::119: time=58ms
                      Reply from 2001:470:1:18::119: time=58ms

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • K
                        kamushadenes
                        last edited by kamushadenes

                        Hello, and sorry for the delay.

                        I reverted to using my ISP native IPv6 and fixed the horrible stability issues by settings LAN's MSS to 1440 after reading https://forum.netgate.com/topic/73573/massive-http-ipv6-connectivity-issues and fiddling with values.

                        I kept using NPt, and used /64 on all interfaces.

                        All seem perfect now, including multi-wan load balancing. Thank you for your help.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.