Multi-WAN / MULTI-TUNNEL problem

ads61 · Mar 11, 2012, 10:23 AM

Using the latest snapshot:
2.1-DEVELOPMENT (i386)
built on Wed Mar 7 22:13:59 CET 2012
FreeBSD 8.3-RC1

Tunnels with gateways placed on the second WAN(opt1) never get online status.
If i change the endpoint of the tunnel and move them to the first WAN there is no problem and the gateways are online almost immediate.

Before i used the snapshot of 26 november 2011 (Jimp) and there was no problem assigning tunnels to both WAN's

jimp · Mar 11, 2012, 5:52 PM

Not true here. I have two HE.net tunnels, one on my DSL and one on my Cable line, and both show online in gateway status.

joe_cowboy · Mar 12, 2012, 12:11 AM

@jimp:

Not true here. I have two HE.net tunnels, one on my DSL and one on my Cable line, and both show online in gateway status.

I have three seperate He.net tunnels running one for each broadband connection for multi-wan setup. But only one tunnel will come up. I have deleted the tunnels multiple times and started over but only one tunnel will work at a time. I have also tried different IPv4 end points on HE.net too to make sure of no conflicts. So I am at a loss. Running that lastest build you releast 2.1-DEVELOPMENT (i386)
built on Sun Feb 26 01:11:47 EST 2012. If you have a later build than this I would like to try it.

jimp · Mar 12, 2012, 12:20 AM

Usual things to check:

Make sure ICMP is allowed (echo request at least) inbound on every WAN, or he.net won't connect the tunnel
Make sure the GIF interface is attached to the right physical interface
Make sure you use a different he.net broker server for each tunnel. (i.e. one to Chicago, one to NY, etc)

joe_cowboy · Mar 12, 2012, 2:12 AM

@jimp:

Usual things to check:

Make sure ICMP is allowed (echo request at least) inbound on every WAN, or he.net won't connect the tunnel

Make sure the GIF interface is attached to the right physical interface

Make sure you use a different he.net broker server for each tunnel. (i.e. one to Chicago, one to NY, etc)

All that you have stated is what I have set up. I have done all that many times. Even let another guy log in and check my settings. So I am at a loss. Have you tried it or anybody else on your team with multiple broadband connections with each one assigned it's own IPv6 He.net broker tunnel? Thanks again for your help Jim…

Supermule · Mar 12, 2012, 6:27 AM

Have you posted it on redmine??

ads61 · Mar 12, 2012, 8:01 PM

For me it is the same as what joe_cowboy discribes.
checked, checked and double checked everything.
Using one HE-tunnel and one SixXS-tunnel.
The SixXS-tunnel is solid on the wan interface. (endpoint is difficult to change)
The HE-tunnel will come online if i place it on the wan besides the sixxs but if i move the he to opt2 it never comes online.

Did some further testing and deleted all tunnels and rebooted.
Placed one of the tunnels on opt2 and it never comes online.
To me it looks like opt2 is not allowing tunnels.
2 (or more) tunnels on WAN is no problem.

databeestje · Mar 13, 2012, 7:38 PM

Might be not allowing proto 41 traffic on your OPT2, add a rule for that from the tunnel broker IP.
That will also set reply-to on the rules which you need for the tunnel.

ads61 · Mar 13, 2012, 8:07 PM

Where and how do i set this proto41 ???

Supermule · Mar 13, 2012, 8:35 PM

http://en.wikipedia.org/wiki/6in4

Explanation :)

Some posts on forum http://forum.pfsense.org/index.php?topic=32721.45

Isssues posted on Redmine http://redmine.pfsense.org/issues/2117

jimp · Mar 15, 2012, 4:16 PM

@joe_cowboy:

Have you tried it or anybody else on your team with multiple broadband connections with each one assigned it's own IPv6 He.net broker tunnel? Thanks again for your help Jim…

As I mentioned above I have one on each of my WANs (DSL and Cable) and they both show online and I can ping out from each. It's not a general problem, at least not one I can reproduce here. I even have both setup with he.net dyndns updater entries to keep the tunnels up when my IPs change, they both track fine.