Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 Tunnel Broker not working - Ping return code -1

    Scheduled Pinned Locked Moved IPv6
    9 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      furgussen
      last edited by

      Hello,

      I've setup and run an IPv6 tunnel through HE.net before using this doc:

      https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

      I ran through again on my pfSense 2.2.2 box and I can't get it to work.  It looks like the tunnel is partially up, but the gateway is not reachable.  Then when I try to ping the IPv6 gateway I get a return code of -1.  I can't find any info on Google about a -1 return code.

      
      PING6(56=40+8+8 bytes) 2001:470:1c:c84::2 --> 2001:470:1c:c84::1
      ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1
      ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1
      ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1
      
      --- 2001:470:1c:c84::1 ping6 statistics ---
      3 packets transmitted, 0 packets received, 100.0% packet loss
      
      

      I'm also seeing this in the logs:

      kernel: cannot forward src fe80:2::20c:29ff:fe2a:fba2, dst 2001:0:9d38:6abd:307a:377a:a785:7ba6, nxt 6, rcvif vmx1, outif gif0
      

      Which is bizarre.  I don't know why pfSense is trying to foward link-local out to the internet.

      I have IPv6 enabled in my advanced settings.  I can post my full config if needed, but I was wondering if that -1 return code means something.

      Tyler

      1 Reply Last reply Reply Quote 0
      • F
        furgussen
        last edited by

        So I configured my LAN interface with my assigned IPv6 address and the kernel "cannot forward" messages went away, but I still cannot ping my IPv6 gateway.

        Attaching screenshot of the gateway status screen.

        gateway.JPG
        gateway.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Before doing anything else, have you rebooted the box???

          1 Reply Last reply Reply Quote 0
          • F
            furgussen
            last edited by

            Yeah.  I also removed all tunnel config, rebooted, added config and rebooted again.  No change.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Well, then flush it down the drain and do it again, properly this time. The howto just works. Done on loads of boxes.

              1 Reply Last reply Reply Quote 0
              • F
                furgussen
                last edited by

                I have flushed it.  Twice!  I can't figure it out.  I started with a fresh install of 2.2.  Upgraded to 2.2.2 and tried IPv6.  Then I formatted and started fresh with 2.2.2 and still no go.  Same symptoms both times.  I can't ping my v6 gateway.

                The howto was for 2.1.  I know 2.2 puts in this weird IPv4 gateway that isn't mentioned.  Could that be causing issues?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  No. Just disable monitoring there and force it down. I filed a bug about this useless thing many months ago, nothing happened so far.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    yeah I kind of recalled that discussion dok, that was quite some time ago.

                    More of an annoyance than any real issue - shows up on your dashboard if you don't down it.

                    I have never had any issues with setting up HE tunnels..  Pretty clickity clickity with not much too it.  What guide you looking at, I can go through it and update it be current with 2.2.2 screenshots, etc. and reword anything that might of changed a bit.

                    But to be honest should still be valid.

                    I would document your steps and post them here and we can point out what your doing wrong, or what might be the problem.

                    https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker

                    Quick glance and looks like the required steps are there.  Is the /128 throwing you?  Per HE that should be /64 and that is what I have set.. it sets it to /128 though even if you put /64 - see 2nd attachment.

                    ipv4gateway.png
                    ipv4gateway.png_thumb
                    background128.png
                    background128.png_thumb

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      The gif tunnel being /128 is fine.

                      @furgussen:

                      kernel: cannot forward src fe80:2::20c:29ff:fe2a:fba2, dst 2001:0:9d38:6abd:307a:377a:a785:7ba6, nxt 6, rcvif vmx1, outif gif0
                      

                      Which is bizarre.  I don't know why pfSense is trying to foward link-local out to the internet.

                      Because something is sourcing traffic from its link-local IP destined to its LAN MAC. This looks like what'd happen if you didn't configure your routed /64 on your LAN interface, or didn't configure RAs or DHCPv6 to assign IPv6 IPs to clients.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.