6RD connection without using 6RD to configure it - Possible?

  • Hi guys,

    I'm using a very old build of pfsense 2.1 from back in January 2013 that has working 6RD support. At some point in the development process something changed that broke 6RD and it was not able to get fixed in time for the 2.1 release. Kind of bums me out given that it seems to have been working without issue for me for something like the last 2 years, but fixing it was pushed off to 2.2. Given that I would very much like to get 6RD working I've been looking at other alternatives and ways to make this work on 2.1.

    I happened to come across this:


    which apparently gets you a 6RD connection without using 6RD to set the connection up, but the document refers to using a (linux) "sit" interface, which pfsense\FreeBSD doesn't seem to use.

    I'm hoping that someone could perhaps take a look at the above doc and maybe let me know if it would be possible to adapt those instructions to configuring an interface on my pfsense box that would get me my ipv6 connection without using 6RD to set it up.

    I'd certainly appreciate hearing any thoughts or observations you might have on how to do this or if it's even possible.

    Thank you!


  • I came across that post as I was reading about pfsense and 3rd. I think the sit interface is analogous to stf in freebsd. It seems to me when you enable 6RD on pfsense 2.1 the stf (wan_stf) interface is created correctly, however if I tcpdump on that interface there is no traffic whatsoever going through it. I can see a lot of ipv6 chatter on the lan side. It is almost like it is missing a route, between the lan interface and wan_stf but the default ipv6 route in the routing table seems correct. So I am at loss. I would like to know further info on what the packet fragmentation issue mentioned in the redmine bug report may be. Here the issue does not seem to be lost packets due to fragmentation, but rather no packets going through the stf interface at all. I do not have any other router 3RD capable so I cannot test the centurylink 6RD link, but from what I gather from other posts once you use the correct configuration it should just work without needng anything configured from centurylink side (i.e a static ipv4 address).

  • Hi jjstecchino,

    All I can say is my setup from January 2013 seems to be working great….if there is some fragmentation issue either I'm not seeing it or it's not severe enough to cause me troubles with the amount of ipv6 traffic I'm passing.

    I sure to wish I could get another sentence or 2 from the devs about what they suspect the problem is or where to start looking. Outside of the 6RD breakage my experience with ipv6 has been almost trouble-free.


  • So you are using 6RD with a pfsense version before 6RD broke?
    It would be interesting to find out what has changed in the 6RD implementation.
    By any chance you would not have an iso or nano image with the working 6RD?
    I would love to install and play with it.

  • Hi jjstecchino,

    That's correct, I'm using pfSense 2.1-BETA1 from January 18th 2013 and 6RD works just fine. I have no idea what changed to break it….I was in the habit of updating about once a week and one day it worked the next it didn't. Thank god for snapshots in ESXi so I was able to roll right back to a working install.

    Unfortunately I don't have an old install .iso, all I have is my vm. I suppose I could look into cloning it, resetting it to defaults & zipping it up for you if a ESXi virtual machine would be of interest.


  • If it helps, I looked back through my downloads list and found the i386 and amd64 variants (full live cd) of the 12/19/2012 build of 2.1 beta 1. It's a little older than the 1/18/2013 version you're looking for and I don't know what may or may not be broken on it but it's an option. Not sure if I can post it or not (I can, just not sure if it's allowed).


  • A big issue with 6rd is clients tend to start fragmenting traffic, which will all be blocked with current pf versions, so you end up with very problematic IPv6 via 6rd even when it apparently did work. That part is scheduled to be fixed in 2.2 before its release.

    You might want to grab the most recent 2.2 snapshot and give things a try there, given the base OS is significantly different.

  • Let me give 2.2 alpha a whirl and see how it goes. I tried one of the first snapshots as it was released and it was still very very rough.  I didnt try 6rd though. What is the problem with 2.1 ? is it the underlying freebsd 8.3?

    @Joel: Ill be glad to try the 386 version. I run pfsense on some old firebox which do not have amd64 support. Thanks

  • I installed the alpha from 17th of April just now. 6RD is still not working, but it does not seem exactly the same either. A few examples:

    A promising log entry:
    php: rc.bootup: ROUTING: setting IPv6 default route to 2a01:79d:3e85:a408::

    wan_stf is gone from ifconfig, and no ipv6 config apart from fe80 (local link) addresses are seen.

    The IPv6 address is gone from status | dashboard | wan.

    These two last problems are probably related to 6rd failing on creation, I have posted this issue in https://forum.pfsense.org/index.php?topic=75707.0

Log in to reply