IPv6 Tunnel Broker not working - Ping return code -1
-
Hello,
I've setup and run an IPv6 tunnel through HE.net before using this doc:
https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker
I ran through again on my pfSense 2.2.2 box and I can't get it to work. It looks like the tunnel is partially up, but the gateway is not reachable. Then when I try to ping the IPv6 gateway I get a return code of -1. I can't find any info on Google about a -1 return code.
PING6(56=40+8+8 bytes) 2001:470:1c:c84::2 --> 2001:470:1c:c84::1 ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1 ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1 ping6: wrote 2001:470:1c:c84::1 16 chars, ret=-1 --- 2001:470:1c:c84::1 ping6 statistics --- 3 packets transmitted, 0 packets received, 100.0% packet lossI'm also seeing this in the logs:
kernel: cannot forward src fe80:2::20c:29ff:fe2a:fba2, dst 2001:0:9d38:6abd:307a:377a:a785:7ba6, nxt 6, rcvif vmx1, outif gif0Which is bizarre. I don't know why pfSense is trying to foward link-local out to the internet.
I have IPv6 enabled in my advanced settings. I can post my full config if needed, but I was wondering if that -1 return code means something.
Tyler
-
So I configured my LAN interface with my assigned IPv6 address and the kernel "cannot forward" messages went away, but I still cannot ping my IPv6 gateway.
Attaching screenshot of the gateway status screen.
-
Before doing anything else, have you rebooted the box???
-
Yeah. I also removed all tunnel config, rebooted, added config and rebooted again. No change.
-
Well, then flush it down the drain and do it again, properly this time. The howto just works. Done on loads of boxes.
-
I have flushed it. Twice! I can't figure it out. I started with a fresh install of 2.2. Upgraded to 2.2.2 and tried IPv6. Then I formatted and started fresh with 2.2.2 and still no go. Same symptoms both times. I can't ping my v6 gateway.
The howto was for 2.1. I know 2.2 puts in this weird IPv4 gateway that isn't mentioned. Could that be causing issues?
-
No. Just disable monitoring there and force it down. I filed a bug about this useless thing many months ago, nothing happened so far.
-
yeah I kind of recalled that discussion dok, that was quite some time ago.
More of an annoyance than any real issue - shows up on your dashboard if you don't down it.
I have never had any issues with setting up HE tunnels.. Pretty clickity clickity with not much too it. What guide you looking at, I can go through it and update it be current with 2.2.2 screenshots, etc. and reword anything that might of changed a bit.
But to be honest should still be valid.
I would document your steps and post them here and we can point out what your doing wrong, or what might be the problem.
https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
Quick glance and looks like the required steps are there. Is the /128 throwing you? Per HE that should be /64 and that is what I have set.. it sets it to /128 though even if you put /64 - see 2nd attachment.
-
The gif tunnel being /128 is fine.
kernel: cannot forward src fe80:2::20c:29ff:fe2a:fba2, dst 2001:0:9d38:6abd:307a:377a:a785:7ba6, nxt 6, rcvif vmx1, outif gif0Which is bizarre. I don't know why pfSense is trying to foward link-local out to the internet.
Because something is sourcing traffic from its link-local IP destined to its LAN MAC. This looks like what'd happen if you didn't configure your routed /64 on your LAN interface, or didn't configure RAs or DHCPv6 to assign IPv6 IPs to clients.
