Answered: IPv6 traffic through OpenVPN pfSense

PP-AtlasRouters

New Member
Hi All,

I am using an pfSense router with an OpenVPN tunnel to Perfect-Privacy. The tunnel is setup on the router to tunnel all my internet traffic through this OpenVPN tunnel.

The IPv4 part of this story this is working fine. (just set-up the tunnel & create an outbound NAT rule)

I am having problems with the IPv6 part. I tried to setup an NPt construction to translate the internal IPv6 prefix to the Privacy-Perfect Local IPv6 address. But this is sadly not working.
Example (not my real IP's):

JFF2fAp.png


NPt seems only to work if you can translate a whole subnets. Are there any other options to achieve that all IPv6 traffics gets router through the OpenVPN tunnel.

I would really appreciate any input on my issue.

J.
 

MixMaster

Junior Member
NPt maps IPv6 prefixes. Use the "Outbound NAT" tab to create a rule to translate your internal network to the single address assigned by OpenVPN.
Unfortunately, I didn't get IPv6 NAT to work properly. In packet captures on the tunnel interface, I see the outgoing address alternating between the tunnel address and the tun device fe80:: address.
The same behaviour seems to be reported here

Maybe you could try and report what you see on the tunnel?


b996DYN.png
 

PP-AtlasRouters

New Member
NPt maps IPv6 prefixes. Use the "Outbound NAT" tab to create a rule to translate your internal network to the single address assigned by OpenVPN.
Unfortunately, I didn't get IPv6 NAT to work properly. In packet captures on the tunnel interface, I see the outgoing address alternating between the tunnel address and the tun device fe80:: address.
The same behaviour seems to be reported here

Maybe you could try and report what you see on the tunnel?

Thanks, that helped a lot!
I created a NAT rule as you showed in the picture. But I entered the Translation address manually. (entered the IPv6 address on the OpenVPN interface)
After that it did not work yet. I had to force the LAN (guest) traffic via the OpenVPN gateway by a firewall rule:
Screenshot from 2017-12-07 01-38-14.png

After that it started working on my end! Please let me know if you need more information.
 
Top