6RD not working
-
Any specific log file you want dumped?
Updated to 7/11/13 morning snapshot, amd64
I also have a firewall rule to allow icmpv6.ifconfig
em0: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500 options=4219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso>ether 00:15:17:82:3d:60 media: Ethernet autoselect status: no carrier em1: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500 options=4219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso>ether 00:15:17:82:3d:61 media: Ethernet autoselect status: no carrier igb0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=500bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:1b:21:54:db:58 inet6 fe80::21b:21ff:fe54:db58%igb0 prefixlen 64 scopeid 0x3 inet 10.1.7.1 netmask 0xffffff00 broadcast 10.1.7.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=500bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:1b:21:54:db:59 inet6 fe80::21b:21ff:fe54:db59%igb1 prefixlen 64 scopeid 0x4 inet 10.1.4.1 netmask 0xffffff00 broadcast 10.1.4.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:1b:21:54:db:5c inet6 fe80::21b:21ff:fe54:db5c%igb2 prefixlen 64 scopeid 0x5 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=400b8 <vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:1b:21:54:db:5d inet6 fe80::21b:21ff:fe54:db5d%igb3 prefixlen 64 scopeid 0x6 inet 24.159.196.98 netmask 0xfffffff0 broadcast 24.159.196.111 inet 24.159.196.99 netmask 0xfffffff0 broadcast 24.159.196.111 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active pflog0: flags=100 <promisc>metric 0 mtu 33144 enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa nd6 options=3 <performnud,accept_rtadv>igb1_vlan4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=3 <rxcsum,txcsum>ether 00:1b:21:54:db:59 inet6 fe80::215:17ff:fe82:3d60%igb1_vlan4 prefixlen 64 scopeid 0xb nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 4 vlanpcp: 0 parent interface: igb1 igb1_vlan5: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=3 <rxcsum,txcsum>ether 00:1b:21:54:db:59 inet6 fe80::215:17ff:fe82:3d60%igb1_vlan5 prefixlen 64 scopeid 0xc inet 10.1.5.1 netmask 0xffffff00 broadcast 10.1.5.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 5 vlanpcp: 0 parent interface: igb1 igb0_vlan6: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=3 <rxcsum,txcsum>ether 00:1b:21:54:db:58 inet6 fe80::215:17ff:fe82:3d60%igb0_vlan6 prefixlen 64 scopeid 0xd inet 10.1.6.1 netmask 0xffffff00 broadcast 10.1.6.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 6 vlanpcp: 0 parent interface: igb0 igb0_vlan7: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=3 <rxcsum,txcsum>ether 00:1b:21:54:db:58 inet6 fe80::215:17ff:fe82:3d60%igb0_vlan7 prefixlen 64 scopeid 0xe nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 7 vlanpcp: 0 parent interface: igb0 bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 02:94:0a:e6:35:00 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: igb2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 5 priority 128 path cost 2000000 member: igb3 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 6 priority 128 path cost 2000000 ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::215:17ff:fe82:3d60%ovpns1 prefixlen 64 scopeid 0x11 inet 10.1.254.1 --> 10.1.254.2 netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv>Opened by PID 28948 wan_stf: flags=4001 <up,link2>metric 0 mtu 1280 inet6 2602:100:189f:c462:: prefixlen 32 nd6 options=3 <performnud,accept_rtadv>v4net 0.0.0.0/0 v4br 68.114.165.1</performnud,accept_rtadv></up,link2></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud></vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast>netstat -rn
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 24.159.196.97 UGS 0 34681 igb3 10.1.4.0/24 link#4 U 0 72897 igb1 10.1.4.1 link#4 UHS 0 0 lo0 10.1.5.0/24 link#12 U 0 12559 igb1_v 10.1.5.1 link#12 UHS 0 0 lo0 10.1.6.0/24 link#13 U 0 983 igb0_v 10.1.6.1 link#13 UHS 0 0 lo0 10.1.7.0/24 link#3 U 0 10 igb0 10.1.7.1 link#3 UHS 0 0 lo0 10.1.254.0/24 10.1.254.2 UGS 0 0 ovpns1 10.1.254.1 link#17 UHS 0 0 lo0 10.1.254.2 link#17 UH 0 0 ovpns1 24.159.196.96/28 link#6 U 0 233 igb3 24.159.196.98 link#6 UHS 0 0 lo0 24.159.196.99 link#6 UHS 0 0 lo0 68.114.165.1 24.159.196.97 UGHS 0 0 igb3 127.0.0.1 link#10 UH 0 359 lo0 Internet6: Destination Gateway Flags Netif Expire default 2602:100:189f:c462::4472:a501 UGS wan_stf ::1 ::1 UH lo0 2602:100::/32 link#15 U wan_stf 2602:100:189f:c462:: link#15 UHS lo0 fe80::%igb0/64 link#3 U igb0 fe80::21b:21ff:fe54:db58%igb0 link#3 UHS lo0 fe80::%igb1/64 link#4 U igb1 fe80::21b:21ff:fe54:db59%igb1 link#4 UHS lo0 fe80::%igb2/64 link#5 U igb2 fe80::21b:21ff:fe54:db5c%igb2 link#5 UHS lo0 fe80::%igb3/64 link#6 U igb3 fe80::21b:21ff:fe54:db5d%igb3 link#6 UHS lo0 fe80::%lo0/64 link#10 U lo0 fe80::1%lo0 link#10 UHS lo0 fe80::%igb1_vlan4/64 link#11 U igb1_vla fe80::215:17ff:fe82:3d60%igb1_vlan4 link#11 UHS lo0 fe80::%igb1_vlan5/64 link#12 U igb1_vla fe80::215:17ff:fe82:3d60%igb1_vlan5 link#12 UHS lo0 fe80::%igb0_vlan6/64 link#13 U igb0_vla fe80::215:17ff:fe82:3d60%igb0_vlan6 link#13 UHS lo0 fe80::%igb0_vlan7/64 link#14 U igb0_vla fe80::215:17ff:fe82:3d60%igb0_vlan7 link#14 UHS lo0 fe80::215:17ff:fe82:3d60%ovpns1 link#17 UHS lo0 ff01::%igb0/32 fe80::21b:21ff:fe54:db58%igb0 U igb0 ff01::%igb1/32 fe80::21b:21ff:fe54:db59%igb1 U igb1 ff01::%igb2/32 fe80::21b:21ff:fe54:db5c%igb2 U igb2 ff01::%igb3/32 fe80::21b:21ff:fe54:db5d%igb3 U igb3 ff01::%lo0/32 ::1 U lo0 ff01::%igb1_vlan4/32 fe80::215:17ff:fe82:3d60%igb1_vlan4 U igb1_vla ff01::%igb1_vlan5/32 fe80::215:17ff:fe82:3d60%igb1_vlan5 U igb1_vla ff01::%igb0_vlan6/32 fe80::215:17ff:fe82:3d60%igb0_vlan6 U igb0_vla ff01::%igb0_vlan7/32 fe80::215:17ff:fe82:3d60%igb0_vlan7 U igb0_vla ff01::%ovpns1/32 fe80::215:17ff:fe82:3d60%ovpns1 U ovpns1 ff02::%igb0/32 fe80::21b:21ff:fe54:db58%igb0 U igb0 ff02::%igb1/32 fe80::21b:21ff:fe54:db59%igb1 U igb1 ff02::%igb2/32 fe80::21b:21ff:fe54:db5c%igb2 U igb2 ff02::%igb3/32 fe80::21b:21ff:fe54:db5d%igb3 U igb3 ff02::%lo0/32 ::1 U lo0 ff02::%igb1_vlan4/32 fe80::215:17ff:fe82:3d60%igb1_vlan4 U igb1_vla ff02::%igb1_vlan5/32 fe80::215:17ff:fe82:3d60%igb1_vlan5 U igb1_vla ff02::%igb0_vlan6/32 fe80::215:17ff:fe82:3d60%igb0_vlan6 U igb0_vla ff02::%igb0_vlan7/32 fe80::215:17ff:fe82:3d60%igb0_vlan7 U igb0_vla ff02::%ovpns1/32 fe80::215:17ff:fe82:3d60%ovpns1 U ovpns1 -
@ermal:
Logs would be good together with ifconfig and routing table output.
Latest snapshot has some automatic rules removed, due to wide covarge of auto rules, so probably check that your firewall rules are correct.
Hi ermal,
Tell me what you need and I'll fire up the vm & get it for you.
I did update the ticket here:
http://redmine.pfsense.org/issues/2882
a while back with the info you asked for at the time.
I can also give you remote access to the box if you would like….whatever I can do to help!
-Will
-
Well this is strange… just as a test, I set the WAN interface to 6to4 instead of 6rd, and clicked apply. I now have an ipv6 address, and I am able to properly ping IPv6 hosts from the router, as well as visit IPv6 websites on my LAN vi track interface. Wonder if the new modem I got yesterday has anything to do with this or not.
If it matters, I am a charter business customer.
-
Hi ddggttff3,
Honestly, I'm surprised that worked for you. Following your suggestion I made the same change & it blanked out the 6rd section in the WAN interface config when I changed it, assuming yours did the same, I'm surprised your firewall had any idea where to send your ipv6 traffic! Making the change to 6to4 did not make my ipv6 connection work.
As always, if there's any information I can provide to help sort this out just ask!
-Will
-
Well I just got a new modem, Model is SMCD3GN2-BIZ. I am thinking that's 1/2 the story as my old SMC did not work with 6to4, and the bootup UART log from this device mentions loading a "IPv6 over IPv4 tunneling driver".
Also, when I set it to 6to4, it auto pulled the old IPv6 address I got with 6rd, so yay!
So far, IPv6 6to4 has been working here with 0 issues.
Maybe you should ask charter for a new modem? I used to have the SMCD3G-BIZ, which did not work with 6to4. Is that the modem you use?
-
I'd just like to add "Me, too"
I use CenturyLink's 6rd's Border Relay. I was using a 2.1 Beta snapshot from last August until I upgraded this weekend and lost 6rd functionality.
Same symptoms as Will reports. I didn't have much time to troubleshoot - I just fired up my HE tunnel in the meantime.
However, I did notice this in my logs (I obfuscated my IP):
php: : The command '/sbin/pfctl -b 2602:XX:YYYY:ZZZZ::/32 -b 2602
ab02:4000::/32' returned exit code '1', the output was 'pfctl: illegal option – b usage: pfctl [-AdeghmNnOPqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address …]] [-x level]'I'd be happy to provide anything else to help get this squared away.
–Vince
-
Hi vinsomething,
Indeed, I don't really know where to start troubleshooting….for me getting 6rd up & going was a 5 minute affair and it "just worked" for a very long time.
I have a ticket open on this and the last thing I heard from the devs was that this is "seen that on misconfigurations of pfSense". I have no idea what that misconfiguration could be and would love to get a hint to point me in the correct direction.
I spun up my "current" pfsense vm the other day, grabbed the output of "pftop -w 150 -a -b -v rules" via the /status.php page on both my January (working) vm & the latest release as of last Saturday. I took the output from each and stuffed them into notepad++, edited out all the traffic counters & diffed them. There are 3 extra rules in the "current" rules that aren't in my January ruleset:
100 Pass In Q vmx3f1 K 0 0 0 inet from 10.56.56.0/24 to any flags S/SA
101 Pass In Q vmx3f1 K 0 0 0 inet6 from 2602:XXXX:XXXX:XXXX::/64 to any flags S/SA
102 Pass In Q vmx3f1 udp K 0 0 0 inet6 from fe80::/64 to ff02::1:3/128 port = 5355Maybe that's where the problem is, maybe it's not....I have no idea. All the other rules seem to differ only in the change between "wan_st" & "stf0".
It sucks that you updated & lost your 6rd functionality. I sure do hope this gets sorted out before 2.1 rolls out!
-Will
-
Hi guys,
I just updated my pfsense test vm to the Thu Aug 15 build and now I don't even get an ipv6 address on my outside interface.
-Will
-
I get the same on 6 to 4. I had to unconfigure ipv6 for now.
-
Hi podilarius,
Updating to the latest (Fri. 8/16) build has allowed my WAN interface to once again get an ipv6 address.
6RD still doesn't function, sorry to say.
-Will