Hi there,
I have an issue connecting through a TunnelBroker 6to4 tunnel.
Packets are going out, but nothing comes back - I can see the outgoing packets in the firewall live logs. Also I'm not behind a CGN.
My client is getting a valid IPv6 address from the router and pinging the router itself works.
Configuration images are here: https://imgur.com/a/GSPXYI6
Values from TunnelBroker:
Server IPv4 Address: red
Server IPv6 Address: green
Client IPv6 Address: blue
Routed /48: yellow
Any ideas on what could be the issue / what to test?
So gateway monitoring doesn't work either? Do you have a dynamic IPv4 address? Maybe it changed and you need to update it in your tunnelbroker.net account.
Cheers
Maurice
No, I have a static IPv4. Also I checked that my IP matches the one configured in TunnelBroker.
And does gateway monitoring work? If not, do you see any inbound 6in4 packets in a packet capture on the parent interface (WAN)?
Gateway monitoring shows OFFLINE with 100% loss.
I started a packet capture while pinging 2606:4700:4700::1111.
For the TUNNELBROKER interface I can see ping packets going out from my local to the remote tunnel address.
For the WAN address I only see one outgoing packet to the TunnelBroker Server IPv4 Address (red).
(see attached screenshots)
What you can see in the WAN interface packet capture is a gateway monitoring echo request, which has no response.
Assuming all addresses are configured correctly, you're probably facing an upstream issue. Maybe your ISP filters 6in4?
Just wrote to my ISP, they claim they don't block anything.
I double- and triple-checked the GIF config and I'm pretty sure its correct.
What else could there be?
Since you see outgoing 6in4 packets on the WAN interface but no replies, I really can't think of a lot within OPNsense.
What type of Internet connection do you have? What MTU?
Alright, I have an ISP-provided cable modem running in bridge mode.
The OPNsense box is connected to it via a network cable and uses DHCP to get its WAN IP.
Regarding MTU: I'm unfamiliar with that topic. How can I check this?
Go to Interfaces: Diagnostics: Ping, enter the tunnel server's IPv4 address, packet size 1472, do not fragment enabled. If this works your MTU is 1500. Otherwise, reduce the packet size until the ping succeeds.
Thanks.
With the settings you described, ping works. -> MTU is 1500
I just remembered that OPNsense is running as a VM inside Proxmox.
Maybe that can cause the issue?
Shouldn't have an impact unless there's NAT involved at some point. Are you using a bridged configuration in Proxmox?
Yes, it's all "Linux Bridge" bound to physical ports
So.. I've given it another shot today and just found my previous attempt, since I faced the exact same issue.
I have tried to set it up on a completely new instance of OPNsense and still can't get a single reply via the tunnel interface.
I even tried replacing my modem with a USB-tethered mobile phone, still nothing.
I'm still looking for a solution, if anyone is (un)lucky enough to come across this thread...