6rd tunnel setup

  • This is my first try with IPV6. I have read about it, but I am still not 100% on what I am doing. I'm running the latest 2.1 snapshot and I would like to enable the clients on the lan to use IPV6. My ISP is providing support for a 6rd tunnel.

    I set up the 6rd settings for the WAN interface accordingly and I can see it gets assigned an address, but in the gateway monitoring reports the ipv6 gateway online only for a minute or so then it  reports it offline. Are any rules needed on the firewall to allow ipv6 gateway monitoring?

    I then setup the LAN interface as "Track Interface" and point it to WAN and I can see it gets assigned an address in the same network as the WAN.

    This is where I get confused. How do I assign ipv6 addresses to the clients in the LAN? I tried the DHCPv6 but it requires a static ip on the LAN interface so I'm not sure if I should manually assign the IP instead of using "Track Interface".

    I'm sure I am missing something very basic. I would appreciate if somebody could point me in the right direction or suggest a guide or howto document on the subject.

  • In my case as soon as I enabled "Track Interface" on the LAN Interface pfsense sent router advertisements on LAN, so my Windows clients did automatically generate an ipv6 from the /64 subnet of the LAN interface.

  • Thank for the reply. After further testing and rebooting the clients, they started getting an ipv6 /64. Now the problem is that they cannot get out using ipv6 and all the ipv6 tests fail.
    I did add a rule on the LAN interface allowing all outgoing ipv6 traffic, but it didn't make a difference.

  • Can you ping ipv6 hosts from pfsense? (Diagnostics->Ping)

  • I tried pinging opendns servers using their ipv6 address from both the clients and pfSense (WAN interface) but got nothing back. When pinging from the clients I can see it go through (I enabled logging on the LAN rule for ipv6 traffic), but then I see traffic from the opendns ipv6 being blocked on the WAN.

Log in to reply