Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need some help with HE.net routed /48 on LAN with DHCPv6

    IPv6
    2
    4
    1852
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eleitl last edited by

      I've got a /64 and /48 from HE.net tunnelbroker, and followed
      https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

      The tunnel is working (I can ping6 everything fine, including
      DNS name resolution), I've put a static address from my /48 on
      the LAN, and DHCPv6 does assign addresses from that /48 to
      machines on LAN (from a /56 ff00:0000:0000:0000:0000
      to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
      to outside from any LAN machines. Windows says helpful
      things like PING: transmit failed. General failure.

      Any hints?

      1 Reply Last reply Reply Quote 0
      • E
        eleitl last edited by

        I've got the following response on the pfsense mailing list which helped me a bit

        Olivier Mascia om@tipgroup.com via leitl.org
        6:54 AM (13 hours ago)

        to pfSense
        Le 3 oct. 2013 à 13:26, Eugen Leitl eugen@leitl.orga écrit :

        I've got a /64 and /48 from HE.net tunnelbroker, and followed
        https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

        The tunnel is working (I can ping6 everything fine, including
        DNS name resolution), I've put a static address from my /48 on
        the LAN, and DHCPv6 does assign addresses from that /48 to
        machines on LAN (from a /56 ff00:0000:0000:0000:0000
        to ffff:ffff:ffff:ffff:ffff). However, can't get IPv6 traffic
        to outside from any LAN machines. Windows says helpful
        things like PING: transmit failed. General failure.

        // I’m no expert, just sharing some past-experience that may or not apply to your case. //

        Assuming Firewall LAN rules have been adjusted to permit that kind (or all) outgoing IPv6 traffic…  start by checking you have an IPv6 gateway defined on those windows machines.  DHCPv6 won’t allow you to set it.  You can get pfSense to serve it to your LAN through router advertisements.
        See Services - DHCPv6 Server/RA and concentrate on LAN / Router advertisements.  Managed mode should be an appropriate start if you have a DHCPv6 serving your LAN.  Might have to reboot windows computers or at the very least do ipconfig /release6 and ipconfig /renew6.

        __
        Olivier Mascia
        integral.be

        List mailing list
        List@lists.pfsense.org
        http://lists.pfsense.org/mailman/listinfo/list/eugen@leitl.org

        1 Reply Last reply Reply Quote 0
        • E
          eleitl last edited by

          Router Advertisements set to managed resulted in globally routed/reachable local IPv6 addresses (i.e. not from the /48) but it's good enough for time being.

          1 Reply Last reply Reply Quote 0
          • D
            David_W last edited by

            If you go into the Firewall -> Virtual IP screen and add the entire /48 as an Other type Virtual IP on the tunnel interface, hopefully things will then start to work.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post