I'm trying to set up policy routing with a he.net tunnelbroker.
The rule is matching, but the traffic is still sent to the default gateway, not to the next hop specified in the firewall rule.
pfctl -sr | grep gif0
pass in log quick on igb2_vlan104 route-to (gif0 2001:db8::1) inet6 from (igb2_vlan104:network) to ! <LocalNetworks> flags S/SA keep state label "USER_RULE: LANSALT -> Internet"
It works for IPv4 with similar config.
Is there a bug?
no ideas? :-(
Any news her? Seems like I've a similar problem. I've tree dual stack up links. IPv4 works with NAT and policy based routs as expected but IPv6 policy based routes do not work for me. Local IPv6 communication between subnets delegated to the various up links works as expected. My IPv6 default gateway with static addresses. The two other links are PPoE connections. I want the IPv6 policy routers make use of these PPPoE links.
The generated rule looks like this:
pass in quick on lagg0_vlan202 inet6 from (lagg0_vlan202:network) to ! <LOCALv6> flags S/SA keep state label "USER_RULE""
I miss some thing like "route-to" ...
Quote from: mahescho on June 21, 2019, 10:23:51 PM
Any news her? Seems like I've a similar problem. I've tree dual stack up links. IPv4 works with NAT and policy based routs as expected but IPv6 policy based routes do not work for me. Local IPv6 communication between subnets delegated to the various up links works as expected. My IPv6 default gateway with static addresses. The two other links are PPoE connections. I want the IPv6 policy routers make use of these PPPoE links.
The generated rule looks like this:
pass in quick on lagg0_vlan202 inet6 from (lagg0_vlan202:network) to ! <LOCALv6> flags S/SA keep state label "USER_RULE""
I miss some thing like "route-to" ...
If found that the two PPPoE interfaces look different. pppoe0 has two fe80 addresses and the gateway entry also has a fe80 appendix. pppoe0 has only one fe80 address and the gateway entry does not have a fe80 appendix but "dynamic" is appended. The addresses ob both connections are static, not dynamic. Wen I switch to pppoe0 the generated rule looks like this:
pass in quick on lagg0_vlan202 route-to (pppoe0 fe80::2a0:a512:8c:43fe) inet6 from (lagg0_vlan202:network) to ! <LOCALv6> flags S/SA keep state label "USER_RULE"
Currently only disabling shared forwading helps
Thanks, I will give this a try. I don't use the neither traffic sharper nor the captive portal and I probably never will.
Edit: I've tested this by now and it works! Thanks.
Now I've one minor problem left. On the default gateway everything works as expected but when I try to reach the public IPs of the two other up links the outgoing packages / replies get routet through the default gateway instead of the correct up link port. So the public IP's of the additional up links are not reachable from the internet.
How to fix this?
Disable Force Gateway in Firewall : Settings : Advanced
Thanks, didn't help ...
Didn't help for v6, v4 or both?
both ...