Netgate SG-1000 microFirewall

Author Topic: IPV6 OpenVPN  (Read 404 times)

0 Members and 1 Guest are viewing this topic.

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
IPV6 OpenVPN
« on: January 22, 2018, 12:50:32 pm »
Hey guys, quick question.  I have disabled IPV6 on PFsense as I don't use it. 

I have one instance I need it though.  My Rogers LTE cellphone uses IPV6.  When I want to VPN into my home network and view my IP cameras or anything else it does not connect.  The only way I can connect is to go into my phone's APN settings and turn the one option of IPV6&IPV4 to IPV4 only and I don't really want to do that.

Any help would be much appreciated..

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #1 on: January 22, 2018, 12:56:44 pm »
So guessing its using a ipv6 to ipv4 gateway and there is some problem there when hitting ipv4 vpn.. Are you using udp only, have you tried enable tcp instance to see if that works?

T-mobile went ipv6 only on their cells awhile back.. And there was a bit of a learning curve for their gateway from ipv6 to ipv4...  For a short time I had enabled a ipv6 instance of vpn so I could get in with my phone..  But they corrected their problem and I can now vpn in via ipv6 phone connection to my IPv4 IP on pfsense.

Does your isp support IPv6, or you could setup HE (hurricane electric) ipv6 tunnel to support vpn into your pfsense via that, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1175
  • Karma: +50/-11
    • View Profile
Re: IPV6 OpenVPN
« Reply #2 on: January 22, 2018, 01:30:08 pm »
Do you also use Rogers for Internet?  They also provide IPv6 there, so maybe enabling it is the way to go.

One curious thing I noticed was they used 464XLAT, with a 194.0.0.x address for IPv4 over IPv6, but with the Google Pixel 2 I bought recently, the IPv4 address is in  the 25.112.12.x range, so I'm not sure if they're using 464XLAT or NAT with this phone.  In the settings, the current APN is Rogers Internet ltemobile.apn, though Rogers Tethering ltedata.apn is available.  No idea what the difference is.  My old phone, a Nexus 5, also uses ltemobile.apn.

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #3 on: January 22, 2018, 02:05:06 pm »
I will have a look at the TCP.   I do not think my ISP supports IPv6.  I am on Rogers for cellular but Shaw for home internet.

I was hoping it would be a quick fix.  John, you helped me setup my home network and it is working GREAT.  It is a little complicated with about 6 VLAN's and VPN client and server, i really don't want to mess it up.  I really was hoping I could just tick a button on the Openvpn client export or something along those lines.

Sorry, I forgot to add.. I can connect to my home network with the IPv6, it says connect success, I just cannot do anything..

« Last Edit: January 22, 2018, 02:12:24 pm by xman111 »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #4 on: January 22, 2018, 03:05:00 pm »
So when you connect on your phone it shows you a ipv6 address for the server..  See example of my phone connected via tmobile..

As you see it gives an IPv6 address for the server which is not mine... Owned by tmobile
https://whois.arin.net/rest/net/NET6-2607-7700-1

I can ping into my network when connected to the vpn.. Without any problems.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #5 on: January 22, 2018, 04:06:53 pm »
no doesn't show Ipv6 server. I know that when following a tutorial of setting up AirVPN with pfsense, one of the steps was to disable Ipv6 within pfsense. maybe I should at least start by enabling it.

I do have a tunnel with HE but have not set it up. Do I need the tunnel up and running to vpn into my home network with Ipv6?
« Last Edit: January 22, 2018, 07:18:15 pm by xman111 »

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #6 on: January 22, 2018, 11:02:43 pm »
i got the tunnel up and running and it looks like when i connect i get a ipv6 ip.  I wasn't sure how to setup the ipv6 dhcp server.  Also, i still can't do anything once connected but it looks like i am heading the right way.


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #7 on: January 23, 2018, 04:44:47 am »
There is a big difference between talking ipv6 in the tunnel and to ipv6 clients on the other end of the tunnel and using ipv6 as the method of connecting to the server and routing ipv4 through the tunnel, etc..

Lets forget the whole ipv6 for a bit - you say you connect via IPv4... when your phone is set for ipv6 and ipv4.. But nothing works???  But your server shows you connected.. But you can not ping anything?  What exactly is not working.. Can you ping the end of the tunnel, can you ping pfsense interface on lan side? 

But you say if you set your phone to ipv4 only it works??  What is working exactly?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #8 on: January 23, 2018, 11:26:54 am »
Hey John, when i set my phone to IPV4/IPV6, i can connect to my home network but some things do not work. 


When I use OpenVPN for android:

-I cannot log into PFsense
-I cannot view my cameras
-I can browse the internet


When I use OpenVPN Connect:

-I cannot log into PFsense
-I cannot view my cameras
-I cannot  browse the internet

When I set the phone to IPV4 only, i can do everything.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #9 on: January 23, 2018, 11:33:13 am »
When you say you browse the internet you sure your going over the vpn to do that?

What specific client are you using - What does your routing table look like on your device when you get connected?  The openvpn connect client has been updated recently and they had some growing pains, etc.

I show the current version as 1.2.6
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #10 on: January 24, 2018, 02:29:01 pm »
John,

I am not 100% sure I am going over the VPN.  I just assumed because if I turn it off, it works, turn it on and it doesn't work.  I am trying both OpenVPN for Android and OpenVPN Connect.  I just downloaded OpenVPN Connect for Android and it shows 1.1.27. 

I will have to try to figure out the routing table on the phone, never done that before.


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #11 on: January 24, 2018, 02:57:23 pm »
hurricane electric app will show you that.. give me a sec and take a picture of mine

edit... So take a look at your connection info in your vpn app should see what is being handed out.  And the Hurricane electric app can show you the routes going down your tunnel, etc.

links to the apps here
https://networktools.he.net/

« Last Edit: January 24, 2018, 03:08:13 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #12 on: January 24, 2018, 03:40:29 pm »
hey John, on the HE app, what menu is the routes under for you to get that second screen shot, i tried all of them and couldn't find it. 

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: IPV6 OpenVPN
« Reply #13 on: January 24, 2018, 04:17:23 pm »
The one that says routing table - scroll down the menu..

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #14 on: January 26, 2018, 02:00:49 pm »
hey John, scrolled down the list but mine looks a little different than yours, just installed from google play store.  One thing though I got the tunnel up on pfsense and when i go to test ipv6, everything comes back a check..  Still trying to get the phone working though.


Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #15 on: January 26, 2018, 02:10:19 pm »
and when i connect, sometimes it looks like the first screenshot, sometimes the second.  Looks like ipv4 sometimes and ipv6 the other. I have no idea what's going on :)


Offline xman111

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: IPV6 OpenVPN
« Reply #16 on: February 08, 2018, 10:53:53 am »
anyone have any ideas?