pfSense IPv6 Tunnel Problems

[Thomas94]

Hi everyone,

I've got a pfSense box over here that I'm using as firewall and reliable DHCP server (my ISP's router is an absolute asshole in that regard, maximum lease times of 2 weeks and I have an Active Directory testing domain set up here) with DNS Forwarder for my AD.

Now, I had to change the hard drive in the box, and because it is a smaller drive now, I couldn't copy my old drive to the new one with something like Acronis True Image. Since my ISP doesn't support IPv6 yet, I'm using a tunnel to Hurricane Electric which I set up using this guide: https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

On the old system, it worked flawlessly, but now I reinstalled the box multiple times... the tunnel is up exactly one boot, when I do a reboot, the interface says the tunnel is up, but when I try accessing something like ipv6.google.com or any other IPv6-site, I can't load it. The traffic graph on the Dashboard shows that nothing is going through the tunnel; IPv4 works fine, but the tunnel doesn't work at all.

[LAwLz]

I got two questions before I might be able to help you (I have next to no experience with pfSense though, but it shouldn't be too complicated).

1) Why would you want more than a 2 week lease on DHCP addresses? For decently sized domain a ~1 week lease isn't that uncommon. 2 week long leases is pretty long even for fairly big networks. The only reason you would want long leases is to minimize the workload on the DHCP server if you got hundreds or thousands of users using it. For smaller networks even 1 week should be enough.

 

2) Why would you go to such great lengths just to get IPv6, even has far as to decrease your Internet connection speed? What do you expect to achieve with this exactly?

[Thomas94]

Got this figured out, I started my PC too early when the pfSense box was not yet ready which let to my PC not getting an IPv6-address (but it got an IPv4-address) which let to me thinking the tunnel isn't working, because I couldn't access any IPv6-pages. If I start the firewall (I turn it off when I'm not at my PC), let it boot and then turn on my PC, everything is working fine (layer 8, I know).

 

To answer your questions:

1) My servers have DRAC cards and I had the issue that they got new IP addresses nearly every time I connected them to my network, which was one of the reasons I build my pfSense box in the first place.

2) My ISP doesn't enable me to access IPv6 for whatever reason and I thought before getting no access to IPv6 (for testing purposes, too) I might as well build myself a solution with a tunnel. And speed-wise it doesn't matter, I get about 4.4/0.5 MBit/s over IPv4 and about 4.3/0.5 MBit/s via the tunnel.