[SOLVED] Tunnel Online but Not Routing to outside IPv6 Sites

ipv6kid · Sep 2, 2011, 11:30 AM

After hours and hours of configuring, trying to figure out what was the matter with my IPv6 tunnel… why it was not routing my traffic outside my own IPv6 LAN I finally figured it out. I am posting this here for other newbies because I didn't see this included in any of the PFsense IPv6 setup guides. My tunnel now works 100% and I can browse every IPv6 address and it's quick. I am using a free Hurricane Electric tunnel. Don't also forget to configure IPv6 DNS from Hurricane Electric, your tunnel broker of choice or OpenDNS servers located at: http://www.opendns.com/ipv6/

There is one more step you have to complete after you get your tunnel online and IPv6 DHCP server working: You have to add a route to "all global IPv6 addresses".

Step 1. Go to System Drop down at the top of the Webadmin
Step 2. Click "Routing".
Step 3. Click on "Routes".
Step 4: Add a new rout by clicking the "+" button.
Step 5: Under "Destination Network" type in: "2000::" exactly without the quotes. Then select /3 from the drop-down menu on the right.
Step 6: Gateway - Select your IPv6 tunnel Gateway from the drop down
Step 7: Save

Good luck!

johnpoz · Sep 2, 2011, 11:47 AM

Not sure where you got the idea that you need to do this, but you dont!

You should already have a default route that says for IPv6 to use your tunnel

ipv6kid · Sep 2, 2011, 12:17 PM

Pfsense never setup a default route for me for IPv6 through several 2.0 versions… and this is the only thing that got my router to pass traffic to outside IPv6 servers.

johnpoz · Sep 2, 2011, 1:03 PM

why would you not have setup a default route vs a specific route? Also I would suggest you tshoot why the default route was not created vs manually creating a route.

ipv6kid · Sep 2, 2011, 8:54 PM

Can you please explain how to setup a default route vs the "specific" one that I setup? I don't know where to find "default routes" in the webadmin and followed the PFsense IPv6 Tunnel guides by the letter exactly, and it still never worked until I put that specific route in. Where is the default routes? Thanks!

a-a-ron · Sep 3, 2011, 12:01 AM

It appears there are a few bugs stopping the default route from being created, see my thread.

focalguy · Sep 3, 2011, 4:58 AM

Thanks ipv6kid. This may not be the "correct" way to do it but I also spent a couple hours going over every portion of my config after following the guide and nothing worked until I followed your instructions.

databeestje · Sep 3, 2011, 10:35 AM

as far as I can tell it did setup default routes for most if not all of the users.

There is a checkbox to designate that gateway being the default. The not so intuitive part is that both a v6 and a v4 can be toggled default.

I should really add a tag in the listing ;-)

focalguy · Sep 3, 2011, 7:15 PM

Both my v4 and my v6 gateways are set as default. There is no "default" route for V6 in my routing table though.

databeestje · Sep 4, 2011, 8:50 AM

It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.

kionez · Sep 4, 2011, 2:52 PM

AFAIK there's a problem in /etc/inc/system.inc at the line 420:

mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");

if I do this on pfsense's console:


# route change -inet6 default 2001:470:XXXX:XXX::1
route: writing to routing socket: No such process
change net default: gateway 2001:470:XXXX:XXX::1: not in table

but if I manually add a fake default route and then change it, it works fine..


# route add -inet6 default ::1
add net default: gateway ::1
# route change -inet6 default 2001:470:XXXX:XXX::1
change net default: gateway 2001:470:XXXX:XXX::1

so, maybe it could be added to init script a fake default route for inet6 .

Another solution: check if there's a default inet6 route before changing it and using "add" instead of "change" if there's no default GW

[sorry for my poor english :) ]

databeestje · Sep 4, 2011, 5:22 PM

the route binary we use in pfSense will add a route if it doesn't exist with Change. Maybe you have a older binary snapshot.

kionez · Sep 4, 2011, 6:24 PM

I updated an old 1.2.3 installation to 2.0-RC3 with full-upgrade package, then updated to 2.1-DEVELOPMENT via "playback gitsync" to master version:


# md5 /sbin/route
MD5 (/sbin/route) = b8e47fdd0d5f1f3d249dd1b9ae69bd38

Maybe i have to do a fresh install of 2.0?

k.

databeestje · Sep 4, 2011, 7:38 PM

a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT

focalguy · Sep 5, 2011, 5:14 AM

@databeestje:

It might be fixed when you git sync up to newer code. I think Jim also started on new images, not sure what happened to those.

Nice! I have a "default" now after updating the snap and gitsyncing. My box still doesn't seem to gitsync automatically after updating the snap but that's another issue. Thank for all your work on this!

kionez · Sep 5, 2011, 6:12 PM

@databeestje:

a 2.0 snapshot should work fine, then gitsync 2.1-DEVELOPMENT

I just installed a clean 2.0 snapshot ( pfSense-memstick-2.0-RC3-i386-20110621-1650.img ) then updated via gitsync to 2.1-DEVELOPMENT and the /sbin/route binary still don't work as expected (and has the same md5sum of old installation). When it tries to "route change", it fails.

Where I'm wrong? I've installed from a wrong source?

thanks in advance.
k.

kionez · Sep 5, 2011, 6:37 PM

@kionez:

Where I'm wrong? I've installed from a wrong source?

I've just missed a step!

Updated to "2.1-DEVELOPMENT (i386) built on Mon Sep 5 04:07:51 EDT 2011" via Auto Update, then gitsync and now /sbin/route seems working fine.

If i remove the default route for inet6, then "change" it ,route gives "No such process" error, but then the new default is set!

thanks

k.