pfsense with Hurricane Electric IPv6 Tunnel

Most of the guides that I followed to set up pfsense with a tunnelbroker left me feeling a little confused so I am going to attempt to write a comprehensive guide here that avoids confusion.
First off I am assuming you have all of the initial configuration done, pfsense is installed, you have changed to HTTPS, changed your password, you have WAN connectivity, etc. You have to get the right version of pfsense, which is actually a beta since revamping pfsense for IPv6 apparently turned out to be more of a task than the team anticipated. Change these settings then go back to the "Manual Update" tab, enable it and begin the update. The firewall will reboot.

The following version worked for me. Note that it says that there is an update available, but when I updated it further it broke everything. I didn't even have normal IPv4 connectivity to my ISP anymore.

Now let us go ahead and make sure Hurricane Electric can ping us. If they can't the tunnel will not work:

66.220.2.74 is the address you need to create a rule for. If you do nslookup or dig you will see it resolves to arc.he.net. Moving on, let us create a generic interface for our Tunnel between pfsense and the tunnelbroker. We do this just like we are adding any other physical, GRE or VLAN interface to pfsense:

At this point you might want to bring up your HE.net Tunnel Details and go from there:

Please note: If you lose power, unplug your modem, or change your public IPv4 address, you WILL have to go into the HE.net page shown above and change the "Client IPv4" address to reflect your new public IPv4 address.
Now we can go ahead and add the newly created GIF interface so pfsense can use it. I already have mine added, but I am showing it being added here:

Next go under "System" and "Routing" to configure our Tunnel as a Gateway for IP traffic to use.
My gateway is already there but I will show how I set it up.







Now we can go to our interface list, and enable the GIF interface we created before (I named mine HETUNNEL) and tell it to use the gateway we just created. If you are doing this in order just choose the gateway you just created. It isn't in the screenshot below, but it should be in a drop-down box. Mine would be HEipv6GW as that is what I named it above.





Now we should have a working tunnel. You can check under status > gateways. Should say online. Possible problems would be you input the wrong IPv6 addresses when setting things up, you forgot the firewall rule to allow the tunnelbroker to ping pfsense on the WAN side, or you forgot to put in your public IPv4 address into the tunnel details on the HE.net site. Now all we have to do it set up things on the LAN side.

Don't forget a default IPv6 Firewall rule!

Should be good to go then. I do not use DHCPv6 since I have maybe 3 hosts that need to use IPv6 for testing BIND and APACHE with IPv6 so I am not going to write about that here. 

If you have a dynamic IP on the WAN connecting the tunnel, you can use the "HE.net Tunnelbroker" DynDNS type to update it when your IP changes.
To set that up:

• Go to Services > DynDNS
• Click +
• Set the type to "HE.net Tunnelbroker"
• Select the proper interface
• For "hostname" enter your numeric Tunnel ID from he.net
• Enter your username and password
• Enter a description if you want one
• Save

Enjoy browsing and testing with IPv6!

Windows File Sharing IPv6

Really getting down and dirty with IPv6, so there probably will be a lot of posts here about it.
First off, just a short post about accessing windows file shares over IPv6. Microsoft requires that you remove the colons and replace them with dashes, using a double dash for double colons, and then append .ipv6-literal.net at the end. A strange way of doing things if you ask me but it works:

Tech Biz Minnesota Winners

 

We won first place with our project!

Goodbye Xen & vSphere, Hello Proxmox VE 2.0

In the struggle to find the perfect Hypervisor, I have tried just about every option. My goal for the lab at home is to cut down on both noise and power consumption. This means going to 1 box that fulfills all of my lab needs, until I add another node for High Availability technology. I really can't see myself adding another VM server until I decide to go for something like VCP - which I certainly do not have money for right now. (VCP lab would consist of at least two ESXi servers, a SAN for shared storage, and the ESX license which is somewhere around 500$. I am not sure how much vCenter Server is.)

I have tried many renditions of free Virtualization Software - ESXi is not working for me right now because I don't have a decent hardware RAID controller. I was going to purchase one but in the interests of saving money and time I tried Xen again. I had it on the server before, and had pretty good luck at it, but putting it on there again made me remember why I disliked it. Horrible Linux support. The "templates" are distasteful as most of them do not work. I installed Ubuntu server 4-5 times and decided to give up. The only way I was getting it to work is to use a Windows Template, which doesn't really make sense to me at all. Xen feels hacked and unpolished. I believe it has potential, but it isn't for me. Perhaps if I was running only Windows machines, it would be okay, but I run machines from every family of Operating Systems - I need something more flexible.

I had good luck with Proxmox before, despite the issues with NIC cards and the dreaded /etc/udev/rules.d/70-persistant-net.rules file, but I thought that since it had been a while since I had checked into it, perhaps they had corrected that issue. Low and behold I see they have version 2.0 released. I immediately downloaded it and installed it. I am VERY impressed. They have completely re-done the GUI, and it is still browser-based, which is HUGE for me because I no long have to fight with some proprietary client that runs only on Windows, I can VPN in and administer all my VMs though a web browser.

Very nice interface. All built with Java, and the console is VERY snappy (SPICE protocol). I don't have to install VMWARE drivers in my new Windows installations just to be able to function in the console window anymore. Also has the ability for live migration and other HA features I haven't tested, but will be very excited to when I get another node. I almost regret not coming upon this sooner as I would have loved to use this in our Tech-Biz project. I am very happy with it though and I think I have become a Proxmox supporter for life.

Windows...ugh

I just wanted to take a second to rant about Windows briefly; I was hoping to use an old Gateway T4022 for a Windows server in my house...despite the LOUD fan that is in it that needs to get replaced, I was hoping it would work for AD in my house and as a file server for XBMC. Now this Gateway is nothing special single core 2GB RAM, me being a COMMAND LINE guru working with Cisco and Linux and Vyatta and SunOS and pfSense and ClearOS and Zentyal and M0n0wall, and IPCOP, etc daily...I mean, THAT'S A BOX!

NOT TO WINDOWS!

It was flying with vyatta on it even doing HTTP caching with Squid. This is a shot of it running, doing absolutely NOTHING...it has ADDS & DNS installed, not taking any DNS requests or having any clients connected at ALL. The most it was doing was maybe updates?

Ugh so it appears if I want to go the Windows route I am going to have to break out the bucks again and spend maybe 50-75% upgrading this thing to a dual core and 4gb of RAM. Then MAYBE, MAYBE it might be able to run Windows Server decently. I might re-install and see how it runs with Server Core, but then I have the "mental overhead" of having to remember all of the awkward Microsoft "cmd" stuff. *shudders* Might do this though, just script some auto install stuff and get it running with RSAT then forget about it. Otherwise I am going back to something like ClearOS, Zentyal or one I haven't tried much that being Univention Corporate server. Might VM that tomorrow and take a look at it. ClearOS or Zentyal were OK, I had them as routers instead of stand alone MS SBS replacements, so I might do some testing. Simply put, once again, damn you Microsoft. I'm a broke ass college student.

Maybe I should put Windows Server 2003 on it???

Naw...


-_- ZzZzZ