Routing IPv6 over GRE - Default Gateway gets overwritten by remote host



  • I have native IPv6 at my office, and would like to have it at home as well. The provider at home does not provide IPv6.
    Since the office network is big enough (/48), and I already have an IPSEC tunnel between them, I thought I could give a portion of the network to my home space.

    Information:
    Site A (office) -
    IPv6 network : FE80.***.A::/48, with FE80.***.A.1::/64 being used for the office network.
    10.999.999.0/24 as IPv4 office network.
    pfSense 2.1

    Site B (home) -
    10.888.888.0/24 as IPv4 network.
    FE80.***.A.2::/64 as home network
    pfSense 2.1

    IPSec tunnel IPv4 between them.

    GRE tunnel over IPsec - 10.777.777.1 - 10.777.777.2 /30

    OPT1 (GRE) - FE80.***.5000.1/64 Site A (no IPv4)
    OPT1 (GRE) - FE80.***.5000.2/64 Site B (no IPv4)

    On Router A I have added a static route to FE80.***.2::/64 via FE80.***.5000.1

    This set up allows me to delegate IPv6 addresses to my home network. The connection remains stable and IPv4 connection works well. When I set the route for the IPv6 addresses, the default gateway on router A changes to be FE80.***.5000.2. Basically the remote router is overwriting my local router.

    It seems as though somewhere along the way, router B manages to persuade router A that all traffic should be routed into a smaller subnet. If I remember correctly smaller subnets take precedence, but this time the smaller subnet is replacing the default route. Is this expected behavior or a (severe) bug?

    I am happy to provide more information should it be necessary



  • fe80:: is link local meaning no direct connectivity with the Internet. You can read more in this cheat sheet http://www.roesen.org/files/ipv6_cheat_sheet.pdf
    Is it Internet connectivity you want to achieve?
    At your office you can test for IPv6 connectivity to the outside world by checking out http://test-ipv6.com/



  • I have IPv6 connectivity in the office. This is NOT the problem.
    The problem is that is LOSE IPv6 connectivity when I add the GRE-tunneled IPv6 at my home. The default route of the office router is OVERWRITTEN by the router at my home.

    The FE80 addresses were just misused to anonymize my real IPs



  • @mix_room:

    I have IPv6 connectivity in the office. This is NOT the problem.
    The problem is that is LOSE IPv6 connectivity when I add the GRE-tunneled IPv6 at my home. The default route of the office router is OVERWRITTEN by the router at my home.

    The FE80 addresses were just misused to anonymize my real IPs

    Well, some people in the forum think they have IPv6 connectivity because they see fe80 linked to their NICs.
    That is why I asked and provided some info. :-)

    I have no experience with GRE. But two things.
    There have been several bugfixes between 2.1 and 2.1.1 that was released recently. Among 2 - 3 fixes for GRE. Give it a try and see if the problem is still there.
    https://redmine.pfsense.org/projects/pfsense/roadmap#2.1.1
    The other thing - mostly as a workaround - not a cure - you could afterwards try making a static route in System - Routing - Static Routes in case the update to 2.1.1 didn't work.



  • The problem only got worse with 2.1.1 the OPT1 interface no longer accepts input from the form. Probably time to post a bug-report



  • The problem seems to have been resolved in 2.1.1, as the tunnel now works without setting the default gateway. The manner in which the OPT-interface can have its IPs set has changed from 2.1 to 2.1.1


Log in to reply