IPv6 configuration Help using HE Tunnel Broker (Resolved )
I have configured ipv6 tunnel broker configuration using Hurricane electric (pfsense 2.1). Tunnel is up and I can ping the far end IPv4 and IPv6 endpoints from the firewall. But from an IPv6 host on the LAN I can only ping the local IPv6 tunnel endpoint and can not ping the far end IPv6 tunnel endpoint.I followed the instructions mentioned here exactly to configure the tunnel broker:http://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker
When I browse IPv6 websites, they only see my IPv4 address and not my Ipv6 address. Any help in resolving the problem is highly appreciated.
Update: from the firewall I can only ping far end ipv6 endpoint and can not ping any other remote ipv6 hosts. I have the correct default route and not sure what was wrong. Here is my routing table of the firewall:
default 2001:470:7:xxb::1 UGS gif0
2001:470:7:xxb::/64 link#15 U gif0
fe80::%gif0/64 link#15 U gif0
fe80::2d0:68ff:fe02:e8fb%gif0 link#15 UHS lo0
ff01::%gif0/32 fe80::2d0:68ff:fe02:e8fb%gif0 U gif0
ff02::%gif0/32 fe80::2d0:68ff:fe02:e8fb%gif0 U gif0
You have to provide more information.
e.g. Have you configured any IPv6 firewall rules?
Your posted output seems ok to me.
Bardelot, thanks for the quick response and here is the additional information:
I have placed a widely open allow ipv6 rule on the LAN interface
I also configured my lan with provided subnet (2001:470:81/64)
Attaching screen shots for showing the status of my setup
maybe you had a bad snapshot where radvd was not working too.
I fixed that just a day or so ago. The radvd.conf was bungled so it never started.
Newer snapshots should show it under services status too.
databeestje, i am using the latest snapshot from Saturday evening but luck. Wireshark capture on win7 client shows me the RA traffic coming from the firewall and it seems OK. I have configured DHCPv6 scope on the LAN interface as well as enabled the RA as "unmanaged". Thanks for your thoughts.
Are you missing the IPv6 default route? You should have the HE.gw selected as being the default route.
Diag routes should tell you this.
I see a correct ipv6 default gateway in the route table on pfsence (screenshot attached).
anything in the system logs throwing a warning?
Set the log checkbox on the firewall rule on the LAN and see if it sees traffic. Try the same with a block rule on the v6 wan to see if traffic from the internet comes back.
Last resort, remove the tunnel on the HE.net and create a new one. There have been sporadic cases in the past when you couldn't get out to the internet.
Finally, the problem was resolved by deleting the HE tunnel and creating a new tunnel as suggested by databeestje (thanks).