Need some help with HE.net routed /48 on LAN with DHCPv6



  • I've got a /64 and /48 from HE.net tunnelbroker, and followed
    https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

    The tunnel is working (I can ping6 everything fine, including
    DNS name resolution), I've put a static address from my /48 on
    the LAN, and DHCPv6 does assign addresses from that /48 to
    machines on LAN (from a /56 ff00:0000:0000:0000:0000
    to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
    to outside from any LAN machines. Windows says helpful
    things like PING: transmit failed. General failure.

    Any hints?



  • I've got the following response on the pfsense mailing list which helped me a bit

    Olivier Mascia om@tipgroup.com via leitl.org
    6:54 AM (13 hours ago)

    to pfSense
    Le 3 oct. 2013 à 13:26, Eugen Leitl eugen@leitl.orga écrit :

    I've got a /64 and /48 from HE.net tunnelbroker, and followed
    https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

    The tunnel is working (I can ping6 everything fine, including
    DNS name resolution), I've put a static address from my /48 on
    the LAN, and DHCPv6 does assign addresses from that /48 to
    machines on LAN (from a /56 ff00:0000:0000:0000:0000
    to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
    to outside from any LAN machines. Windows says helpful
    things like PING: transmit failed. General failure.

    // I’m no expert, just sharing some past-experience that may or not apply to your case. //

    Assuming Firewall LAN rules have been adjusted to permit that kind (or all) outgoing IPv6 traffic…  start by checking you have an IPv6 gateway defined on those windows machines.  DHCPv6 won’t allow you to set it.  You can get pfSense to serve it to your LAN through router advertisements.
    See Services - DHCPv6 Server/RA and concentrate on LAN / Router advertisements.  Managed mode should be an appropriate start if you have a DHCPv6 serving your LAN.  Might have to reboot windows computers or at the very least do ipconfig /release6 and ipconfig /renew6.

    __
    Olivier Mascia
    integral.be


    List mailing list
    List@lists.pfsense.org
    http://lists.pfsense.org/mailman/listinfo/list/eugen@leitl.org



  • Router Advertisements set to managed resulted in globally routed/reachable local IPv6 addresses (i.e. not from the /48) but it's good enough for time being.



  • If you go into the Firewall -> Virtual IP screen and add the entire /48 as an Other type Virtual IP on the tunnel interface, hopefully things will then start to work.


Log in to reply