Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HE Tunnelbroker HA configuration

    Scheduled Pinned Locked Moved IPv6
    1 Posts 1 Posters 333 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rob_denver
      last edited by

      Re: IPv6 HE Tunelbroker Tunnels in a pfSense HA availability configuration

      The above is the only reference I could find to using tunnelbroker in a HA setting. I have two pfSense VMs running in a Proxmox cluster that are configured for HA and CARP failover. Both firewalls have a VLAN connection to a cable modem that is NAT'd with a DMZ to the shared CARP VIP xxx.xxx.xxx.2.

      It turns out the solution is actually pretty simple (at least in latest pfSense - not sure about the version in use back in 2020). All I had to do was set up the identical GIF tunnel on both firewalls and set the parent interface to the CARP VIP. This causes the VM that is in backup mode to be unable to connect to the GIF tunnel because it doesn't control the VIP. As soon as the firewall becomes master it begins communicating with Tunnelbroker and after about a minute the packet loss on the gateway goes away and the interface is up for routing.

      I also have my IPV6 gateways in a gateway group so that the GIF tunnel is Tier 1 and the native IPV6 of the firewall (from the cable modem) is Tier 2. This ensures that the firewall is able to continue communicating when it is in standby mode.

      I now have full IPv6 redundancy against hardware failure of one node.

      Hope this helps someone in the same situation.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.