Multi-WAN IPv6 with HE.net TunnelBroker
-
Hello everyone, hope you're staying safe.
I have two internet links here which provide IPv6 support, but my ISP must have really messed things up because it is unstable to say the least.
I then decided to resort to HE.net tunnels for both links, and I have set them up following https://docs.netgate.com/pfsense/en/latest/interfaces/using-ipv6-with-a-tunnel-broker.html.
I then used https://docs.netgate.com/pfsense/en/latest/routing/multi-wan-for-ipv6.html to setup the routing, using the "Alternate Tactics" path of setting up a private subnet on the LAN and setting NPt to both my WANs.
My config looks like so:
LAN IPv6 (Static IPv6): fd80:6eb0:95fc::/48
But I get no IPv6 connection (4/20 on https://ipv6-test.com/)
Can anyone please help me figure out what I'm doing wrong?
Thank you!
-
-
That didn't worl. I tried setting LAN to /64 and the external on NPt both to the /64 and the /48 prefixes, no avail.
-
You should be using fc00::/7 not link local..
Oh you are - my bad ;) Give me a sec an see if I can set that up here..
No you are using link-local fe80::/10 - its early need more coffee ;)
Ugghh - I can't see this morning ;) sorry... Let the coffee kick in and I will set this up here on my /48
-
Ok - works just fine here.
So I set my lan to use the ula range..
fd80:80c6:5beb:6b7c::1/64Then enable dhcp.. Then setup Npt to convert my local ual to one of the /64 out of my /48
Ran a test, and looks to be working just fine - shows my global address, with the host being the same as my ::2000 address on pc. Yes my browser is set not to want to use ipv6 ;) So that is normal for me.. I could turn it off, but I normally don't run IPv6 on this lan network where my main pc sits... I only turn it on when testing something (like this) heheh
For your interfaces - that is what your calling your Tunnel interfaces - you would need to use the tunnel interface, not your normal wan.. See how I am using the henetv6 interface..
edit: Let me know when you have it working, so I can tear this back down I have no use for it.. Put it back to using GUA out my /48
-
@johnpoz said in Multi-WAN IPv6 with HE.net TunnelBroker:
fd80:80c6:5beb:6b7c::1
No good =/
I did the exact same setup as yours, down to the ULA range, but ipv6-test and test-ipv6 both report I don't support IPv6.
Now, curiously enough, I can ping ipv6.google.com from the same machine
PING ipv6.google.com(2800:xxx (2800:xxx)) 56 data bytes
64 bytes from 2800:xxx (2800:xxx): icmp_seq=1 ttl=51 time=261 ms
64 bytes from 2800:xxx (2800:xxx): icmp_seq=2 ttl=51 time=272 ms
64 bytes from 2800:xxx (2800:xxx): icmp_seq=3 ttl=51 time=273 msNow I'm lost.
-
why and the fuck would you hide googles ipv6 address? ;)
are you allowing ipv6 out on tcp?
If you have ipv6 connectivity.. You have ipv6 connectivity...
that is really high rtt to google ;)
Pinging ipv6.l.google.com [2607:f8b0:4009:80d::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:80d::200e: time=27ms
Reply from 2607:f8b0:4009:80d::200e: time=20ms
Reply from 2607:f8b0:4009:80d::200e: time=28ms -
Akismet was flagging it as spam and not allowing me to post xD
I opened everything to and from everything, same results. Tried different browsers and different machines and OSes.
Guess I'll revert back to the ISP-provided IPv6. Any tips on making that more reliable?
-
lets see your traceroute - when you try and go to say test
Can you ping this address for example
ipv6.vm1.test-ipv6.com. 3508 IN AAAA 2001:470:1:18::119
$ ping ipv6.vm1.test-ipv6.com
Pinging ipv6.vm1.test-ipv6.com [2001:470:1:18::119] with 32 bytes of data:
Reply from 2001:470:1:18::119: time=56ms
Reply from 2001:470:1:18::119: time=58ms
Reply from 2001:470:1:18::119: time=58ms -
Hello, and sorry for the delay.
I reverted to using my ISP native IPv6 and fixed the horrible stability issues by settings LAN's MSS to 1440 after reading https://forum.netgate.com/topic/73573/massive-http-ipv6-connectivity-issues and fiddling with values.
I kept using NPt, and used /64 on all interfaces.
All seem perfect now, including multi-wan load balancing. Thank you for your help.
