IPv6 tunnel not coming up

  • I followed the guide here: http://doc.pfsense.org/index.php/Using_IPv6_on_2.0

    I setup the GIF, tunnel, allowed the rules in the firewall. The gateway shows up.

    I seem to have a logic issue (running 2.0 release and did a gitsync playback on the git repo in the doc).

    My screens seem to have different options (i.e. lan I have two dropdowns, 1 for ipv4 another for ipv6, not a choice of ipv4+ipv6).

    My OPT1 shows my tunnel (server) address. When I assign the ipv6 address to the LAN and apply it it is successful, but I don't seem to be routing any ipv6. My LAN interface has a different prefix than the OPT1 interface. I have my LAN interface setup with its routed /48 and handing out ipv6 on the lan. I can resolve ipv6 from the desktop, but not from the firewall.

    I do not show the ipv6 tunnel (gateway) as being up, I've allowed the icmp4v packets as described. I tend to think that since I reboot the firewall my ipv6 gateway shows UP momentarily but I have not seen anything in the firewall logs that indicates the tunnel is being blocked.

    I am wondering if the release2.0 and the gitsync has not been proven or used yet. Is there somewhere else I can look to test this? Is there a way to test ipv6 from shell that someone can point me to?

  • I deleted and re-created the gateway, all I see is: Could not find IPv6 gateway for interface(wan).

    It does show "up" for 5-6 seconds, then down. This might just be a cosmetic bug, but I also suspect the message above is also a cosmetic bug or is this valid? Since it's a tunnel and IPv6 is not enabled for WAN why would it do this?

  • If I run a packet capture it shows the packets from the tunnel provider hitting my WAN ipv4 address, but the ICMP says it is unreachable, though the pcap shows the ICMP type as ipv6, which doesn't sound right to me. If I open the wan address to all icmp traffic (ipv4 & ipv6), I can ping the ipv4 wan address from the outside without issue, yet I still get the same

    ICMP Destination unreachable (Port unreachable)


    It seems to be a firewall issue, yet I followed the examples to the letter with the exception of doing the git playback using the 2.0 release branch, which was recently suggested on this board.

  • OK. So I solved this by deleting my tunnel and assignment with the tunnel broker. I then created a new tunnel and routed assignments, and replaced those in my non-working configuration and they worked. I have to surmise it was something at the other end (tunnelbroker).

    ipv6 gateway came right up, once I changed the ipv6 assignment for LAN/DHCP and refreshed, it all worked.

Log in to reply