6rd on Telia, routing and RA
I started playing around with 6RD in the latest daily (may 22) and it worked fairly well, but not all the way.
I configured my external interface with the 6RD information I got from my ISP (Telia in Sweden):
6RD Prefix: 2001:2002::/32
6RD Border Relay: 126.96.36.199
6RD IPv4 Prefix length: 0 bits
It connected, and I got an IPv6 address on my external interface:
-> 188.8.131.52/32 2001:2002:4e4f:24f2::/NONE
After that I configured IPv6 on my LAN interface to track the WAN interface. I'm not really familiar with the IPv6 Prefix ID here, but I left it at 0 and it seems to work, the interface gets an IP and it's pingable:
-> 192.168.1.1/24 2001:2002:4e4f:24f2::1/64
Now to the problems.
I have no default IPv6 route. I can't get any traffic to pass over the wan interface unless I add the route from the shell:
route add -inet6 default 2001:2002:4e4f:24f2::
After that I can ping external IPv6 addresses from pfsense.
The next problem is that I don't get any router advertisments on the LAN side. It looks like radvd isn't running, and as I understand it it's related to the DHCPv6 settings in the web interface, right? The problem here is that the LAN interface is configured to track the WAN interface, so when I try to configure DHCPv6 I get:
The DHCPv6 Server can only be enabled on interfaces configured with static IP addresses.
Only interfaces configured with a static IP will be shown.
ok, this has issues on multiple levels.
When you configure a 6rd wan it should automatically insert a default route, i'll need to check why this is happening.
rc.newwanip (ipv4) automatically sets up and configures the 6rd tunnel as well as RA on the LAN.
Last I checked this was supposed to work, you are doing it right.
Try pressing save on the WAN interface now that the LAN is setup to track the WAN, does that configure everything?
Okay, I've tried a few things with varying results.
I started by rebooting pfsense to get to a baseline. This time the result was a bit different, I got router advertisements with the IPv6 prefix on the LAN segment directly after the reboot.
I logged in to the pfsense shell and verified that I didn't have any default gateway. I added it and tried to ping an external address, and it worked. After that I tried to log into the web interface and "re-save" the wan interface as you suggested. That fixed the router advertisement, my client picked up the pfsense server as the default gateway right away, but since re-saving the interface renewed my IPv4 address the manually added IPv6 default gateway was wrong, and removing it and adding the new correct one didn't fix the problem. I haven't been able to ping an external address since.
I'll try to reboot it again and see if I get the same results.
I neglected to mention that my wan interface is a ppp interface at the moment, I don't know if that might make a difference.
New reboot, new result.
This time the 6RD interface went up as usual, but I have no router advertisements on the LAN and no default gateway on pfsense.
A save-apply on the wan interface fixed RA, both IPv6 prefix and default gateway got distributed on the LAN. Still no default gateway on the pfsense server though, and for some reason adding it manually doesn't seem to fix anything. I'll try to look into that a bit more.
Okay, one last thing.
It seems that a save-apply on the wan interface actually fixes everything except for the default gateway. However, the lan interface keeps the old IPv6 address even though the wan interface acquired a new address, and my guess is that's the reason I can't get the traffic to flow. It acquires the new address as well but it seems to continue to use the old IPv6 address as source.
okay okay, one OTHER last thing. :)
I was right in my last post. When I manually removed the old IPv6 address from the LAN interface everything started working. So, from the top:
Reboot. This brings us to a point where the 6RD interface is up, and sometimes RA on the LAN works and sometimes not.
Save-apply on the wan interface. This fixes RA on the LAN, but the wan interface gets a new IP.
Add default IPv6 gateway on the pfsense server. Default gateway always seems to be missing, save-apply or not.
Remove the old IPv6 address from the LAN interface. Everything works, double rainbows all around!
how is your wan setup? dhcp? pppoe?
I don't have a pppoe setup where I can easily test.
I'm currently making due with my backup Huawei USB 3G modem (ppp) while urging the telco guys to please finish installing my new fiber…
I've been running for a few hours now after doing the manual steps I outlined above (save-apply the wan config to kickstart RA, manually creating a default route and removing the old IPv6 address from the lan nic), and everything seems to work perfectly.
I'm sorry, but I have not gotten round to it yet. It's not forgotten.
I'm sure I have a VM somewhere I can use for testing that will help. Nothing on pppoe yet though.
Willing to give me access?
I filled in your info, but the Telia relay isn't open for the world. Which is good.
On the LAN interface, it's set for track interface, prefix id 0.
On the WAN interface I selected 6rd, and the Telia information just as you did.
The WAN ipv4 address is DHCP and doesn't change really. I do see a default route.
default 2001:2002:d9d1:e4a6:: UGS 0 8 1280 stf0
And a radvd too.
root 49889 0.0 0.6 5860 1460 ?? Ss 4:27PM 0:00.01 /usr/local/sbin/radvd -C /var/etc/radvd.conf -m syslog
If my hunch is correct you can probably ping 2001:2002:5be3:1b48::1
Edit: Just verified it comes up with a default route for me on cold boot with a DHCP wan.
So, could it be related to the Huawei 3G, that the connection takes too long? Perhaps we should wait until I get my permanent connection installed and see if the problem solves itself?
I wasn't aware you had a 3G connection, I sort of reasoned it was a PPPoE.
I'll have a go and test this on my 3G stick here.
I tested with the Charter 6rd relay and even on the 3g stick it came straight up with a default route and advertisements. Need more looking.
Got my fiber installed today, finally. 6RD worked like a charm, so obviously my problems were related to PPP for some reason. I'm happy, but if you'd like to continue to pursue this and need any more data from me, just let me know.