PfSense - Hurricane Electric - Tunnel Broker Setup
-
IPv6 dual-stack and tunneling is just sort of inherently complicated.
Hurricane tunnels work just fine on 2.2. I'm posting this to 2610:160:11:11::68.
You'll probably have to provide some details of your config in order for anyone to help you find the mistake.
-
Why don't you post your firewall rules, and other configurations you have been changing here and lets see what it looks like
At minimum 2 people who are currently running that are seeing this thread. Maybe more.
It does work BTW.
-
Ok stand by, I am going to create screenshots of all steps and we can analyze together.
-
Please include what you can from the tunnelbroker config. Thanks.
-
-
Those are all the steps executed like the guide suggests. Did I miss something?
Yes I didnt complete the DHCP part in this iteration. I just want to get IPv6 functionality from pfSense before I add clients to the mix.
-
Let me look at it. In the meantime you might as well go request a /48 in case it takes a few minutes. You'll need it for your LAN(s). Unless all you'll ever have is the one LAN.
-
/48 requested and assigned now…
-
I assume IPV6 is enabled on pfsense at System: Advanced: Networking?
-
yes it is…
-
You need to create a gateway for 2001:470:1f0e:d8e::1
Then add an IPv6 static config to the OPT1 interface you assigned to the GIF tunnel.
Set it to 2001:470:1f0e:d8e::2/64 with the gateway you just created as the upstream gateway.
-
You don't want it on the LAN?
Is your client ipv4 address in HE matching your WAN IP?
I gave /64 to each physical interface (except WAN) and each openvpn interface for myself.
-
I dont understand what you mean by creating a Gateway? Are you talking about editing the gateway address for the existing 'HEIPV6_TUNNELV6' gateway?
Also the created interface for the tunnel is 'heIPv6' not opt1, are you referring to something else?
-
I didn't see you renamed it. Yes, assign the IPv6 static config to your HeIPv6 interface.
-
i have a google hangout if anyone wants to join to help out, https://plus.google.com/hangouts/_/guo7p5otgva35aq22jly7itrpqa
-
on the gateway you have as HEIPV6_TUNNELV6 change the address from dynamic to your interface ::1
-
done
-
You don't want it on the LAN?
Is your client ipv4 address in HE matching your WAN IP?
I gave /64 to each physical interface (except WAN) and each openvpn interface for myself.
We just need to get the tunnel and it's assigned interface up so he can ping his ::1 at hurricane. Then we can dole out /64s out of his shiny new /48 to his local interfaces.
-
on the gateway you have as HEIPV6_TUNNELV6 change the address from dynamic to your interface ::1
received an error…
-
What did you do on the interface then? Needs to be the ::2 /64
