PfSense 2.1 / OpenVPN / IPv6 / Viscosity
I've got IPv6 running just fine on our Wifi segment (10/10 on http://test-ipv6.com/), and an OpenVPN server working great with IPv4, when doing remote connections with my Mac and Viscosity.
I have a hard time trying to add IPv6 support on my remote OpenVPN connections. I have filled up all IPv6 stuff on the OpenVPN server, enabled IPv6 in Viscosity, made sure the firewall passes IPv6 on the OpenVPN interface, but I cannot even ping my internal IPv6 address.
Before I dig deeper into that: is that supposed to work? Is there a problem I am not aware of maybe?
I haven't been able to configure my pfSense 2.1 box in order to have IPv6 access from a remote location, on a "tun" link. I have to ask this question in a forum related to Viscosity, the OpenVPN client I use.
Some more news, sorry for the spam:
When pinging an IPv6 address from a remote location, I can see my ICMP6 echo request being sent through my local tun0 adapter. But on my pfSense box, I'm unable to see a trace of these packets when using Diagnostic -> Packets capture. It looks like there are lost somewhere.
With IPv4 pings, which work just fine, I can follow these packets both on the local tun0 adapter, and when doing a pfSense packets capture for the "OpenVPN Server:" interface.
I just posted a simple description on the viscosity forum how I moved from a working (tun)
ipv4 openvpn setup to my mac using 2.1.3 and viscosity to a setup where I got both v4 and
v6 through the tunnel working great !
Note that you need both add a firewall rule for allowing ipv4 and ipv6 on the openvpn
interface in pfsense !
I added comment to your post on the other forum.
I have v6-over-v4 working with this configuration:
push "redirect-gateway-ipv6 def1"; push "route-ipv6 2000::/3"; <<<----- Global Unicast Address
Of course the IPv6 prefix (in the screen shot) is unique from the LAN. I get a /60 from DHCP-PD.
Just FYI: I also have a second OpenVPN instance running for v4-over-v6. One thing I found was that you need to use tcp6. If you use udp6, there is very nasty interface looping.