Answered: IPv6 traffic through OpenVPN pfSense

PP-AtlasRouters

New Member
Hi All,

I am using an pfSense router with an OpenVPN tunnel to Perfect-Privacy. The tunnel is setup on the router to tunnel all my internet traffic through this OpenVPN tunnel.

The IPv4 part of this story this is working fine. (just set-up the tunnel & create an outbound NAT rule)

I am having problems with the IPv6 part. I tried to setup an NPt construction to translate the internal IPv6 prefix to the Privacy-Perfect Local IPv6 address. But this is sadly not working.
Example (not my real IP's):

JFF2fAp.png


NPt seems only to work if you can translate a whole subnets. Are there any other options to achieve that all IPv6 traffics gets router through the OpenVPN tunnel.

I would really appreciate any input on my issue.

J.
 
NPt maps IPv6 prefixes. Use the "Outbound NAT" tab to create a rule to translate your internal network to the single address assigned by OpenVPN.
Unfortunately, I didn't get IPv6 NAT to work properly. In packet captures on the tunnel interface, I see the outgoing address alternating between the tunnel address and the tun device fe80:: address.
The same behaviour seems to be reported here

Maybe you could try and report what you see on the tunnel?


b996DYN.png
 
NPt maps IPv6 prefixes. Use the "Outbound NAT" tab to create a rule to translate your internal network to the single address assigned by OpenVPN.
Unfortunately, I didn't get IPv6 NAT to work properly. In packet captures on the tunnel interface, I see the outgoing address alternating between the tunnel address and the tun device fe80:: address.
The same behaviour seems to be reported here

Maybe you could try and report what you see on the tunnel?

Thanks, that helped a lot!
I created a NAT rule as you showed in the picture. But I entered the Translation address manually. (entered the IPv6 address on the OpenVPN interface)
After that it did not work yet. I had to force the LAN (guest) traffic via the OpenVPN gateway by a firewall rule:
Screenshot from 2017-12-07 01-38-14.png

After that it started working on my end! Please let me know if you need more information.
 
Back
Top