Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2

Author Topic: Multiple clients with IPv6 behind pfSense router  (Read 18432 times)

bartgrefte

  • Newbie
  • *
  • Posts: 38
Multiple clients with IPv6 behind pfSense router
« on: September 04, 2010, 01:56:01 PM »

Hi :)

I'm thinking about getting the clients around here an IPv6 connection. Already done some reading about it and read about creating a tunnel. From what I've read my pfSense router supports passing protocol 41, this setting is present: "NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:", I can enable/disable this but I must enter an IP-address.

Does this mean I can only create a tunnel to one client at a time and not simultaneous to multiple clients?

Here's some info about the clients/devices:
* Cablemodem: Arris TM702B, EuroDOCSIS 3. (ISP is not offering IPv6 to there customers, however there are rumors they are testing it...)
* Router: MSI IM-945GSE-A motherboard with 1GB RAM, a MiniBox M300LCD case and pfSense 1.2.3 nanoBSD/embedded as OS.
* One 3COM OfficeConnect® Gigabit Switch 8 and a HP ProCurve 1400-8G switch.
* Clients: Several operating systems: XP Pro SP2 & 3, 7, Kubuntu 10.04, Windows Mobile 6 (might soon be replaced by an Android phone) and a Noxon 2 Audio which just like it's predecessor will not get a firmware update I suspect.
* AP: Senao/EnGenius ECB/SCB-3220 (getting repaired atm....).

Hope anyone can shed some light on this ;)

With regards,

Bart Grefte
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2724
Re: Multiple clients with IPv6 behind pfSense router
« Reply #1 on: September 04, 2010, 03:51:56 PM »

You only need one tunnel; your router takes care of handing out addresses to your clients and sending traffic back through the tunnel to HE.

You can use Router Advertisements and DHCPv6 to assign addresses
Logged

bartgrefte

  • Newbie
  • *
  • Posts: 38
Re: Multiple clients with IPv6 behind pfSense router
« Reply #2 on: September 07, 2010, 11:37:02 AM »

Uhm, (gonna Google later ;), half a sleep... ) but how do you want the router to do that, since pfSense does not get support for IPv6 until after 2.0 is released? (Whenever that will be.)
« Last Edit: September 07, 2010, 11:50:18 AM by bartgrefte »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2724
Re: Multiple clients with IPv6 behind pfSense router
« Reply #3 on: September 07, 2010, 11:56:38 AM »

Well that I didn't know, sorry.

Then you'll need a host behind it (BSD, linux, windows, ect) that you can use to terminate your tunnel and also use to hand out addresses; Looks like your Ubuntu host should be able to do it
Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Multiple clients with IPv6 behind pfSense router
« Reply #4 on: September 09, 2010, 12:59:28 PM »

If you are comfortable with the nitty gritty of Linux it looks like Gentoo can do this: http://www.gentoo.org/doc/en/ipv6.xml
Logged

bartgrefte

  • Newbie
  • *
  • Posts: 38
Re: Multiple clients with IPv6 behind pfSense router
« Reply #5 on: September 10, 2010, 02:31:45 AM »

Well that I didn't know, sorry.

Then you'll need a host behind it (BSD, linux, windows, ect) that you can use to terminate your tunnel and also use to hand out addresses; Looks like your Ubuntu host should be able to do it
Hmm, the only host that is running 24/7 (next to the pfSense router) has XP as OS.
(K)Ubuntu is the OS of my laptop, that one is not gonna run 24/7 ;)

If you are comfortable with the nitty gritty of Linux it looks like Gentoo can do this: http://www.gentoo.org/doc/en/ipv6.xml
Well, I was hoping I wouldn't need another host that runs 24/7. Isn't there anyway FreeBSD (7.2 if I'm correct) can do this? Since pfSense is based on it.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2724
Re: Multiple clients with IPv6 behind pfSense router
« Reply #6 on: September 10, 2010, 04:58:32 AM »

Yes, you can use FreeBSD to host your tunnel...you could also use XP.

If pfSense is based on FreeBSD, why not go to the tunnel page, pick the drop down for FreeBSD, and use those commands to start your tunnel?
Logged

bartgrefte

  • Newbie
  • *
  • Posts: 38
Re: Multiple clients with IPv6 behind pfSense router
« Reply #7 on: September 16, 2010, 11:56:20 PM »

I've been busy, but hope I can check that out this weekend :)

Are all commands necessary there? I mean, including the onces that make pfSense/FreeBSD give the clients an IPv6 address through DHCP?
Or I can just look at that page and find out :)

edit: I'm already running into a little problem, the "Setup Regular IPv6 Tunnel"-form does not accept a DynDNS domainname as endpoint, wanted to enter it because my ISP does not offer static IP-addresses and I use DynDNS because of that.
So I'm guessing only an IPv4 address is accepted? Why not a DynDNS domainname, would make things a whole lot easier when someones IP changes, it would get automatically updated when running the DynDNS updater-client in the background.
« Last Edit: September 17, 2010, 03:47:54 AM by bartgrefte »
Logged

excaliburtech

  • Newbie
  • *
  • Posts: 2
Re: Multiple clients with IPv6 behind pfSense router
« Reply #8 on: October 10, 2010, 08:10:30 PM »

I am using pfSense as well. I ended up setting up a Vyatta box and having pfSense forward protocol 41 to it. I had debated about replacing the pfSense box with Vyatta, but didn't want to incur the downtime. Not to mention the RRD graphs built into pfSense are nice.

If you want more details have a read through Configuring Vyatta with an IPv6 Tunnel Broker. It was fairly straight forward except for on pfSense you also need to create a firewall rule to allow the he.net endpoint to access the IP you forwarded protocol 41 to.
Logged

bartgrefte

  • Newbie
  • *
  • Posts: 38
Re: Multiple clients with IPv6 behind pfSense router
« Reply #9 on: October 17, 2010, 09:10:09 AM »

I've never heard of a Vyatta box ???

Did ran into this: http://www.xaero.org/index.php/archive/configuring-a-6to4-tunnel-on-the-pfsense-firewall/ (Google cache link if site is down again)
Haven't tried it yet, but if I understand everything correctly, every client that supports IPv6 should be able to use the tunnel.
Logged

excaliburtech

  • Newbie
  • *
  • Posts: 2
Re: Multiple clients with IPv6 behind pfSense router
« Reply #10 on: October 17, 2010, 09:56:46 AM »

I've never heard of a Vyatta box ???

Have a look at the Vyatta community edition website. Configuration is done through the CLI like Cisco. The command syantax is different, but easy to pick up with the auto complete.

http://www.vyatta.org/
Logged

databeestje

  • Newbie
  • *
  • Posts: 5
Re: Multiple clients with IPv6 behind pfSense router
« Reply #11 on: October 31, 2010, 12:31:06 PM »

Hi,

I've been working on ipv6 support for pfSense on the 2.0 BETA branch last week and it's now possible to succesfully configure a he.net ipv6 tunnel via the web interface, assign the public /64 to the lan and have your lan host autoconfigure a public address.

The firewall rules on the wan and lan interface work for ipv6 so you can easily deny and allow traffic from the internet to the routed subnet.

You can find the relevant information to get your 2.0 install working with my forum post on http://forum.pfsense.org/index.php/topic,26469.0.html

Regards
Logged

bartgrefte

  • Newbie
  • *
  • Posts: 38
Re: Multiple clients with IPv6 behind pfSense router
« Reply #12 on: November 01, 2010, 03:24:40 PM »

How about 1.2.3 branch ;)

Tried http://www.xaero.org/index.php/archive/configuring-a-6to4-tunnel-on-the-pfsense-firewall , getting:
Code: [Select]
[admin@bocadelinfierno.local]/root(1): ping6 -c 4 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:1f14:e04::2 --> 2a00:1450:8001::93
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1

--- ipv6.l.google.com ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
at pfSense box, logged on with Putty on console.
My test-client (with XP Pro) does not have IPv6 access either.

Ping6 results to ::1 same results as above...

edit: Never mind... Anyone know this setting? pfSense -> System -> Advanced -> "Allow IPv6 traffic" ::)
Later this week I'm gonna try the clients again....
« Last Edit: November 03, 2010, 01:22:24 PM by bartgrefte »
Logged

lukec

  • Jr. Member
  • **
  • Posts: 65
    • Home
Re: Multiple clients with IPv6 behind pfSense router
« Reply #13 on: November 04, 2010, 12:52:33 AM »

Quote
ping6: sendmsg: Operation not permitted
Suggests a local firewall issue on the host
rgds
Logged

coltexbv

  • Newbie
  • *
  • Posts: 2
Re: Multiple clients with IPv6 behind pfSense router
« Reply #14 on: November 04, 2010, 02:27:27 AM »

Here is a link to the howto I made for the experimental pfSense 2.0 code branch.
http://iserv.nl/files/pfsense/ipv6/
Logged
Pages: [1] 2