Charter 6RD connection not working in latest snaps
-
6rd isn't broken in general. I use it for my production v6 at home, upgrade at least once a week, and it's worked on every version since I first enabled it several months ago. I'm posting this via 6rd on a snapshot from within the past few days. Going to need more than "it's broken" since that's not true.
What does ifconfig look like? What does your v6 routing table on the firewall look like? Host's IPv6 config and routing table? Packet captures on WAN, wan_stf, LAN?
-
My apologies, Charter's 6RD implementation doesn't seem to be working with the current snapshot of pfsense 2.1 last known working snapshot was the Jan 22nd snapshot
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd Border Relay. If you are interested in participating in our early trials and own a device that supports 6RD use this configuration information to begin experiencing the Next Generation Internet:6rd Prefix = 2602:/32
  Border Relay Address = 68.114.165.1
  6rd prefix length = 32
  IPv4 mask length = 0Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
Version: 2.1-BETA1 (amd64) built on Sun Mar 3 10:04:04 EST 2013
How I setup 6RD:
Followed the above instructions for WAN interface
IPv6 Configuration Type : 6rd Tunnel
6RD prefix : 2602:/32
6RD Border Relay : 68.114.165.1
6RD IPv4 Prefix length : 0 bitsFor the LAN interface:
IPv6 Configuration Type : Track interface
IPv6 Interface : WAN
IPv6 Prefix ID : blankifcongfig output:
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57     inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1     inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255     inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1     inet6 2602:100:yyyy:xxxx::1 prefixlen 64     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48     inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2     inet 68.184.84.xxx netmask 0xfffffc00 broadcast 255.255.255.255     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49     media: Ethernet autoselect     status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460     syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384     options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000     inet6 ::1 prefixlen 128     inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6     nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d     inet 192.168.2.1 netmask 0xfffffff8 broadcast 192.168.2.7     inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8     nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)     status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80000 <linkstate>ether 00:14:d1:1b:86:e1     inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15     inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9     nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>)     status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280     inet6 2602:100:44b8:5481:: prefixlen 32     nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>
netstat -rn output:
Destination    Gateway      Flags  Refs   Use Netif Expire default      68.184.84.1    UGS    0   390  em0 8.8.8.8      68.184.84.1    UGHS    0  1231  em0 24.197.160.17   68.184.84.1    UGHS    0  1231  em0 68.114.165.1   68.184.84.1    UGHS    0    0  em0 68.184.84.0/22  link#2      U     0  10290  em0 68.184.84.xxx   link#2      UHS    0    0  lo0 127.0.0.1     link#6      UH     0   188  lo0 192.168.1.0/24  link#1      U     0  61038  re0 192.168.1.1    link#1      UHS    0    0  lo0 192.168.2.0/29  link#8      U     0   663  ue0 192.168.2.1    link#8      UHS    0    0  lo0 192.168.10.0/28  link#9      U     0    0  ue1 192.168.10.1   link#9      UHS    0    0  lo0 205.171.2.65   68.184.84.1    UGHS    0  1231  em0 Internet6: Destination           Gateway           Flags   Netif Expire default             2602:100:4472:a501::     UGS  wan_stf ::1               ::1             UH     lo0 2602:100::/32          link#10           U   wan_stf 2602:100:44b8:5481::       link#10           UHS    lo0 => 2602:100:44b8:5481::/64     link#1            U     re0 2602:100:44b8:5481::1      link#1            UHS    lo0 2607:f428:1::5353:1       2602:100:4472:a501::     UGHS  wan_stf fe80::%re0/64          link#1            U     re0 fe80::1:1%re0          link#1            UHS    lo0 fe80::21c:c0ff:fe7f:6457%re0   link#1            UHS    lo0 fe80::%em0/64          link#2            U     em0 fe80::207:e9ff:fe1f:a948%em0   link#2            UHS    lo0 fe80::%lo0/64          link#6            U     lo0 fe80::1%lo0           link#6            UHS    lo0 fe80::%ue0/64          link#8            U     ue0 fe80::250:b6ff:fe0d:389d%ue0   link#8            UHS    lo0 fe80::%ue1/64          link#9            U     ue1 fe80::214:d1ff:fe1b:86e1%ue1   link#9            UHS    lo0 ff01::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff01::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff01::%lo0/32          ::1             U     lo0 ff01::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff01::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1 ff02::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff02::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff02::%lo0/32          ::1             U     lo0 ff02::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff02::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1
Packet Capture is showing nothing for WAN interface IPv6 address family
even though I was getting ping responses from 2607:f428:1::5353:1 and ipv6.google.com directly on the pfsense box. -
That looks sane, what doesn't work if you're getting IPv6 ping responses? Capturing on WAN won't show any v6, it's v4 at that point, but you should see the outside of the tunnel as v4 to 68.114.165.1 from the looks of that. Capturing on wan_stf with tcpdump will show what's on the inside of the 6rd tunnel.
-
@cmb:
That looks sane, what doesn't work if you're getting IPv6 ping responses? Capturing on WAN won't show any v6, it's v4 at that point, but you should see the outside of the tunnel as v4 to 68.114.165.1 from the looks of that. Capturing on wan_stf with tcpdump will show what's on the inside of the 6rd tunnel.
I went back through my notes / log. Seems that I can't read or was completely brain dead as I was not getting ping responses from 2607:f428:1::5353:1 and ipv6.google.com while ssh on the pfsense box. So I reran it again and no ping response from both a ssh session and the web interface even when I try Charter's primary dns (2607:f428:1::5353:1).
-
Ok, open one SSH session to the firewall, 8 to get a command prompt, and run:
tcpdump -ni wan_stf
Then start a ping from the firewall and what do you see there? Then a ping from a LAN host and what does it show?
-
Starting from the beginning to make sure nothing has changed.
ifcongfig output:ifconfig re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57     inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1     inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255     inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1     inet6 2602:100:xxxx:yyyy::1 prefixlen 64     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48     inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2     inet 68.184.xxx.yyy netmask 0xfffffc00 broadcast 255.255.255.255     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49     media: Ethernet autoselect     status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460     syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384     options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000     inet6 ::1 prefixlen 128     inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6     nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d     inet 192.168.2.1 netmask 0xfffffff8 broadcast 192.168.2.7     inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8     nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)     status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80000 <linkstate>ether 00:14:d1:1b:86:e1     inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15     inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9     nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>)     status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280     inet6 2602:100:xxxx:yyyy:: prefixlen 32     nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>
netstat -rn output:
netstat -rn Routing tables Internet: Destination    Gateway      Flags  Refs   Use Netif Expire default      68.184.84.1    UGS    0  2505  em0 8.8.8.8      68.184.84.1    UGHS    0  21921  em0 24.197.160.17   68.184.84.1    UGHS    0  21917  em0 68.114.165.1   68.184.84.1    UGHS    0    0  em0 68.184.84.0/22  link#2      U     0 163548  em0 68.184.xxx.yyy   link#2      UHS    0    0  lo0 127.0.0.1     link#6      UH     0   580  lo0 192.168.1.0/24  link#1      U     0 2552332  re0 192.168.1.1    link#1      UHS    0    0  lo0 192.168.2.0/29  link#8      U     0  3420  ue0 192.168.2.1    link#8      UHS    0    0  lo0 192.168.10.0/28  link#9      U     0  44839  ue1 192.168.10.1   link#9      UHS    0    0  lo0 205.171.2.65   68.184.84.1    UGHS    0  21917  em0 Internet6: Destination           Gateway           Flags   Netif Expire default             2602:100:4472:a501::     UGS  wan_stf ::1               ::1             UH     lo0 2602:100::/32          link#10           U   wan_stf 2602:100:xxxx:yyyy::       link#10           UHS    lo0 => 2602:100:xxxx:yyyy::/64     link#1            U     re0 2602:100:xxxx:yyyy::1      link#1            UHS    lo0 2607:f428:1::5353:1       2602:100:4472:a501::     UGHS  wan_stf fe80::%re0/64          link#1            U     re0 fe80::1:1%re0          link#1            UHS    lo0 fe80::21c:c0ff:fe7f:6457%re0   link#1            UHS    lo0 fe80::%em0/64          link#2            U     em0 fe80::207:e9ff:fe1f:a948%em0   link#2            UHS    lo0 fe80::%lo0/64          link#6            U     lo0 fe80::1%lo0           link#6            UHS    lo0 fe80::%ue0/64          link#8            U     ue0 fe80::250:b6ff:fe0d:389d%ue0   link#8            UHS    lo0 fe80::%ue1/64          link#9            U     ue1 fe80::214:d1ff:fe1b:86e1%ue1   link#9            UHS    lo0 ff01::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff01::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff01::%lo0/32          ::1             U     lo0 ff01::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff01::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1 ff02::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff02::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff02::%lo0/32          ::1             U     lo0 ff02::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff02::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1
tcpdumps
tcpdump -nnvvi re0 proto 41 tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 8646 packets received by filter 0 packets dropped by kernel tcpdump -nnvvi em0 proto 41 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 2398 packets received by filter 0 packets dropped by kernel tcpdump -ni wan_stf tcpdump: WARNING: wan_stf: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wan_stf, link-type NULL (BSD loopback), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
/tmp/rules.debug
# Gateways GWWAN_6RD = " route-to ( wan_stf 2602:100:4472:a501:: ) " GWWAN_DHCP = " route-to ( em0 68.184.84.1 ) " # allow our proto 41 traffic from the 6RD border relay in pass in on $WAN proto 41 from 68.114.165.1 to any label "Allow 6in4 traffic in f or 6rd on WAN" pass out on $WAN proto 41 from any to 68.114.165.1 label "Allow 6in4 traffic out for 6rd on WAN" pass in on $WAN inet6 from any to 2602:100:xxxx:yyyy::/32 label "Allow 6rd traff ic in for 6rd on WAN" pass out on $WAN inet6 from 2602:100:xxxx:yyyy::/32 to any label "Allow 6rd traf fic out for 6rd on WAN"
radvd.conf
# Automatically Generated, do not edit # Generated for DHCPv6 Server lan interface re0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvLinkMTU 1500; AdvDefaultPreference medium; prefix 2602:100:xxxx:yyyy::/64 { DeprecatePrefix on; }; route ::/0 { RemoveRoute on; }; RDNSS 2602:100:xxxx:yyyy::1 { }; DNSSL localdomain { }; };
dhcpdv6.conf
option domain-name "localdomain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 2602:100:xxxx:yyyy::/64 { range6 2602:100:xxxx:yyyy::1000 2602:100:xxxx:yyyy::2000; option dhcp6.name-servers 2602:100:xxxx:yyyy::1; }
Edit: since i'm C&P anyways added radvd.conf and dhcpdv6.conf
-
That all looks sane but nothing appears to go over the 6rd. Could we get access to your system? If so, please email me to arrange - cmb at pfsense dot org - with a link to this thread.
-
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
-
@ermal:
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
CMB has access to the box, but yes I'll try tomorrow's snapshot :)
-
After the Tue Mar 19 16:39:04 EDT 2013 build, I did have to go to the Interfaces menu for both the Wan and Lan and hit save and apply for the Ipv6 portion to update. No changes were made to either interfaces.
ifcongfig output:
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57     inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1     inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255     inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1     inet6 2602:100:44b8:yyyy::1 prefixlen 64     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48     inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2     inet 68.184.84.xxx netmask 0xfffffc00 broadcast 255.255.255.255     nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)     status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500     options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49     media: Ethernet autoselect     status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460     syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384     options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000     inet6 ::1 prefixlen 128     inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6     nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d     inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8     nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)     status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500     options=80000 <linkstate>ether 00:14:d1:1b:86:e1     inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9     inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15     nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>)     status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280     inet6 2602:100:44b8:yyyy:: prefixlen 32     nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>
netstat -rn output:
netstat -rn Routing tables Internet: Destination    Gateway      Flags  Refs   Use Netif Expire default      68.184.84.1    UGS    0  1671  em0 8.8.8.8      68.184.84.1    UGHS    0  2616  em0 24.197.160.17   68.184.84.1    UGHS    0  2606  em0 68.114.165.1   68.184.84.1    UGHS    0    0  em0 68.184.84.0/22  link#2      U     0  39934  em0 68.184.84.xxx   link#2      UHS    0    0  lo0 127.0.0.1     link#6      UH     0   126  lo0 192.168.1.0/24  link#1      U     0 275560  re0 192.168.1.1    link#1      UHS    0    0  lo0 192.168.10.0/28  link#9      U     0   817  ue1 192.168.10.1   link#9      UHS    0    0  lo0 205.171.2.65   68.184.84.1    UGHS    0  2606  em0 Internet6: Destination           Gateway           Flags   Netif Expire default             2602:100:4472:a501::     UGS  wan_stf ::1               ::1             UH     lo0 2602:100::/32          link#10           U   wan_stf 2602:100:44b8:yyyy::       link#10           UHS    lo0 => 2602:100:44b8:yyyy::/64     link#1            U     re0 2602:100:44b8:yyyy::1      link#1            UHS    lo0 fe80::%re0/64          link#1            U     re0 fe80::1:1%re0          link#1            UHS    lo0 fe80::21c:c0ff:fe7f:6457%re0   link#1            UHS    lo0 fe80::%em0/64          link#2            U     em0 fe80::207:e9ff:fe1f:a948%em0   link#2            UHS    lo0 fe80::%lo0/64          link#6            U     lo0 fe80::1%lo0           link#6            UHS    lo0 fe80::%ue0/64          link#8            U     ue0 fe80::250:b6ff:fe0d:389d%ue0   link#8            UHS    lo0 fe80::%ue1/64          link#9            U     ue1 fe80::214:d1ff:fe1b:86e1%ue1   link#9            UHS    lo0 ff01::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff01::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff01::%lo0/32          ::1             U     lo0 ff01::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff01::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1 ff02::%re0/32          fe80::21c:c0ff:fe7f:6457%re0 U     re0 ff02::%em0/32          fe80::207:e9ff:fe1f:a948%em0 U     em0 ff02::%lo0/32          ::1             U     lo0 ff02::%ue0/32          fe80::250:b6ff:fe0d:389d%ue0 U     ue0 ff02::%ue1/32          fe80::214:d1ff:fe1b:86e1%ue1 U     ue1
tcpdumps:
tcpdump -nnvvi re0 proto 41 tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 2020 packets received by filter 0 packets dropped by kernel tcpdump -nnvvi em0 proto 41 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 1802 packets received by filter 0 packets dropped by kernel tcpdump -ni wan_stf tcpdump: WARNING: wan_stf: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wan_stf, link-type NULL (BSD loopback), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
/tmp/rules.debug
#System aliases loopback = "{ lo0 }" WAN = "{ em0 wan_stf }" LAN = "{ re0 }" WLAN = "{ ue1 }" PHONEDMZ = "{ ue0 }" # Gateways GWWAN_6RD = " route-to ( wan_stf 2602:100:4472:a501:: ) " GWWAN_DHCP = " route-to ( em0 68.184.84.1 ) " # IPv6 ICMP is not auxilary, it is required for operation # See man icmp6(4) # 1  unreach    Destination unreachable # 2  toobig     Packet too big # 128 echoreq    Echo service request # xxx echorep    Echo service reply # 133 routersol   Router solicitation # 134 routeradv   Router advertisement # 135 neighbrsol   Neighbor solicitation # 136 neighbradv   Neighbor advertisement pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state # Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {xxx,133,134,135,136} keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {xxx,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state # We use the mighty pf, we cannot be fooled. block quick inet proto { tcp, udp } from any port = 0 to any block quick inet proto { tcp, udp } from any to any port = 0 block quick inet6 proto { tcp, udp } from any port = 0 to any block quick inet6 proto { tcp, udp } from any to any port = 0 # loopback pass in on $loopback inet all label "pass IPv4 loopback" pass out on $loopback inet all label "pass IPv4 loopback" pass in on $loopback inet6 all label "pass IPv6 loopback" pass out on $loopback inet6 all label "pass IPv6 loopback" # let out anything from the firewall host itself and decrypted IPsec traffic pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself" pass out route-to ( em0 68.184.84.1 ) from 68.184.84.xxx to !68.184.84.0/22 keep state allow-opts label "let out anything from firewall host itself" pass out route-to ( wan_stf 2602:100:4472:a501:: ) inet6 from 2602:100:44b8:yyyy:: to !2602:100:44b8:yyyy::/64 keep state allow-opts label "let out anything from firewall host itself" # make sure the user cannot lock himself out of the webConfigurator or SSH pass in quick on re0 proto tcp from any to (re0) port { 443 22 } keep state label "anti-lockout rule"
radvd.conf :
# Automatically Generated, do not edit # Generated for DHCPv6 Server lan interface re0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvLinkMTU 1500; AdvDefaultPreference medium; prefix 2602:100:44b8:5481::/64 { DeprecatePrefix on; }; route ::/0 { RemoveRoute on; }; RDNSS 2602:100:44b8:5481::1 { }; DNSSL localdomain { }; };
dhcpdv6.conf :
option domain-name "localdomain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 2602:100:44b8:5481::/64 { range6 2602:100:44b8:5481::1000 2602:100:44b8:5481::2000; option dhcp6.name-servers 2602:100:44b8:5481::1; }
-
What have you configured as your 6rd border ipv4 gateway?
-
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd Border Relay. If you are interested in participating in our early trials and own a device that supports 6RD use this configuration information to begin experiencing the Next Generation Internet:6rd Prefix = 2602:/32
  Border Relay Address = 68.114.165.1
  6rd prefix length = 32
  IPv4 mask length = 0Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
-
Can you try issuing these commands until it works:
1- route add -inet6 default 260244b8:yyyy::1
Check if it works
2 - ifconfig wan_stf inet6 260244b8:yyyy:0::1/32
Check if it works
3 - route add -inet6 default 260244b8:yyyy::68.114.165.1
Check if it works -
Didn't have much luck, none of those worked.
route add -inet6 default 260244b8:yyyy::1
route: writing to routing socket: File exists
add net default: gateway 260244b8:yyyy::1: route already in tableping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
12 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
12 packets transmitted, 0 packets received, 100.0% packet lossifconfig wan_stf inet6 260244b8:yyyy:0::1/32
ifconfig: ioctl (SIOCAIFADDR): File existsping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet lossroute add -inet6 default 260244b8:yyyy::68.114.165.1
route: writing to routing socket: File exists
add net default: gateway 260244b8:yyyy::68.114.165.1: route already in tableping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss -
Ah you should delete the default gateway before trying route add :)
or issue 'route change' instead of 'route add'
-
Same result
route change -inet6 default 260244b8:yyyy::1
change net default: gateway 260244b8:yyyy::1ping6 2607:f428:1::5353:1
6 packets transmitted, 0 packets received, 100.0% packet lossifconfig wan_stf inet6 260244b8:yyyy:0::1/32
ifconfig: ioctl (SIOCAIFADDR): File existsping6 2607:f428:1::5353:1
3 packets transmitted, 0 packets received, 100.0% packet lossroute change -inet6 default 260244b8:yyyy::68.114.165.1
change net default: gateway 260244b8:yyyy::68.114.165.1ping6 2607:f428:1::5353:1
7 packets transmitted, 0 packets received, 100.0% packet loss -
Can you give me access to the system as well its easier that way.
-
I'm pretty sure the 6rd patch change on January 25 broke these. I just reverted those.
edit: change backed out, don't upgrade to Saturday's snapshot if using 6rd.
-
Don't upgrade if using 6rd at all for the moment. That change resulted in a kernel panic reboot loop when connecting to 6rd on Saturday's snapshot. I reverted things back to where they were a couple days ago. Sunday's snapshot should be fine, but probably want to wait to hear back from someone here.
-
No Panic with the latest, but no IPv6. I've run the tests prescribed earlier (manually setting routes) with no effect.