HE.net Tunnel not working



  • I have a problem with my pfSense 2.1.2 box, I have setup an IPv6-Tunnel according to this guide: https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker
    I had everything working until I had to replace my hard drive and redo everything from scratch. I redid everything according to the afore-mentioned guide, but I don't get any connections to IPv6-sites (like ipv6.google.com), but on my Dashboard it looks like everything is working except the traffic graph shows that nothing is going through the tunnel…




  • Banned

    Have you set the created dynamic gateway as default?



  • Yes, the gateway of the WAN interface and the tunnel are set as default.


  • Banned

    Created IPv6 allow rule on LAN?
    Tried to reboot?



  • Yep, is created.
    The funny thing is, everything worked BEFORE I rebooted it. I set everything up using my Linux Notebook and then everything worked. After shutting it down and booting it up again (I moved the box to another location in my room) the tunnel didn't work at all. When I discovered that I rebooted the machine again multiple times and it still isn't working.


  • Banned

    Rebooted the firewall, not the PCs? Other than that, you need to post some basic diagnostics, not really moving anywhere here.



  • You can't ping ipv6.google.com from pfSense or from the client machines?  If you can from pfSense then it's likely a dhcp/radvd or rules misconfiguration.

    If you can't connect from pfSense:

    1. is IPv6 enabled (System->Advanced, Networking tab, check Allow IPv6)?
    2. Are you allowing IPv4 icmp echo request from HE on your WAN interface?
    3. The guide says not to, but I put my IP address on the interface in the interface configuration page (static IPv6, same address as GIF). Then you can select the gateway.


  • Thank you for your replies, I turned off my firewall (which is basically a PC I used as a monitoring server equipped with a dual-port Intel PRO1000 card from my domain controller), relocated it, connected power and ethernet cables and turned it on. After that boot it didn't work and neither after multiple reboots. I turned the system off for about an hour and did a cold boot. Now, everything is working, I did not change any setting whatsoever (although that is a common excuse, I know), and the funny thing is I don't know why it's working but it is… Will keep an eye on this, though...



  • It looks like I got it permanently fixed, my mistake was to boot up my PC "too early" when the firewall was not yet ready (I shut down the firewall and the PC when I don't need it). For some weird (or not weird) reason my PC didn't get any IPv6-address, it kept sending solicit messages according to the DHCP logs, but never sent a request message…
    After rebooting my PC, according to the logs it sent a solicit message, after receiving the advertise from the firewall it sent a request and got a reply with an IPv6-address and now everything is working... (so I guess it was a layer 8 error...)