6RD on Centurylink not working. Am I missing something?

jjstecchino

I am trying to configure ipv6 through a 6rd centurylink tunnel. I am using pfsense 2.1.1 RELEASE.

My settings are :

WAN ipv6: 6rd tunnel
6RD prefix: 2602::/24
6RD Border Relay: 205.171.2.64
6RD IPv4 Prefix length: 0 bits

LAN ipv6: track WAN

WAN interface has

ipv6 address: 2602:47:3002:2a00::
subnet mask ipv6: 24
ipv6 gateway: 2602:47:3002:2a00::205.171.2.64

LAN
ipv6 address:2602:47:3002:2a00::1
subnet mask ipv6: 64

The routing table has the following ipv6 routes:
default 2602:47:3002:2a00::cdab:240 UGS 0 57 1500 sk1
::1 :1 UH 0 0 16384 lo0
2602::/24 link#16 U 0 0 1280 wan_stf
2602:47:3002:2a00:: 2602:47:3002:2a00::cdab:240 UGHS 0 2197 16384 lo0 =>
2602:47:3002:2a00::/64 link#6 U 0 940 1500 sk1
2602:47:3002:2a00::1 link#6 UHS 0 3 16384 lo0

Computers on my network are obtaining ipv6 in the 2602:47:3002:2a00:: subnet. so radvd appears to be working.
I can ping6 the LAN address
Can't ping any address outside my network. not even the ipv6 isp gateway which apparently does not respond to ping anyway. nothing appears o be getting blocked in my firewall logs. It is like nothing is going through the tunnel.

Am I missing something or 6rd is just not working on centurylink? Or is it the same old bug that has been reported more than a year ago?

I spent a few days on this without getting nowhere. Any help appreciated

Thanks

survive

Hi jjstecchino,

I'd guess it's still the same year-old bug. I've tried 2.1.1 and it seems to fail the same way all the 2.1 build have since back in Jan-Feb 2013.

Given the lack of any specific detail about why it's failing I'd imagine you are going to have to dio a tunnel to HE.net if you want your ipv6.

-Will

jjstecchino

this is too bad. 6rd from the isp is much faster than a hurricane electric tunnel. i thought that having a working 6rd solution in pfsense would have been a priority at this stage of ipv6 deployment where many isps are offering 3rd but are not quite ready for native ipv6 deployent

survive

Hi jjstecchino,

Indeed, at the rate things are going I fear that I'll have native ipv6 from my ISP before I can get 6RD working with a current release of pfSense. That said, I suspect there are some users who have 6RD working and we just happen to have a weird-enough setup that we don't. I got some feedback last year that indicated there could be a configuration issue but I was never able to get anything more specific that might help me narrow down what the issue could be.

It even looks like you can sort-of trick a router\firewall into doing 6RD without actually using 6RD per my post here:

https://forum.pfsense.org/index.php?topic=72382.0

but I have no idea how to make pfSense actually do that.

-Will

eri--


default                             2602:47:3002:2a00::cdab:240          UGS           0          57         1500         sk1    
::1                                 :1                                                    UH             0          0           16384       lo0    
2602::/24                      link#16                                             U               0          0           1280         wan_stf    
2602:47:3002:2a00::        2602:47:3002:2a00::cdab:240          UGHS         0          2197      16384       lo0   =>
2602:47:3002:2a00::/64 link#6                                             U                0          940        1500          sk1

Can you try changing your default gw to reside on wan_stf.


2602:47:3002:2a00::/64 link#6                                             U                0          940        1500          sk1

To use as well wan_stf as interface?

I think that might solve your issues.

survive

Hi ermal,

I believe I've tried setting the gateway to wan_stf before & that didn't work, but I'm not quite sure I was looking in the right spot.

I've created a fresh install of 2.1.2 and uploaded my existing config and I can see that I have the proper IP addresses in the console display (ipv6 info appears proper of both the WAN & LAN interfaces). If I go to System - Routing I have 2 gateways listed (WAN_DHCP & WAN_6RD) if I edit the WAN_6RD gateway I can see a spot for a gateway IP address, but there's nothing that looks like I could specify a proper interface device.

Is this the right place to be looking & if not could you please tell me where I need to change the gateway to wan_stf?

-Will

Fegu

Hi, I am experiencing the same problems you do and suspect them to be related to the same infamous bug #2882 (https://redmine.pfsense.org/issues/2882)

I want to connect to a network with these 6RD settings on WAN:

IPv4 BR: 213.167.115.92
IPv4 Prefix: 0
IPv6 Prefix: 2a01:79c::
IPv6 Prefix Length: 30
IPv6 DNS: 2a01:798:0:8012::4

In the WAN settings page I have entered:

6RD prefix: 2a01:79c::/30
6RD Border relay: 213.167.115.92
6RD IPv4 Prefix length: 0

Running ifconfig in the shell we can see:

wan_stf: flags=4001 <up,link2>metric 0 mtu 1280
inet6 2a01:79d:3e85:a408:: prefixlen 30
nd6 options=3 <performnud,accept_rtadv>v4net 0.0.0.0/0
v4br 213.167.115.92

Pinging pfSense server works ok. This is the only thing that works ok. All external addresses fail and test-ipv6.com gives 0/10.

On the LAN side I have tried DHCP6 (with several of the RA-options) and Track Interface.

Let me know if I can do anything to add something to this issue.</performnud,accept_rtadv></up,link2>

survive

Hi guys,

So can anyone give me some idea where I should change the gateway to wan_stf as ermal suggested earlier in the thread? I'm stumped trying to find it and it's killing me thinking that I could be one single setting away from working 6RD on 2.1.2!

-Will