Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 6to4?

    Scheduled Pinned Locked Moved IPv6
    10 Posts 4 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      Transeau
      last edited by

      Hello,

      With my Apple AEBS, I am able to leave the IPv6 tunnel set to "Automatic" and my LAN will have ipv6 access.  I'm assuming this is via Charter's 6to4 gateway. (Please correct me if I'm wrong)

      Is there any way to have pfSense do the same?  I'm using the current 2.1-Dev and I'm able to configure an HE tunnel, but the 2mbps throughput is pretty limiting, given that I have 60/5 through Charter.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • D Offline
        databeestje
        last edited by

        You must be terminated on a very unlucky PoP of hurricane electric. They have no speed limits set for their IPv6 tunnels.

        At home I can do about 30 via the tunnel and 40 native v4. So 2 sounds like a possible issue on the terminal server you are located on.

        One of the most frequent issue is that some ISPs have poor peering with Hurricane Electric for IPv4. You might be able to find a terminal server closer by with a lower latency which directly reflects the amount of bandwidth available.

        I have not investigated 6to4 support. It's also deprecated by the ietf, meaning that it should not be added to cpe devices at this point.

        1 Reply Last reply Reply Quote 0
        • T Offline
          Transeau
          last edited by

          Interesting.

          My ping response to HE is 9ms and I'm only 7 hops to the server.
          My router is an Atom D510 1.6Ghz dual core, 4GB with Intel NIC's.
          Can you think of anything I should be looking at?

          Thanks Again.

          1 Reply Last reply Reply Quote 0
          • D Offline
            databeestje
            last edited by

            The d510 is good for atleast 200 mbit. Nothing offhandnoffhand. Try a different pop or send a question to ipv6@he.net.

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              My HE tunnel does OK, I see between 7 and 10Mbps down and normally a bit less than 1Mbps up – and everything I read says they do not throttle, etc.

              Native ipv4 I see sustained values of around 16Mbps and 2Mbps up, speedboost shows more like 25Mbps and 4Mbps..

              Im in chicago so use the chicago tunnel, but they do not peer with comcast so my tunnel ends up going through NY before getting back to Chicago ;) heheh I see around 40 to 44ms to the tunnel endpoint.

              It works for what I am doing with ipv6 which is just playing, but I could see how lower bandwidth could cause people some grief.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              1 Reply Last reply Reply Quote 0
              • T Offline
                tebeve
                last edited by

                @johnpoz:

                My HE tunnel does OK, I see between 7 and 10Mbps down and normally a bit less than 1Mbps up – and everything I read says they do not throttle, etc.

                Native ipv4 I see sustained values of around 16Mbps and 2Mbps up, speedboost shows more like 25Mbps and 4Mbps..

                Im in chicago so use the chicago tunnel, but they do not peer with comcast so my tunnel ends up going through NY before getting back to Chicago ;) heheh I see around 40 to 44ms to the tunnel endpoint.

                It works for what I am doing with ipv6 which is just playing, but I could see how lower bandwidth could cause people some grief.

                John, I think you and I are on the same HE CHI tunnel (I'm just about 3 hours southwest of Chicago) and I also have Comcast. Down here from comcast I usually get 30Mbps down and ~1Mbps up… I had my connection pegged at 30Mbps via IPv6 the other day for well over an hour downloading ISO's from freebsd.org.

                I thought I just had a straight hop to chicago... would be typical comcast to bounce you to NY first tho.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  I have never seen my ipv6 tunnel get more than like 11Mbps down on test sites, I should prob grab a large iso from ftp or something for a better test.

                  As to comcast hoping to New York, yeah something comcast would do for sure ;)  But not something that makes any sense at all if you ask me ;)

                  I keep toying with just changing my tunnel to the new york one to remove a hop, until such time that comcast either peers with HE or I get native connectivity..

                  Here is a trace to the chicago HE tunnel endpoint from my connection, how does yours look?

                  traceroute to tserv9.chi1.ipv6.he.net (209.51.181.2), 30 hops max, 60 byte packets
                  1  pfsense.local.lan (192.168.1.253)  1.838 ms  1.750 ms  1.700 ms
                  2  c-24-13-176-1.hsd1.il.comcast.net (24.13.176.1)  12.224 ms  16.532 ms  16.621 ms
                  3  te-1-2-ur08.mtprospect.il.chicago.comcast.net (68.85.131.153)  11.130 ms  11.941 ms  11.861 ms
                  4  68.86.187.193 (68.86.187.193)  12.992 ms  18.556 ms  18.475 ms
                  5  pos-3-10-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.93.181)  17.551 ms  17.507 ms  18.116 ms
                  6  pos-1-6-0-0-pe01.350ecermak.il.ibone.comcast.net (68.86.87.130)  17.581 ms  12.611 ms  17.919 ms
                  7  208.178.58.61 (208.178.58.61)  16.588 ms  13.761 ms  13.957 ms
                  8  HURRICANE-ELECTRIC-LLC-New-York.TenGigabitEthernet1-3.ar5.NYC1.gblx.net (64.209.92.98)  37.521 ms  38.730 ms  41.057 ms
                  9  10gigabitethernet8-3.core1.chi1.he.net (72.52.92.178)  37.542 ms  37.786 ms  38.804 ms
                  10  tserv9.chi1.ipv6.he.net (209.51.181.2)  39.982 ms  39.942 ms  37.151 ms

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • T Offline
                    tebeve
                    last edited by

                    Go get yourself an ISO off of freebsd.org, amazingly fast! (I thought I had some screenshots of it around here, as up until then, I'd never seen my v6 traffic graph work so hard!)

                    as to the IL -> NY -> CHI hop… yep, I get an almost identical traceroute...

                    traceroute to tserv9.chi1.ipv6.he.net (209.51.181.2), 30 hops max, 60 byte packets
                     1  firewall.xxxxxxxxx.net (10.10.0.1)  0.222 ms  0.186 ms  0.160 ms
                     2  c-98-212-78-1.hsd1.il.comcast.net (98.212.78.1)  10.381 ms  17.966 ms  37.926 ms
                     3  68.85.178.141 (68.85.178.141)  17.920 ms  17.859 ms  17.835 ms
                     4  te-3-2-ur04.peoria.il.chicago.comcast.net (68.87.211.145)  18.634 ms  18.615 ms  18.593 ms
                     5  te-1-3-0-7-ar01.elmhurst.il.chicago.comcast.net (68.85.177.81)  27.660 ms  27.613 ms  27.591 ms
                     6  pos-0-0-0-0-ar01.area4.il.chicago.comcast.net (68.87.230.233)  27.785 ms  27.213 ms  27.173 ms
                     7  pos-3-10-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.93.181)  26.898 ms  19.453 ms  23.704 ms
                     8  pos-1-0-0-0-pe01.350ecermak.il.ibone.comcast.net (68.86.86.34)  25.563 ms  25.683 ms  25.663 ms
                     9  208.178.58.73 (208.178.58.73)  23.586 ms  23.577 ms  23.555 ms
                    10  HURRICANE-ELECTRIC-LLC-New-York.TenGigabitEthernet1-3.ar5.NYC1.gblx.net (64.209.92.98)  46.168 ms  46.128 ms  46.101 ms
                    11  10gigabitethernet8-3.core1.chi1.he.net (72.52.92.178)  49.307 ms  49.270 ms  49.258 ms
                    12  tserv9.chi1.ipv6.he.net (209.51.181.2)  45.760 ms  45.734 ms  45.631 ms
                    
                    

                    here here to native on Comcast… SOONER rather than later!

                    EDIT: Well, not quite identical… I have to first go to chicago, so I can get sent to NY, to be sent back! bah!

                    1 Reply Last reply Reply Quote 0
                    • T Offline
                      Transeau
                      last edited by

                      After doing more research Charter provides info for setting up a "6rd relay".  Is this supported by 2.1?

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        databeestje
                        last edited by

                        I have no access to those either. So that's a bit hard.

                        6rd is a rather specific type of rollout which I don't think will be widely supported in the feature. Free.fr does have a huge deployment but needs to renumber before they actually give clients native Ipv6.

                        I sent a message to the support list detailing that you can now configure DHCP6 on your WAN interface of choice, either dynamic, static or pppoe.
                        It should basically work. I tested on a lab setup with a Cisco 1811 PPPoE server with DHCP6 Server, similar to what Comcast uses for their native deployments.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.