I am at my wits end on this. I tried all day yesterday to get this to work.
I have the tunnel setup on a Centos VM and I can ping out from it, great.
I enabled this
https://docs.netgate.com/pfsense/en/latest/book/config/advanced-networking.html#ipv6-over-ipv4-tunneling but no where does it say what IP goes in the "IPv4 address of Tunnel Peer" field. Is it HE's endpoint? or the local behind NAT IP? either way, I tried both and it doesn't seem to matter. Also it says firewall rules need to be made but no where does it indicate what those rules look like.
So I checked that, and made firewall rules where protocol is IPv4 IPV6, source is HE endpoint, destination is my local VM ip and any port. Which pfsense does seem to match a state to the traffic of this rule. But if I stop traffic for 15 minutes or so I can't access the VM from the other side of the tunnel until I start pinging from my side of it.
I even tried making a NAT rule on IPV6 protocol source HE endpoint destination my WAN redirect to my internal VM and any port. nothing.
I deleted all that and unchecked the ipv6 over ipv4 stuff and it still works if I ping from my side first. So what was any of the above doing? Seems nothing.
Anyone have any idea how this is supposed to be configured? My google fu finds people who say they couldn't do this with a consumer router but got it working with pfsense but don't say how...