Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Need some help with HE.net routed /48 on LAN with DHCPv6

E
eleitl last edited by

I've got a /64 and /48 from HE.net tunnelbroker, and followed
https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

The tunnel is working (I can ping6 everything fine, including
DNS name resolution), I've put a static address from my /48 on
the LAN, and DHCPv6 does assign addresses from that /48 to
machines on LAN (from a /56 ff00:0000:0000:0000:0000
to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
to outside from any LAN machines. Windows says helpful
things like PING: transmit failed. General failure.

Any hints?
Reply Quote 0
1 Reply Last reply
E
eleitl last edited by

I've got the following response on the pfsense mailing list which helped me a bit

Olivier Mascia om@tipgroup.com via leitl.org
6:54 AM (13 hours ago)

to pfSense
Le 3 oct. 2013 à 13:26, Eugen Leitl eugen@leitl.orga écrit :

I've got a /64 and /48 from HE.net tunnelbroker, and followed
https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

The tunnel is working (I can ping6 everything fine, including
DNS name resolution), I've put a static address from my /48 on
the LAN, and DHCPv6 does assign addresses from that /48 to
machines on LAN (from a /56 ff00:0000:0000:0000:0000
to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
to outside from any LAN machines. Windows says helpful
things like PING: transmit failed. General failure.

// I’m no expert, just sharing some past-experience that may or not apply to your case. //

Assuming Firewall LAN rules have been adjusted to permit that kind (or all) outgoing IPv6 traffic… start by checking you have an IPv6 gateway defined on those windows machines. DHCPv6 won’t allow you to set it. You can get pfSense to serve it to your LAN through router advertisements.
See Services - DHCPv6 Server/RA and concentrate on LAN / Router advertisements. Managed mode should be an appropriate start if you have a DHCPv6 serving your LAN. Might have to reboot windows computers or at the very least do ipconfig /release6 and ipconfig /renew6.

__
Olivier Mascia
integral.be

List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list /eugen@leitl.org
Reply Quote 0
1 Reply Last reply
E
eleitl last edited by

Router Advertisements set to managed resulted in globally routed/reachable local IPv6 addresses (i.e. not from the /48) but it's good enough for time being.
Reply Quote 0
1 Reply Last reply
D
David_W last edited by

If you go into the Firewall -> Virtual IP screen and add the entire /48 as an Other type Virtual IP on the tunnel interface, hopefully things will then start to work.
Reply Quote 0
1 Reply Last reply

4
Posts

1826
Views

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

1 / 1