pfSense Support Subscription

Author Topic: Comcast 6to4 how-to?  (Read 7436 times)

0 Members and 1 Guest are viewing this topic.

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Comcast 6to4 how-to?
« on: March 02, 2012, 01:21:53 pm »
Does anyone have a 6to4 how-to for pfSense 2.1 on Comcast?    How different is it from the He.net instructions? ( http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 )

The 6to4 setup on Comcast can be fully automatic, as witnessed with an Apple Airport.

TIA.

Offline bmah

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #1 on: March 02, 2012, 07:43:57 pm »
I don't see anything in the pfSense 2.1 UI that allows you to configure a 6to4 interface so I'm guessing it can't be done from the pfSense UI.  (In "normal" FreeBSD you'd configure an interface of type stf.)

Note also that with 6to4, it doesn't matter if you're on Comcast or whatever ISP...6to4 is agnostic of your ISP.  (This is also one of its downsides, in that the "quality" of IPv6 connectivity can depend on a 6to4 gateway neither you nor your ISP has any control over.)  That was one of the motivations for 6RD, which is very similar to 6to4.

(FWIW Comcast is my ISP, and I just use a he.net tunnel.)

Bruce.

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #2 on: March 05, 2012, 03:34:36 pm »
FWIW,

Comcast had 6RD relays until last June:  http://www.comcast6.net/6rd-config.php
Now comcast is pointing users in non-Dual Stack markets to its regional 6to4 relays:  http://www.comcast6.net/6to4-config.php

The 6to4 auto-configuration works very well with some routers,  it seems it should be as easy as (attached image) in pfSense as well but that function (IPv6 over IPv4 tunneling) doesn't seem to do anything as far as I can tell.


Offline bmah

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #3 on: March 05, 2012, 10:36:42 pm »
I'm going to admit ignorance at this point, especially since I don't use 6to4 myself.  I will point out that RFC 2893, which is mentioned in the UI, is a document on IPv6 transition mechanisms in general.  I always thought that 6to4 was (is) RFC 3056.  So color me confused!

Bruce.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #4 on: March 07, 2012, 02:49:02 pm »
6RD is something that some ISPs are rolling out and some time is spent on that.

Actual dual stack is the way forward and Comcast will be rolling that out. You can activate the DHCP6 client on your WAN if your area already supports this. I'm not sure how far the deployment on the Comcast side is.

Considered 6to4, never attempted it yet. Not tried to see what that field does either, I really should. It's not for 6to4 though.

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #5 on: April 06, 2012, 04:15:22 pm »
Just a quick update,  Comcast 6to4 now works after support was added to pfSense on April 1st.   Using the instructions here:  http://forum.pfsense.org/index.php/topic,47872.0.html

Comcast dual-stack is still only available in a few markets and mine (Portland, OR) is not one of them.  Info here: http://www.comcast6.net/

FWIW, don't expect any blazing speeds from Comcast 6to4.   Speed is much lower and latency is much higher than IPv4.  See attached screenshots.
« Last Edit: April 06, 2012, 04:50:24 pm by irvingpop »

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #6 on: April 07, 2012, 03:21:24 am »
Thanks for the positive report on the 6to4 support!

Glad it works for you.

Offline mrhanman

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #7 on: April 11, 2012, 04:22:12 pm »
I was also trying to set this up on comcast, and I've had a bit of trouble.  The Status -> Gateway screen shows the connection is online, and I can ping the gateway IPv6 address from pfSense.  None of my PCs are able to ping any IPv6 address, though it looks like IPv6 name resolution is working.  At least, when I ping ipv6.google.com, the address is resolved with either no reply or destination unreachable.  That may be cached on the computer, because I can't ping the same address from pfSense.  I setup my connection with these instructions from another thread:

Quote
Select IPv6 configuration type "6to4" on the WAN.
Select IPv6 configuration type "Track interface" on the LAN.
Select the WAN interface here and a number instead of "none"

I had previously setup a SixXS tunnel, but I've deleted all those settings, just in case.  I'm running the April 10th snapshot.  This might be unrelated, but on a reboot, I get this crash log.

Code: [Select]
Crash report begins.  Anonymous machine information:

i386
8.3-RELEASE
FreeBSD 8.3-RELEASE #1: Tue Apr 10 21:11:25 EDT 2012     root@FreeBSD_8.3_pfSense_2.1.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8

Crash report details:

PHP Errors:
[11-Apr-2012 16:27:14 UTC] PHP Parse error:  syntax error, unexpected '=' in - on line 42

I have a firewall rule set to allow all IPv6 traffic from the LAN.  I'm really not sure where to look from here.  Any ideas?

EDIT: I can now ping the Gateway IP of the IPv6 interface.  I haven't changed anything.  I'm not sure why that started working, but I still get Destination Unreachable for anything else.  DNS appears to be resolving, but no other traffic is passed.

EDIT2: I figured out how to fix the problem.  Turns out, the default route for IPv6 is never created.  I can manually execute  "/sbin/route -n add -inet6 default [Gateway IP]" and it starts working.  Any idea why this is happening, or what I can do to stop it?  This might be a clue:
Code: [Select]
php: : The command '/sbin/route change -inet6 default '2001:1938:80:1fb::1'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2001:1938:80:1fb::1: Network is unreachable'Also, for some reason the IPv4 gateway has disappeared from the webgui.  I can still see it with netstat, and IPv4 still works.  It's just not in the webgui under System -> Routing or Status -> Gateways.
« Last Edit: April 11, 2012, 08:15:15 pm by mrhanman »

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #8 on: April 12, 2012, 10:15:50 am »
sorry for not reporting earlier:
I tested with the April 9th snapshot and Comcast 6to4 was broken there as well  (vs.  April 2nd snapshot where it worked OK).    Same issues as mrhanman.   

Reverted back to April 2nd snapshot for now, since I see a lot of commits still happening to IPv6 handling code.


databeestje:   I can flip back and forth between slices (April 2nd known-good vs. April 9th or later) if you need any data collected.  Please let me know how I can help.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #9 on: April 13, 2012, 05:55:36 am »
Thank you. I will check on this later.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #10 on: April 13, 2012, 12:16:42 pm »
The default gateways for IPv6 referenced above is not the standard 6to4 relay address.

Are you confused with 6rd?
The php error on line 42 from std input and not even a file makes this really weird.

I think the snap you have is broken. Just not sure what exactly.

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #11 on: April 13, 2012, 12:22:36 pm »
OK, I'll try today's snapshot and let you know what is/isn't working.

Offline irvingpop

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #12 on: April 13, 2012, 12:44:58 pm »
Using the latest Snapshot:  2.1-DEVELOPMENT (i386) built on Fri Apr 13 00:07:05 EDT 2012

I can ping the IPv6 Gateway,   but nothing beyond it.

Code: [Select]
[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(1): ping6 2002:c058:6301::1
PING6(56=40+8+8 bytes) 2002:1815:7e8a:: --> 2002:c058:6301::1
16 bytes from 2002:c058:6301::1, icmp_seq=0 hlim=64 time=28.143 ms
16 bytes from 2002:c058:6301::1, icmp_seq=1 hlim=64 time=29.553 ms
16 bytes from 2002:c058:6301::1, icmp_seq=2 hlim=64 time=29.808 ms
16 bytes from 2002:c058:6301::1, icmp_seq=3 hlim=64 time=29.654 ms
16 bytes from 2002:c058:6301::1, icmp_seq=4 hlim=64 time=30.774 ms
^C
--- 2002:c058:6301::1 ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 28.143/29.586/30.774/0.842 ms

[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(2): ping6 ipv6.google.com
ping6: UDP connect: No route to host



Netstat shows no IPv6 default gateway

Code: [Select]
Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UH          lo0
2002::/16                         link#10                       U          stf0
2002:1815:7e8a::                  link#10                       UHS         lo0 =>
2002:1815:7e8a::/64               link#1                        U           vr0
2002:1815:7e8a::1                 link#1                        UHS         lo0
fe80::%vr0/64                     link#1                        U           vr0
fe80::20d:b9ff:fe24:7288%vr0      link#1                        UHS         lo0
fe80::%vr1/64                     link#2                        U           vr1
fe80::20d:b9ff:fe24:7289%vr1      link#2                        UHS         lo0
fe80::%vr2/64                     link#3                        U           vr2
fe80::20d:b9ff:fe24:728a%vr2      link#3                        UHS         lo0
fe80::%lo0/64                     link#7                        U           lo0
fe80::1%lo0                       link#7                        UHS         lo0
fe80::%ovpns1/64                  link#12                       U        ovpns1
fe80::2bd:f9ff:fe0a:1%ovpns1      link#12                       UHS         lo0
ff01::%vr0/32                     fe80::20d:b9ff:fe24:7288%vr0  U           vr0
ff01::%vr1/32                     fe80::20d:b9ff:fe24:7289%vr1  U           vr1
ff01::%vr2/32                     fe80::20d:b9ff:fe24:728a%vr2  U           vr2
ff01::%lo0/32                     ::1                           U           lo0
ff01::%ovpns1/32                  fe80::2bd:f9ff:fe0a:1%ovpns1  U        ovpns1
ff02::%vr0/32                     fe80::20d:b9ff:fe24:7288%vr0  U           vr0
ff02::%vr1/32                     fe80::20d:b9ff:fe24:7289%vr1  U           vr1
ff02::%vr2/32                     fe80::20d:b9ff:fe24:728a%vr2  U           vr2
ff02::%lo0/32                     ::1                           U           lo0
ff02::%ovpns1/32                  fe80::2bd:f9ff:fe0a:1%ovpns1  U        ovpns1


Manually adding inet6 default gateway fixes it

Code: [Select]
[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(9): route add -inet6 default 2002:c058:6301::1
add net default: gateway 2002:c058:6301::1
[2.1-DEVELOPMENT][root@fw.popovetsky.com]/root(10): ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2002:1815:7e8a:: --> 2001:4860:8005::93
16 bytes from 2001:4860:8005::93, icmp_seq=0 hlim=56 time=39.839 ms
16 bytes from 2001:4860:8005::93, icmp_seq=1 hlim=56 time=38.709 ms
16 bytes from 2001:4860:8005::93, icmp_seq=2 hlim=56 time=38.661 ms
16 bytes from 2001:4860:8005::93, icmp_seq=3 hlim=56 time=39.027 ms
16 bytes from 2001:4860:8005::93, icmp_seq=4 hlim=56 time=38.721 ms
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 38.661/38.991/39.839/0.443 ms



Offline mrhanman

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #13 on: April 13, 2012, 05:13:06 pm »
I can corroborate irvingpop's results with the Apr 13th snapshot.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast 6to4 how-to?
« Reply #14 on: April 14, 2012, 02:13:28 am »
I have not yet found the time to debug this yet, it should be adding a new default route. But it isn't