Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Hurricane Electric Tunnel Issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hurricane Electric Tunnel Issue (Read 2432 times)
MeCJay12
Newbie
Posts: 1
Karma: 0
Hurricane Electric Tunnel Issue
«
on:
March 28, 2020, 03:14:42 am »
Hello! I've decided to try out OPNsense after the recent pfSense 2.4.5 release is causing memory leaks on my system. I'm setting up my Hurricane Electric IPv6 tunnel but it's only kinda working. I can ping out from OPNsense but I cannot ping to OPNsense. I tried a firewall rule to allow all ICMP to self, I tried ICMP-IPV6 to self, and I tried rebooting. While pinging my firewall isn't critical in itself, I figured it was indicative of a larger issue. I tried to create a firewall rule to allow HTTPS to the firewall over IPv6 and that didn't work either. I can see my requests appearing in the live firewall log in green so I assume I have something wrong with my HE tunnel. I followed this guide to set it up:
https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html
. Any ideas?
«
Last Edit: March 28, 2020, 03:19:09 am by MeCJay12
»
Logged
jimpd
Newbie
Posts: 15
Karma: 0
Re: Hurricane Electric Tunnel Issue
«
Reply #1 on:
April 05, 2020, 11:09:27 am »
I just tested this and I also do not get ICMP working.
But opening the port just works fine. If you nmap the IPv6 of your gif interface, then port 80 / 443 of the opnsense is open. Just ICMP does not work for whatever reason.
If you allow ICMP to a host in for example the LAN in the firewall in tunnelbroker rules, then this ICMP works fine. You can even see the firewall IPv6 in the mtr. But it still is not ping-able.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Hurricane Electric Tunnel Issue
«
Reply #2 on:
April 05, 2020, 12:02:49 pm »
Check
https://ipv6-test.com/
At least for my home HE tunnel, it always says ICMP filtered. As far as I understood this can also be done by the ISP so you have no chance to circumvent.
Cheers,
Franco
Logged
jimpd
Newbie
Posts: 15
Karma: 0
Re: Hurricane Electric Tunnel Issue
«
Reply #3 on:
April 05, 2020, 12:12:33 pm »
IPv6 is working, yes.
And ICMP is, as you said, filtered. But that is exactly what we don't want. We want ICMP.
My ISP (from where I use the IPv4) allows IPv4 and IPv6 ICMP. Does that mean he.net blocks ICMP? I don't think so because it is possible to ping (if allowed) other IPv6 addresses from the he.net subnet I received.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Hurricane Electric Tunnel Issue
«
Reply #4 on:
April 05, 2020, 12:14:06 pm »
We all want unfiltered at the end of the day. Asking for it is one thing, finding out why is another. Unfortunately, I have no answer for this beyond what I already shared.
But I would like to stress that HE is not a substitute for real IPv6.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Hurricane Electric Tunnel Issue