6RD on Centurylink not working. Am I missing something?



  • I am trying to configure ipv6 through a 6rd centurylink tunnel. I am using pfsense 2.1.1 RELEASE.

    My settings are :

    WAN ipv6: 6rd tunnel
    6RD prefix: 2602::/24
    6RD Border Relay: 205.171.2.64
    6RD IPv4 Prefix length: 0 bits

    LAN ipv6: track WAN

    WAN interface has

    ipv6 address: 2602:47:3002:2a00::
    subnet mask ipv6: 24
    ipv6 gateway: 2602:47:3002:2a00::205.171.2.64

    LAN
    ipv6 address:2602:47:3002:2a00::1
    subnet mask ipv6: 64

    The routing table has the following ipv6 routes:
    default                        2602:47:3002:2a00::cdab:240          UGS          0          57        1500        sk1
    ::1                                :1                                                    UH            0          0          16384      lo0
    2602::/24                      link#16                                            U              0          0          1280        wan_stf
    2602:47:3002:2a00::     2602:47:3002:2a00::cdab:240          UGHS        0          2197      16384      lo0 =>
    2602:47:3002:2a00::/64 link#6                                            U             0          940        1500       sk1
    2602:47:3002:2a00::1    link#6                                            UHS          0          3            16384      lo0

    Computers on my network are obtaining ipv6 in the 2602:47:3002:2a00:: subnet. so radvd appears to be working.
    I can ping6 the LAN address
    Can't ping any address outside my network. not even the ipv6 isp gateway which apparently does not respond to ping anyway. nothing appears o be  getting blocked in my firewall logs. It is like nothing is going through the tunnel.

    Am I missing something or 6rd is just not working on centurylink?  Or is it the same old bug that has been reported more than a year ago?

    I spent a few days on this without getting nowhere. Any help appreciated

    Thanks



  • Hi jjstecchino,

    I'd guess it's still the same year-old bug. I've tried 2.1.1 and it seems to fail the same way all the 2.1 build have since back in Jan-Feb 2013.

    Given the lack of any specific detail about why it's failing I'd imagine you are going to have to dio a tunnel to HE.net if you want your ipv6.

    -Will



  • this is too bad. 6rd from the isp is much faster than a hurricane electric tunnel. i thought that having a working 6rd solution in pfsense would have been a priority at this stage of ipv6 deployment where many isps are offering 3rd but are not quite ready for native ipv6 deployent



  • Hi jjstecchino,

    Indeed, at the rate things are going I fear that I'll have native ipv6 from my ISP before I can get 6RD working with a current release of pfSense. That said, I suspect there are some users who have 6RD working and we just happen to have a weird-enough setup that we don't. I got some feedback last year that indicated there could be a configuration issue but I was never able to get anything more specific that might help me narrow down what the issue could be.

    It even looks like you can sort-of trick a router\firewall into doing 6RD without actually using 6RD per my post here:

    https://forum.pfsense.org/index.php?topic=72382.0

    but I have no idea how to make pfSense actually do that.

    -Will



  • 
    default                             2602:47:3002:2a00::cdab:240          UGS           0          57         1500         sk1    
    ::1                                 :1                                                    UH             0          0           16384       lo0    
    2602::/24                      link#16                                             U               0          0           1280         wan_stf    
    2602:47:3002:2a00::        2602:47:3002:2a00::cdab:240          UGHS         0          2197      16384       lo0   =>
    2602:47:3002:2a00::/64 link#6                                             U                0          940        1500          sk1    
    
    

    Can you try changing your default gw to reside on wan_stf.

    
    2602:47:3002:2a00::/64 link#6                                             U                0          940        1500          sk1  
    
    

    To use as well wan_stf as interface?

    I think that might solve your issues.



  • Hi ermal,

    I believe I've tried setting the gateway to wan_stf before & that didn't work, but I'm not quite sure I was looking in the right spot.

    I've created a fresh install of 2.1.2 and uploaded my existing config and I can see that I have the proper IP addresses in the console display (ipv6 info appears proper of both the WAN & LAN interfaces). If I go to System - Routing I have 2 gateways listed (WAN_DHCP & WAN_6RD) if I edit the WAN_6RD gateway I can see a spot for a gateway IP address, but there's nothing that looks like I could specify a proper interface device.

    Is this the right place to be looking & if not could you please tell me where I need to change the gateway to wan_stf?

    -Will



  • Hi, I am experiencing the same problems you do and suspect them to be related to the same infamous bug #2882 (https://redmine.pfsense.org/issues/2882)

    I want to connect to a network with these 6RD settings on WAN:

    IPv4 BR: 213.167.115.92
    IPv4 Prefix: 0
    IPv6 Prefix: 2a01:79c::
    IPv6 Prefix Length: 30
    IPv6 DNS: 2a01:798:0:8012::4

    In the WAN settings page I have entered:

    6RD prefix: 2a01:79c::/30
    6RD Border relay: 213.167.115.92
    6RD IPv4 Prefix length: 0

    Running ifconfig in the shell we can see:

    wan_stf: flags=4001 <up,link2>metric 0 mtu 1280
            inet6 2a01:79d:3e85:a408:: prefixlen 30
            nd6 options=3 <performnud,accept_rtadv>v4net 0.0.0.0/0
            v4br 213.167.115.92

    Pinging pfSense server works ok. This is the only thing that works ok. All external addresses fail and test-ipv6.com gives 0/10.

    On the LAN side I have tried DHCP6 (with several of the RA-options) and Track Interface.

    Let me know if I can do anything to add something to this issue.</performnud,accept_rtadv></up,link2>



  • Hi guys,

    So can anyone give me some idea where I should change the gateway to wan_stf as ermal suggested earlier in the thread? I'm stumped trying to find it and it's killing me thinking that I could be one single setting away from working 6RD on 2.1.2!

    -Will