PfSense 2.1 / OpenVPN / IPv6 / Viscosity



  • Hi,

    I've got IPv6 running just fine on our Wifi segment (10/10 on http://test-ipv6.com/), and an OpenVPN server working great with IPv4, when doing remote connections with my Mac and Viscosity.

    I have a hard time trying to add IPv6 support on my remote OpenVPN connections. I have filled up all IPv6 stuff on the OpenVPN server, enabled IPv6 in Viscosity, made sure the firewall passes IPv6 on the OpenVPN interface, but I cannot even ping my internal IPv6 address.

    Before I dig deeper into that: is that supposed to work? Is there a problem I am not aware of maybe?



  • Hi again,

    I haven't been able to configure my pfSense 2.1 box in order to have IPv6 access from a remote location, on a "tun" link. I have to ask this question in a forum related to Viscosity, the OpenVPN client I use.



  • Some more news, sorry for the spam:

    When pinging an IPv6 address from a remote location, I can see my ICMP6 echo request being sent through my local tun0 adapter. But on my pfSense box, I'm unable to see a trace of these packets when using Diagnostic -> Packets capture. It looks like there are lost somewhere.

    With IPv4 pings, which work just fine, I can follow these packets both on the local tun0 adapter, and when doing a pfSense packets capture for the "OpenVPN Server:" interface.



  • Hi all,

    I just posted a simple description on the viscosity forum how I moved from a working (tun)
    ipv4 openvpn setup to my mac using 2.1.3 and viscosity to a setup where I got both v4 and
    v6 through the tunnel working great !

    Note that you need both add a firewall rule for allowing ipv4 and ipv6 on the openvpn
    interface in pfsense !

    See: http://www.sparklabs.com/forum/viewtopic.php?f=3&t=1381

    Rudi



  • I added comment to your post on the other forum.

    I have v6-over-v4 working with this configuration:

    push "redirect-gateway-ipv6 def1";
    push "route-ipv6 2000::/3";    <<<-----  Global Unicast Address
    

    Of course the IPv6 prefix (in the screen shot) is unique from the LAN.  I get a /60 from DHCP-PD.

    Just FYI:  I also have a second OpenVPN instance running for v4-over-v6.  One thing I found was that you need to use tcp6.  If you use udp6, there is very nasty interface looping.