Project

General

Profile

Actions

Todo #11812

closed

Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service

Added by Steve Y almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
Recipes
Target version:
-
Start date:
04/17/2021
Due date:
% Done:

100%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

Feedback:
I set this up tonight and it was 99% fine, I got all the way to my PCs getting IPv6 addresses, pfSense could ping out over IPv6, and test-ipv6.com showed 10/10 from my PC, and I could ping ipv6.google.com from my PC. Bravo on the doc page.

However after more testing I realized that DNS lookups to the LAN IPv6 were failing, and I could not ping the router LAN IPv6. Although there was a pre-existing rule allowing IPv6 from LAN Net to Any, the default block rule was blocking the connection from my PC to LAN IPv6:53. I tried adding other rules allowing to This_Firewall:any and to LAN IPv6:53 UDP but they had no effect, nor did restarting unbound.

A search for similar situations found at least two forum comments suggesting a restart of pfSense fixed similar issues. I restarted pfSense and DNS and pinging began working. I suggest adding a note at the bottom of the page to restart pfSense if DNS/ICMP/IPv6/etc. are not working as expected from devices on LAN after the tunnel is configured.

This was on pfSense 2.5.1 (our lone non-Netgate hardware), but one forum comment was from 2016.

I cannot explain why a restart was needed but it definitely fixed everything for me.

(side note, test-ipv6.com is linked from this doc page using HTTP so that site shows a message that it supports HTTPS now)

Actions

Also available in: Atom PDF