The pfSense Store

Author Topic: IPv6 + HE tunnel --> interface subnet mask = 128  (Read 1204 times)

0 Members and 1 Guest are viewing this topic.

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #15 on: April 16, 2017, 02:25:01 am »
After some tests, autoconfig stateless gives fe80::… (but /64)

Uh eh, no it doesn't. Flush whatever you have set up there down the drain, reboot, and do it again, step by step...  https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker. Reboot.

This works in ~10 different places for me and it works for loads of other people. You are doing something plain wrong.
Do NOT PM for help!

Offline ccomp

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #16 on: April 16, 2017, 05:39:13 am »
I already followed the tutorial for configuring my pFsense. Good tutorial.
Tunnel works fine.

I cannot simply reboot the firewall as well. Many services/servers are running. I have to schedule a period of time (late in the night or early in the morning) to do that.

I have to test step by step…
If I find what the problem was, I will post  new message.

Many thanks for your help.

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #17 on: April 16, 2017, 06:03:00 am »
I already followed the tutorial for configuring my pFsense.

Apparently not properly.
Do NOT PM for help!

Offline ccomp

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #18 on: April 16, 2017, 06:18:12 am »
The future will say…

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14456
  • Karma: +1337/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #19 on: April 16, 2017, 06:24:12 am »
So confused on the use of IPv6 here.. So you have a bunch of servers that your wanting to serve up to the public via ipv6?  And your just waiting for your isp to give you that?  Is that going to be owned by you, or controlled by you?  Or just some random ipv6 they give you?

Do you have ipv6 space registered with arin?  Or same in your region?

How many servers do you have exactly?  Are they in some colo?  Your not using ipv6 anywhere else in your network?  While ok 1 /64 is fine for your typical home user where everything is on same layer 2.  I don't really see how that is viable on any actual network be it home power user or small business etc.. Once you graduate beyond typical home user.. You would have more than 1 segment.  So how exactly are you using just 1 /64?

I play with ipv6 on my home network, and 1 /64 is pointless..  I use a /48 from HE..

While I applaud playing with and attempting to learn IPv6 - I sure and the F would not deploy it in any sort of production network until you are fully up to speed on all of the aspects in doing that.. Sorry but it seems you need a bit more play/study time before any sort of production use..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #20 on: April 16, 2017, 02:47:20 pm »
... Sorry but it seems you need a bit more play/study time before any sort of production use..
... and the good news is : HE.net has everything covered for you - they will actually really cover you !!
It starts here : http://he.net and click on : http://ipv6.he.net/certification and when done, use their "free" tunnel offer.
No more questions ^^ and a very original T-shirt for free.

Offline m3xiz

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: IPv6 + HE tunnel --> interface subnet mask = 128
« Reply #21 on: May 15, 2017, 09:02:00 am »
I am pretty sure there is an issue with the latsest version of pfSense (2.3.4). I cannot put my finger on it. At least not yet.

On my production firewall, I received the IPv6 from my provider using DHCPv6. I also got 128 subnet preventing anything to work. As I also owned a /48 from HE. I installed a second pfsense where I can play with at will using my production firewall to provide DHCPV6 and subnet delegation.

During all my test, I always got a 128 subnet on my test firewall (sniffing the network shows the correct /64 announcement). I try many different configuration without success. Sometimes if I used SLAAC on my test firewall it works fine (reconfiguring the main firewall accordingly) , switching to DHCPv6 seems to provide the correct result...

It is inconsistent and so far I could not create a test that provide each time the same results that would allow a good basis to fill a bug report...

I am still searching but this 128 subnet appears after I installed the latest release. My next step will be to install an older realease on my test firewall....I'll let you know the outcome.