GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time
For some unknown reason, pfSense does not ask in the GUI for local/remote IPv6 addresses when a user wants to use it to carry both, this is defined in [[https://tools.ietf.org/html/rfc7676]].
This should be addressed.
Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time
Feature #10392: Removed IPv4/IPv6 selection. Added code for configuration migration on upgrade.
#3 Updated by Sebas tian 11 months ago
I manually executed
(as etc/inc/interfaces.inc would do it) and I can (at least) ping the tunnel remote now, so it seems to works? Although pfSense seems to remove the v6 address shortly after manually setting it …
/sbin/ifconfig gre0 inet6 <localV6> <remoteV6> prefixlen 128
#4 Updated by Jim Pingle 11 months ago
In that case it should be fairly easy to add that to the GUI by splitting it into separate IPv4 and IPv6 options. It will need some upgrade code to separate out the existing IPv4 and IPv6 config into the new fields but that should be simple.
The same should be done to GIF as well
#5 Updated by Sebas tian 11 months ago
I have implemented the necessary changes for GRE interfaces (and tested them with my setup – seems to be working). I have no way of testing it for GIF and therefore hesitate to add my changes there, too. Should I still do it nevertheless or should I just create a PR for the GRE part? (PRs on Github are the correct way to submit the changes, right?)
#10 Updated by Viktor Gurov 7 months ago
- Status changed from Feedback to Resolved
tested on two 2.5.0.a.20200916.1850
works as expected:
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476 description: GRE options=80000<LINKSTATE> tunnel inet 192.168.88.41 --> 192.168.88.42 inet 10.88.88.41 --> 10.88.88.42 netmask 0xffffff00 inet6 fe80::2ce7:6345:e2a8:cd6c%gre0 prefixlen 64 scopeid 0xa inet6 fc00:88::41 --> fc00:88::42 prefixlen 128 groups: gre nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>