[SOLVED] Tunnel Online but Not Routing to outside IPv6 Sites

  • After hours and hours of configuring, trying to figure out what was the matter with my IPv6 tunnel… why it was not routing my traffic outside my own IPv6 LAN I finally figured it out. I am posting this here for other newbies because I didn't see this included in any of the PFsense IPv6 setup guides. My tunnel now works 100% and I can browse every IPv6 address and it's quick. I am using a free Hurricane Electric tunnel. Don't also forget to configure IPv6 DNS from Hurricane Electric, your tunnel broker of choice or OpenDNS servers located at: http://www.opendns.com/ipv6/

    There is one more step you have to complete after you get your tunnel online and IPv6 DHCP server working: You have to add a route to "all global IPv6 addresses".

    Step 1. Go to System Drop down at the top of the Webadmin
    Step 2. Click "Routing".
    Step 3. Click on "Routes".
    Step 4: Add a new rout by clicking the "+" button.
    Step 5: Under "Destination Network" type in: "2000::" exactly without the quotes. Then select /3 from the drop-down menu on the right.
    Step 6: Gateway - Select your IPv6 tunnel Gateway from the drop down
    Step 7: Save

    Good luck!

  • LAYER 8 Global Moderator

    Not sure where you got the idea that you need to do this, but you dont!

    You should already have a default route that says for IPv6 to use your tunnel

  • Pfsense never setup a default route for me for IPv6 through several 2.0 versions… and this is the only thing that got my router to pass traffic to outside IPv6 servers.

  • LAYER 8 Global Moderator

    why would you not have setup a default route vs a specific route?  Also I would suggest you tshoot why the default route was not created vs manually creating a route.

  • Can you please explain how to setup a default route vs the "specific" one that I setup? I don't know where to find "default routes" in the webadmin and followed the PFsense IPv6 Tunnel guides by the letter exactly, and it still never worked until I put that specific route in. Where is the default routes? Thanks!

  • It appears there are a few bugs stopping the default route from being created, see my thread.

  • Thanks ipv6kid. This may not be the "correct" way to do it but I also spent a couple hours going over every portion of my config after following the guide and nothing worked until I followed your instructions.

  • as far as I can tell it did setup default routes for most if not all of the users.

    There is a checkbox to designate that gateway being the default. The not so intuitive part is that both a v6 and a v4 can be toggled default.

    I should really add a tag in the listing ;-)

  • Both my v4 and my v6 gateways are set as default. There is no "default" route for V6 in my routing table though.

  • It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.

  • AFAIK there's a problem in /etc/inc/system.inc at the line 420:

    mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");

    if I do this on pfsense's console:

    # route change -inet6 default 2001:470:XXXX:XXX::1
    route: writing to routing socket: No such process
    change net default: gateway 2001:470:XXXX:XXX::1: not in table

    but if I manually add a fake default route and then change it, it works fine..

    # route add -inet6 default ::1
    add net default: gateway ::1
    # route change -inet6 default 2001:470:XXXX:XXX::1
    change net default: gateway 2001:470:XXXX:XXX::1

    so, maybe it could be added to init script a fake default route for inet6 .

    Another solution: check if there's a default inet6 route before changing it and using "add" instead of "change" if there's no default GW

    [sorry for my poor english :) ]

  • the route binary we use in pfSense will add a route if it doesn't exist with Change. Maybe you have a older binary snapshot.

  • I updated an old 1.2.3 installation to 2.0-RC3 with full-upgrade package, then updated to 2.1-DEVELOPMENT via "playback gitsync" to master version:

    # md5 /sbin/route
    MD5 (/sbin/route) = b8e47fdd0d5f1f3d249dd1b9ae69bd38

    Maybe i have to do a fresh install of 2.0?


  • a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT

  • @databeestje:

    It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.

    Nice! I have a "default" now after updating the snap and gitsyncing. My box still doesn't seem to gitsync automatically after updating the snap but that's another issue. Thank for all your work on this!

  • @databeestje:

    a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT

    I just installed a clean 2.0 snapshot ( pfSense-memstick-2.0-RC3-i386-20110621-1650.img ) then updated via gitsync to 2.1-DEVELOPMENT and the /sbin/route binary still don't work as expected (and has the same md5sum of old installation). When it tries to "route change", it fails.

    Where I'm wrong? I've installed from a wrong source?

    thanks in advance.

  • @kionez:

    Where I'm wrong? I've installed from a wrong source?

    I've just missed a step!

    Updated to "2.1-DEVELOPMENT (i386) built on Mon Sep 5 04:07:51 EDT 2011" via Auto Update, then gitsync and now /sbin/route seems working fine.

    If i remove the default route for inet6, then "change" it ,route gives "No such process" error, but then the new default is set!



Log in to reply