2
What is the procedure to create an IPv6 tunnel in pfSense 2.0?
pfSense 2.0 (RC3) supports creation of a GIF tunnels:
The help is pretty generic, and pretty unhelpful:
In pfSense 2.0, GIF tunneling interfaces are added from Interfaces (assign) on the GIF tab.
GIF is a generic tunneling mechanism that can be used for IPv4 and IPv6 traffic.
GIF tunnels can be added, edited, or deleted from the list view.
When adding or editing a GIF interface, you must enter its interface, remote address, and local and remote tunnel addresses. You can optionally enable Route caching, ECN friendly behavior, and a description.
Be aware, with GIF interfaces and bridging, you cannot ping the router endpoints, but clients can still ping each other. Without bridging, you should still be able to reach the router endpoint IPs with ping.
When created a tunnel from TunnelBroker.net on Windows 7 there were only 3 important pieces of information:
- Tunnel Entry-Point Node: 192.168.1.98
- Tunnel Exit-Point Node: 209.51.181.2
- Client IPv6 Address: 2001:470:1f11:1178::2/64
and then then tunnel needs a default gateway IPv6 address:
- Server IPv6 Address: 2001:470:1f11:1178::1/64
So on Windows you create the tunnel using:
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.98 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f11:1178::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f11:1178::1
Now in this case i set the tunnel entrance IPv4 address to my desktop machine's internal LAN address (e.g. 192.168.1.98), rather than my router's WAN address. This is because the tunnel entrance is on my local machine.
Now it comes to creating a tunnel on pfSense.
- Parent interface:
LAN
|WAN
- gif remote address:
- gif tunnel local address:
- gif tunnel remote address:
i don't know the difference between:
- gif remote address
- gif tunnel remote address
and i don't know if gif tunnel local address should be:
- the router's IPv4 LAN address (e.g. 192.168.1.1) on the LAN interface
- the router's IPv4 WAN (current) address (e.g. 216.8.139.7) on the WAN interface
i randomly tried the following, but it does nothing (at all):
TunnelBroker.net includes some scripts for FreeBSD to create and configure the tunnel:
ifconfig gif0 create
ifconfig gif0 tunnel 216.8.139.7 209.51.181.2
ifconfig gif0 inet6 2001:470:1f11:1178::2 2001:470:1f10:1178::1 prefixlen 128
route -n add -inet6 default 2001:470:1f11:1178::1
ifconfig gif0 up
My question ended after the first line. The only reason i included another 3 screenfuls of information is that some people get pissy when you only ask a question. Also by posting a lot of meaningless junk it shows that i actually tried - which some people find important.
Edit: There is a three year old post on the pfSense forums (IPv6 behind pfsense.) that talks about manually adding IPv6 tunnel support to pfSense 1. i'm looking for expanded documentation/explanation/tutorial for use with pfSense 2.0 UI.
See also
- IPv6 behind pfsense.
- pfSense documentation: GIF Interfaces
- Experimental IPv6 support if pfSense 2.0 BETA
- TunnelBroker.net Forums: [Announce] Prelimenary IPv6 Support in pfSense
- pfSense Foruma: GIF tunnel on PPPoE reconnect / HE.net tunnelbroker IP DynDNS
- GIF tunnel on PPPoE reconnect / HE.net tunnelbroker IP DynDNS