OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: eshield on February 26, 2018, 06:48:02 pm

Title: HE.net tunnel issue
Post by: eshield on February 26, 2018, 06:48:02 pm

Hello,

I have configured a HE.net tunnel in OPNsense 18.1_2 like this (see untitled1.png), but script configures IP as  /128 instead of /64 (see untitled2.png). This leads to inaccessibility of services running on local endpoint.

Sorry for my English.

Title: Re: HE.net tunnel issue
Post by: franco on February 28, 2018, 07:23:51 am

Same 128 for my working HE tunnel... Have you been using https://docs.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html ?


Cheers,
Franco

Title: Re: HE.net tunnel issue
Post by: eshield on March 01, 2018, 10:51:23 am

Yup, I've been following that how-to except that a GIF tunnel local address edit does not accept network mask so I've omitted a /64 mask.

My setup (addresses are changed):
1) HENET_V6 interface (2001:470:a:b::2).
2) VPN1 OpenVPN interface (fd00:a::1/112) for delegation to client.
3) Have a 2001:470:c::/48 network routed to HENET_V6 tunnel.
4) VPN client with 2001:470:c:1::/64 net is connected to the VPN1 interface.
5) Routing has been configured with OSPFv3.

So, this setup working perfectly. All VPN clients have their own delegated IPv6 net and everything works as intended, but no one can access a certain server running on HENET_V6 interface, but easily can access it on VPN1 OpenVPN interface. External IPv6 users can access server running on HENET_V6 interface.

...
After some investigation I've done it seems like that software has some issues with are not related to OPNsense.

Sorry for bothering you  ::)

Title: Re: HE.net tunnel issue
Post by: franco on March 02, 2018, 02:28:24 pm

No worries. If you can shed light on the problem anyway that would be beneficial for others in the future. :)


Cheers,
Franco