Thank you all for your answers and discussion. Unfortunately it’s a “real problem”. There is a person who I trusted before but this person is now in suspicion for a bad deed. While changing my passwords (way too late I did that) I saw a log in to my personal account that was definitely not made by myself. It’s possible that that person had an auto login but I also had the hunch this person spied my personal mailbox (which is of great concern because I was in touch with official entities). Well I think the chance is quite low I forgot to logout somewhere and that that device has the same /56 prefix as that person. So I can just hope that was an auto login or that person did not found anything. Thank you all.
I know you can use WAN and LAN, but that doesn't help if you want to allow a rule for a client inside the IPv6 pool.
My address for WAN maybe 1111:2222:3333:4444:AAAA:BBBB:CCCC:DDDD, but my client maybe
1111:2222:3333:4444:AAAA:BBBB:CCCC:FFFF. So, I need my firewall to point to the FFFF address in the forward and if my IPv6 address changes, then I have to manually go into the firewall and update them.
I'm a lot luckier with my ISP. They've been providing native IPv6 for about 6 years and via 6to4 and 6rd tunnels for a while before that. They are also my cell phone carrier so not only does my phone get an IPv6 address, but so do devices I tether to it. Also, my IPv4 address is virtually static and the host name depends on my hardware MAC addresses, so I have no problems with connecting my VPN to my network.
My IPv4 address is virtually static, but my host name is based on modem and router MAC addresses. If I change hardware, the host name will change. If I change my router or it's NIC, my address will change. On IPv6, my prefix has survived modem and complete replacement of the box I run pfsense on. I suspect it might take a nuke or two, to change it. 😉
Just wanted to note, for any Fios customers that might be following this... over on DSLR, a user with a business account in Maryland posted that on or after January 10 2022, they would have IPv6 available. So it looks like wider availability might be coming soon. It also appears that business service will be getting a /56, just as I've been getting with my residential service.
Edit to add: Another user in another state also received the email, but with a date in February, so this may be a regional rollout over a longer period of time.
Ok i just gave up on getting pfSense to generate a working configuration...
If something in my ISP's weird setup is causing it, a bug or the position of the moon i have no idea.
But it works when writing the config file manually and adding the interfaces. The interface still shows nothing about the delegated prefix but everything is working.
RA's set to unmanaged on the local interfaces.
The config file that works with my setup (on Kviknet in denmark):
Anyone of Netgate team could explain if t's now possible and how to proceed ? Maybe from the CLI ? It can be done under linux but I don't know with BSD. I guess so.
Or if it's a futur feature ?
Or something I better forget ?
Well... Actually i had quite the same problem as in the referenced thread: The issue was also caused by the WLAN infrastructure (but ExtremeNetworks AP130 AP250 Firmware 10.3.x). I have connected the conspicuous devices to the "WIFI VLAN" via USB-RJ45 adapter and have not seen any problems in the IPv6 connectivity.
I also made a case to the WIFI vendor.... Sorry for the noice.
You may not need it now, but the more people procrastinate, the longer it will take to move to IPv6 and the world as a whole will suffer for it. The shortage of IPv4 addresses was obvious many years ago and even to me, when I was just learning about IPv4. I remember sitting in the class and thinking to myself that 4B addresses wasn't enough.
We need more mandates to provide IPv6, just as happened in India, China and elsewhere. The move to IPv6 is being driven by the 3rd world, when we should be leading, not following. In Canada, many companies are providing IPv6, but for some reason not Bell Canada, where even on their cell network, where IPv6 is mandatory for 4G, they do a poor job of it.
Curiously, Telus, which is Bell's partner (they even shared cell networks) in the western part of the country, was one of the first to provide IPv6, even before Rogers, which I'm on. All the Canadian cable companies I'm aware of provide IPv6, as do some of the resellers that use Bell's ADSL network or Rogers' cable.
@jknott Thank you so much for pointing that out. The presense of the 192.168.0.0/24 address should have been a clue. Stupid me didn't think of bridge mode. I was able to enable bridge mode and everything is working as expected.
I realized my /60 prefix from Xfinity had changed, once I updated the NPt mapping all is well again. I was thinking that if the prefix changed, the v6 gateway would go down - but, that didn't happen. If anyone has any suggestions for how I might monitor a prefix change without using DHCP6 I'd be very appreciative. Unfortunately, I don't think I can have two interfaces each pulling prefixes with DHCP6: https://redmine.pfsense.org/issues/6880
My workaround was to get the prefix through DHCP6 on the Xfinity interface, then use the assigned ipv6 address, gateway and prefixes to for a static configuration. Can't figure out a better way...
COMCAST support forums are a huge Joke!!! You got all the COMCAST Staff in there telling you their favorite answer "that configuration is 'not supported'" Trust me - I have B.T.D.T (been there done that).
I think I got it working in another way - back to 19/20 - still cannot figure out why I cannot get Hostname for ipv6 to show on the test. I can ping the IPv4 and IPv6 address of the DC and pfSense with name resolution - and they come back with the name from the DC.
From other machines on my network I get this
It resolves the NAME - but get ping failure.
I checked the Firewall on that workstation and ICMP is on - otherwise it would not have resolved the name or pinged at all.
This all worked for a couple of years but we have had some Hyperoptic upgrade done in the area and it has broken IPV6 connectivity using DHCPV6 (default configuration). Trying to work out what is best to do at the moment but wondering if anyone else has seen this? Only way of getting IPV6 right now is using the ISP provided kit which isn't giving much away about configuration.
I'm not hopeful of a solution right now as I've seen several other forum posts where people have either been able to get IPV6 working on their connection or not and if it works it seems to just work in the way described above but if it isn't working nothing seems to get it on, but will be trying a couple of options with PFSense over the next few days as we have a lot more info from the logs than on most of the other routers out there.