6RD not working
-
@ermal:
Logs would be good together with ifconfig and routing table output.
Latest snapshot has some automatic rules removed, due to wide covarge of auto rules, so probably check that your firewall rules are correct.
Hi ermal,
Tell me what you need and I'll fire up the vm & get it for you.
I did update the ticket here:
http://redmine.pfsense.org/issues/2882
a while back with the info you asked for at the time.
I can also give you remote access to the box if you would like….whatever I can do to help!
-Will
-
Well this is strange… just as a test, I set the WAN interface to 6to4 instead of 6rd, and clicked apply. I now have an ipv6 address, and I am able to properly ping IPv6 hosts from the router, as well as visit IPv6 websites on my LAN vi track interface. Wonder if the new modem I got yesterday has anything to do with this or not.
If it matters, I am a charter business customer.
-
Hi ddggttff3,
Honestly, I'm surprised that worked for you. Following your suggestion I made the same change & it blanked out the 6rd section in the WAN interface config when I changed it, assuming yours did the same, I'm surprised your firewall had any idea where to send your ipv6 traffic! Making the change to 6to4 did not make my ipv6 connection work.
As always, if there's any information I can provide to help sort this out just ask!
-Will
-
Well I just got a new modem, Model is SMCD3GN2-BIZ. I am thinking that's 1/2 the story as my old SMC did not work with 6to4, and the bootup UART log from this device mentions loading a "IPv6 over IPv4 tunneling driver".
Also, when I set it to 6to4, it auto pulled the old IPv6 address I got with 6rd, so yay!
So far, IPv6 6to4 has been working here with 0 issues.
Maybe you should ask charter for a new modem? I used to have the SMCD3G-BIZ, which did not work with 6to4. Is that the modem you use?
-
I'd just like to add "Me, too"
I use CenturyLink's 6rd's Border Relay. I was using a 2.1 Beta snapshot from last August until I upgraded this weekend and lost 6rd functionality.
Same symptoms as Will reports. I didn't have much time to troubleshoot - I just fired up my HE tunnel in the meantime.
However, I did notice this in my logs (I obfuscated my IP):
php: : The command '/sbin/pfctl -b 2602:XX:YYYY:ZZZZ::/32 -b 2602
ab02:4000::/32' returned exit code '1', the output was 'pfctl: illegal option – b usage: pfctl [-AdeghmNnOPqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address …]] [-x level]'I'd be happy to provide anything else to help get this squared away.
–Vince
-
Hi vinsomething,
Indeed, I don't really know where to start troubleshooting….for me getting 6rd up & going was a 5 minute affair and it "just worked" for a very long time.
I have a ticket open on this and the last thing I heard from the devs was that this is "seen that on misconfigurations of pfSense". I have no idea what that misconfiguration could be and would love to get a hint to point me in the correct direction.
I spun up my "current" pfsense vm the other day, grabbed the output of "pftop -w 150 -a -b -v rules" via the /status.php page on both my January (working) vm & the latest release as of last Saturday. I took the output from each and stuffed them into notepad++, edited out all the traffic counters & diffed them. There are 3 extra rules in the "current" rules that aren't in my January ruleset:
100 Pass In Q vmx3f1 K 0 0 0 inet from 10.56.56.0/24 to any flags S/SA
101 Pass In Q vmx3f1 K 0 0 0 inet6 from 2602:XXXX:XXXX:XXXX::/64 to any flags S/SA
102 Pass In Q vmx3f1 udp K 0 0 0 inet6 from fe80::/64 to ff02::1:3/128 port = 5355Maybe that's where the problem is, maybe it's not....I have no idea. All the other rules seem to differ only in the change between "wan_st" & "stf0".
It sucks that you updated & lost your 6rd functionality. I sure do hope this gets sorted out before 2.1 rolls out!
-Will
-
Hi guys,
I just updated my pfsense test vm to the Thu Aug 15 build and now I don't even get an ipv6 address on my outside interface.
-Will
-
I get the same on 6 to 4. I had to unconfigure ipv6 for now.
-
Hi podilarius,
Updating to the latest (Fri. 8/16) build has allowed my WAN interface to once again get an ipv6 address.
6RD still doesn't function, sorry to say.
-Will