IPv6

• D

  IPv6 Tutorials
  • dwabraxus

  2
  1
  Votes
  2
  Posts
  26780
  Views

  J

  Thanks for the tutorial :)
• C

  IPv6 test sites
  • cmb

  15
  0
  Votes
  15
  Posts
  37450
  Views

  M

  I created ipv6.getmyip.com to test my IPv6 connectivity. It only has an AAAA record and it only returns your IPv6 address if your IPv6 stack is working properly (otherwise it doesn't return anything). It works great with curl (which is the main reason I built it).
• N

  Dynamic IPv6 Prefix assignment issue in xDSL users
  ipv6 • • niloofar

  40
  0
  Votes
  40
  Posts
  587
  Views

  

  @bimmerdriver said in Dynamic IPv6 Prefix assignment issue in xDSL users: Netflix doesn't work over it. So what - use IPv4 for that... While I am all for IPv6 and would love to see it move more mainstream... In the BIG picture its not here yet.. There is ZERO reason for you to have to use it, especially as a home user. Sure if you are hosting services to the public you should make sure your services are available on IPv6.. I have been playing with IPv6 for years and years and years.. Way before the root servers for dns were even on IPv6.. Was one of the first few hundred to get my sage cert from HE.. Sorry but there are ZERO reasons to deal with nonsense ISPs that don't get it... Use a freaking tunnel if you are forced to use the ISP you have.. My current isp doesn't even provide IPv6 - I don't give 2 shits because I have 5X the speed for 1/2 the price of comcast.. Multiple threads around here about blocking AAAA for netflix if that is your only concern.. Here is the thing I have IPv6 on my network, I even host to the public ntp on IPv6... Through a tunnel - my devices that I use to watch netflix.. I just don't enable IPv6 on them its that freaking easy. Its great that you want to learn and play and participate in the future, which for sure is IPv6.. But there is nothing forcing you to use it... Please name 1 actual public resource that is you HAVE to have IPv6 to access... Just 1... Other than some odd ball p0rn fetish site (which there are 100,000 others to choose from)... Or maybe a few sites on the darkweb. How fast you think ISP would get their shit in order if users actually complained about IPv6 issues. Problem is the only ones that give 2 shits about it are people like you.. 1 in 1000, maybe 10000 of their users.. I would love nothing more to just use IPv6.. Sorry not here yet - I am pretty freaking sure I will be retired from the biz well before that happens.. So while I understand your grief - your ranting to the wrong place... Its not the router distro your using problem to fix a BORKED deployment from your ISP.. And to be honest, the few developers have way more important things to worry about than some odd ball ipv6 hack to help some users on some borked isp setup ;) As already mentioned if you want a fix or hack or whatever you want to call it to handle your isp nonsense... Then submit your pull request :) Or just do the simple thing and use a HE tunnel to get your IPv6 fix... Or get your own IPv6 space from your local RIR, and get an ISP that will route it to you.. Expecting your typical residential ISP that has billy wanting to download porn and stream internet really doesn't give 2 shits about proper IPv6 deployment nor do they hire the appropriate skilled level engineers to deploy it correctly..
• C

  Router advertisement problem: wrong dns server when dns forwarder or resolver is enabled.
  • correajl

  6
  0
  Votes
  6
  Posts
  95
  Views

  

  It says unless your running forwarder/resolver.. Prob could be worded a bit more precise - or actually check to see if listening on actual interface if you have strict set. Normally people that run resolver/forwarder want their dhcp clients to talk to pfsense. This is what like 99% of use cases (number just pulled out of my ass <grin>) If you have a lot of interfaces pick the way you want to go about it that is least amount of work ;) I will try and duplicate so can put in request to have wording updated, or option changed so that if strict and not bound to interface don't hand out pfsense IP.
• B

  What is expected behaviour of pfSense if ISP edge router does not send periodic RA?
  • bimmerdriver

  9
  0
  Votes
  9
  Posts
  205
  Views

  B

  @derelict Thanks for your reply. This ISP has made some of possibly questionable implementation decisions in their network. First, the DHCP before RA feature was tested on this network. Their edge routers will not respond to an RS until after the DHCP solicit/advertise and DHCP request/reply sequence is complete. After that, the edge router will respond to an RS with an RA. I just fired up wireshark and captured some packets. The router lifetime in the is 4500 seconds (75 minutes), the reachable time is 0 and the and the retrans timer is 100 ms. These values are also used in the unsolicited RA messages, which leads to another interesting implementation decision. Second, the time between the unsolicited RA messages ranges from approximately 15 minutes to approximately 30 minutes. I determined this by capturing RA messages over several hours. This is longer than usual, but according to RFC 2461, MaxRtrAdvInterval is 1800 seconds, so they are operating within the allowable limit. I also looked at the DHCP reply. T1 and T2 in the IA for PD are 300 and 480. The preferred lifetime and valid lifetime in the IA Prefix are 600 and 900, respectively. The above are from my router which is working properly. Apparently on some fiber networks, the unsolicited RA messages are not being sent at all. This is a known problem that they are working with the router vendor on. I'm trying to help someone else figure out why pfsense is behaving as I described above. Based on these timers, I would think it should work for 75 minutes (or whatever the prefix lifetime is) until the prefix expires, then it should stop working. However, it seems to fail once after initially getting a prefix, then if the interface is restarted, it keeps working. I don't understand why it would keep working if prefix expiration is causing it to stop working after the interface is started. Maybe something else is going on. I don't have packets captured from this network, but I'll try to get some.
• K

  When 6to4 ipv6 is enabled, facebook mobile does not fully load all videos and pictures (IOS and Android)
  • kjstech

  21
  0
  Votes
  21
  Posts
  850
  Views

  K

  I know this is old but even on 2.4.4-p2 ipv6 only works for about 1 to 2 days and then all Facebook videos stop loading until I turn ipv6 off. I guess I will just have to give up on ipv6 with my ISP.
• A

  Splitting a static /48 from Mediacom into subnets
  • alankeny

  15
  0
  Votes
  15
  Posts
  175
  Views

  

  @alankeny said in Splitting a static /48 from Mediacom into subnets: With their static IPv6 allocation, the WAN side is basically a bridged network that can have 1,208,925,819,614,629,174,706,176 IPv6 hosts on it, and that's the only configuration option available. That's nonsense. A /48 is not usable in that manner. It's supposed to be split up into /64s, which are what is used on a LAN. For example, I have a /56. One /64 is used for my main LAN, a 2nd for a test interface and a 3rd for my VPN. MY ISP uses DHCPv6-PD to provide my prefix and WAN interface address. As Derelict mentions, take a look at what's on the wire. You might want to see if you can talk to 2nd level support. Maybe they might have a clue about how IPv6 works.
• 

  Comcast IPv6 WAN address and delegated prefix added, then removed seconds later
  • rohrej

  11
  0
  Votes
  11
  Posts
  389
  Views

  

  @rohrej said in Comcast IPv6 WAN address and delegated prefix added, then removed seconds later: That makes sense that it would only restart the interfaces if there is actually a new ruleset. However, restarting the interfaces should not cause multiple dhcp6c instances to run simultaneously. Agreed. This might be a problem with the way the daemon is handled when an interface cycles. Is pfSense terminating the running process before launching another, or does it perhaps just blindly start a new daemon instance when the interface comes up? I have not examined the code, so I'm not sure. Just throwing the question out there for consideration.
• D

  OSPF6 over IPv6 VTI Tunnel Interfaces
  • Davidkmessenger

  3
  0
  Votes
  3
  Posts
  182
  Views

  

  @pete35 said in OSPF6 over IPv6 VTI Tunnel Interfaces: some months ago i run into a similar problem. It looks like, that all the tunnels (openvpn, ipsec) doesnt provide the Link Local adresses of IPv6. OSPF needs them to work. I think, assigning the RFC4193 Address to the tunnels doesnt help in this case. Fire up Wireshark or Packet Capture and see what's actually happening. IIRC, OSPF announces itself via mulitcast. There should also be Neighbour Advertisements advising of the address in general. Do you see those? Also, the tunnels don't provide the link local addresses, the end devices do. However, link local addresses will not be routed. Are there any routers in between? It must be a direct connection between OSPF routers, which could include a tunnel.
• H

  IPv6 not working on LAN
  • heartofrainbow

  4
  0
  Votes
  4
  Posts
  144
  Views

  

  @heartofrainbow said in IPv6 not working on LAN: The WAN and LAN IPv6 addresses have the same prefix Doesn't work that way.. your so called passthru mode would be a bridge.. Why don't you call your isp and ask what they support or what is your ISP so we can look it up. What are you wanting to do with IPv6 exactly? If you don't even know how your ISP does it, why does it even matter... If you want IPv6 - just get a free tunnel from HE.. Then you can have a /48 and clickity clickity done... Doesn't matter what your ISP supports or doesn't support.
• N

  IPV6 on more than one NIC
  • Nthly

  25
  0
  Votes
  25
  Posts
  514
  Views

  

  @nthly Glad to help.
• F

  DHCP6C not requesting prefix / Confused
  • FTLN46

  8
  0
  Votes
  8
  Posts
  248
  Views

  M

  I sometimes have the same problem.
• X

  IPv6 no longer working after updating to 2.4.4
  • xero9

  17
  0
  Votes
  17
  Posts
  886
  Views

  N

  I have just pressed the button to upgrade to 2.4.4 and also experienced problems with IPv6 stopping working. SLAAC on the LAN interface was still working - hosts were still getting IPv6 addresses My IPv6 tunnel was still displaying a link-local IPv6 address But IPv6 connectivity had stopped working. I was unable to ping an IPv6 internet host from the Diagnostics -> Ping page I suspect the problem with was that the default IPv6 route stopping working but I had to get back up and running in a hurry, so my solution was to get hold of a copy of 2.3.5, re-install and restore a backup of the configuration.
• C

  Ipv6 setup for Telus
  • cdx304

  8
  0
  Votes
  8
  Posts
  243
  Views

  B

  @eternalglue said in Ipv6 setup for Telus: This is what worked for me: Navigate to Interfaces -> WAN IPv6 configuration should be DHCPv6 Under the DHCP6 config, select “Request only an IPv6 prefix”, prefix size 56, “Do not wait for a RA”, and “Do not allow PD/Address release”. Under the DHCP config, select advanced configuration and add “supersede dhcp-lease-time 1800;” under Option modifiers. I found this necessary to keep the IPv6 prefix working for longer than a few hours. Under your LAN interface, select track interface for IPv6, and pick a prefix ID of 0. Other interfaces can use nonzero IDs but I found if I didn’t use zero I would eventually lose the prefix and pfsense wouldn’t recover. You could also add some rules to allow the relevant ICMPv6 packets through the firewall. Just noticed this thread about Telus. Telus has played with lease times quite a bit. Lately, at least for DSL, the lease time is 10 minutes, so you will see it renew every 5 minutes. This happens in the background, so it makes no difference to the service. The only mandatory settings for Telus are: request prefix only, /56 prefix, and do not wait for ra. It's not strictly necessary to use do not allow pd release, unless you want the dynamic prefix to be as stable as possible. Telus will delegate the same prefix to the same DUID, unless another system requested a prefix while there was no active lease on it. The only difference do not allow pd release makes is that the prefix won't go back into the queue immediately, it will go back in after it expires. That's 10 minutes (BFD). In practice, if you keep your system running, the prefix won't change. As long as you keep an active lease on it, the prefix will stay the same.
• M

  DHCPv6 problem with Netgear router
  • mikekoke

  19
  0
  Votes
  19
  Posts
  312
  Views

  

  @mikekoke said in DHCPv6 problem with Netgear router: Richiesta scaduta. Request timed out - what are you rules.. If you don't allow icmp then no you wouldn't be able to ping.. Do a traceroute - does it actually send it to pfsense IPv6 So what network/prefix did you put on your lan side network? You sure your actually even surfing via IPv6? What does say https://test-ipv6.com/ show you when you go there from a client
• K

  PPPoE daemon selects wrong interface
  • kolpinkb

  1
  0
  Votes
  1
  Posts
  70
  Views

  No one has replied

• C

  IPv6 over PPPoE, wrong default gateway
  • Criggie

  9
  0
  Votes
  9
  Posts
  4110
  Views

  

  Likely something completely different. Start another thread. Locking this one.
• M

  IPv6 disabled, getting ipv6 address and clients getting ipv6 dns addresses
  • MrNick

  9
  0
  Votes
  9
  Posts
  239
  Views

  

  That is not your whole ipconfig /all output.. A widows box will have teredo, 6to4 and isatap interfaces listed... Unless you took the time to clean them up... They will attempt to get IPv6 and tunnel out of your ipv4 network.. If you want to play with IPv6 - your ISP doesn't have to support it.. Just get an HE tunnel.. they are FREE and and will give you a /48 to play with.. And they have certification program to walk through and help you learn the stuff you need to learn to correctly setup IPv6.. My last isp support ipv6 - well kind of.. It was way more trouble than it was worth... So I ran HE tunnel.. And my new isp doesn't have any ipv6 support.. Still have my same /48 because I was using tunnel.. But then again I only run it on the devices I want to run it on, for my own amusement and testing.. There is not actual "need" for it.. If that is something you want to do to learn about IPv6 than yeah lets go - lots of learning to do.. Happy to help... But when someone doesn't know the difference between a A record and AAAA... maybe they quite ready to ride the IPv6 train correctly. Here is the thing - IPv6 for sure is the FUTURE... But no matter how much some people want it... IPv4 is not going away any time soon.. For the home user, sorry there is no actual reason they need to run IPv6.. And to be honest until such time that they can commit to learning how to correctly configure it.. Its easier to turn it off.. Some people don't like that approach... But sorry thing tunneling out of your IPv4 network just to use a protocol that is not actually needed. Name a internet resource that you NEED, that you can not get to unless you have IPv6 and then we can talk about IPv6 being a "required" thing... And in the corp world - yeah the cost of transition on the lan side when they have all the IPv4 space they need with rfc1918.. Sure they can put their public facing stuff on both IPv4 and IPv6 that is for outside access.. But on the internal corp network - it cost money to do this transition... Until there is a financial reason - corp is going to drag their feet screaming into the IPv6 world.. So there is PLENTY of time to get up to speed on IPv6.. Nothing saying you need to take on that challenge right now.
• M

  DHCP / DHCP6 Disconnection issue
  • mloiterman

  2
  0
  Votes
  2
  Posts
  127
  Views

  M

  On my Comcast Interface page, I've enabled the option: "Do not wait for a RA". This seems to accomplish what I want to do. Are there any ill effects I should be aware of?
• 

  Kernel cannot forward src
  • dragoangel

  3
  0
  Votes
  3
  Posts
  115
  Views

  

  Ok, thank you, sorry for duplicated theme. About :3:: - it really not existing IP at all, but real if remove this part. I sure, because have ntopng installed and have configured monitoring for long time storing. For me this strange situation. P.S. This clients is Win10.
• P

  A looped back NS message is detected during DAD
  • pfsensier

  18
  0
  Votes
  18
  Posts
  6823
  Views

  

  @edooze said in A looped back NS message is detected during DAD: It is to do with pfSense, because the error is in pfSense. If the resolution is not, so be it, but that's what we're here to find out. I suggest you read up on how IPv6 duplicate address detection works. With it, a device is supposed to send out a NS to see if any other device is using the address it wants to use. If that address is in use, the device will then have an error condition to deal with. It has nothing to do with pfSense.
• 

  DHCPv6 does not pass PXE options to UEFI IPv6 clients
  ipv6 dhcpv6 pxe isc-dhcp-server uefi • • Peek

  2
  0
  Votes
  2
  Posts
  130
  Views

  

  So what does the config on pfSense look like vs your external server config? There must be some difference in the formatting or naming of the option to explain what is happening. Look in /var/dhcpd/etc/dhcpdv6.conf
• R

  Clients don't recieve DHCPv6 IP
  • Roally

  9
  0
  Votes
  9
  Posts
  230
  Views

  J

  @roally That's more than I see in my file. I am currently setting up a box with an older version of pfSense. 2.3.4 worked for all the time and I'll see soon whether there is a difference. If it would work, I'd know what is supposed to be in radvd.conf...
• L

  Local created oversized IPv6 UDP packets get dropped by pfsense
  • lst_hoe

  13
  0
  Votes
  13
  Posts
  223
  Views

  L

  It looks like FreeBSD is able to create IPv6 fragments (45 fragments created), but i have no idea where they are going to in case of the WAN interface. netstat -s -p ip6 ip6: 402474348 total packets received 0 with size smaller than minimum 0 with data size < data length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 fragments that exceeded limit 0 packets reassembled ok 614833 packets for this host 401766863 packets forwarded 2 packets not forwardable 45 redirects sent 746064 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 0 output packets discarded due to no route 0 output datagrams fragmented 45 fragments created 0 datagrams that can't be fragmented 0 packets that violated scope rules 0 multicast packets which we don't join
• P

  TunnelBroker - Should "Enable IPv6 over IPv4 tunneling" be enabled?
  • Paint

  3
  0
  Votes
  3
  Posts
  149
  Views

  P

  @jimp said in TunnelBroker - Should "Enable IPv6 over IPv4 tunneling" be enabled?: No, that is not needed. It's for passing IPv6 encapsulated traffic from your WAN through to some other device behind the firewall, so that the other device can handle IPv6 routing. https://www.netgate.com/docs/pfsense/book/config/advanced-networking.html#ipv6-over-ipv4-tunneling Thanks
• J

  Empty radvd.conf
  radvd • • jsphgttgns

  2
  0
  Votes
  2
  Posts
  97
  Views

  No one has replied

• 

  Three Entries in NDP for Some Devices? [ANSWERED]
  • beremonavabi

  4
  0
  Votes
  4
  Posts
  126
  Views

  

  @beremonavabi said in Three Entries in NDP for Some Devices? [ANSWERED]: Unfortunately, I don't even have a name for what I'm seeing so I can't look it up. https://en.wikipedia.org/wiki/IPv6#SLAAC_privacy_extensions
• D

  Can ping IPv6 from LAN but not from firewall itself
  • deed02392

  24
  0
  Votes
  24
  Posts
  288
  Views

  D

  I got an e-mail from Hyperoptic today saying that apparently IPv6 is disabled pending a firmware update they are currently working on... not sure if was just being fobbed off but that was enough discouragement to make me leave playing for a few days. I will try again then. I wonder if this is a firewall issue really but I tried a bunch of frankly scary things there too and nothing helped.
• F

  NPT rules are not created and no error warning appears.
  • fabianburpf

  3
  0
  Votes
  3
  Posts
  132
  Views

  F

  @jimp Thanks, this time I have edited the file /etc/inc/filter.inc as it appears here: https://redmine.pfsense.org/projects/pfsense/repository/revisions/e9446f537051c7b536d0b3fbb5ebd00c3766001a/diff?utf8=✓&type=sbs /* Do not form an invalid NPt rule. * See https://redmine.pfsense.org/issues/8575 */ if (!(is_subnetv6($srcaddr) || is_ipaddrv6($srcaddr)) || !(is_subnetv6($dstaddr) || is_ipaddrv6($dstaddr))) { continue; } the system patches package it seems that it is not ready yet, but with that edition by hand it works great for now and in version 2.4.5 it will be fixed. Putting a prefix other than 128 does not work in the environment I use, the rule is created, but it does not work as expected. Thank you
• C

  Cannot Ping pfSense ULA From Subnet Without ULA Assigned to Firewall
  • chewie198

  8
  0
  Votes
  8
  Posts
  179
  Views

  C

  Either way, I still can't ping the firewall address regardless of the prefix length. 53::1 works fine, fd53::1 doesn't work - and the 53::1 address works whether the prefix is /64 or /128. I've tested from Ubuntu, Windows, and Android, to rule out an OS related issue, but they're all a no-go. Is anyone able to test this from a interface IPv6 address set to Track WAN Prefix? That's the only different variable that I can see here. If not, I'll likely spin up a clean pfSense VM to see whether this is occurring on a fresh install. Is it possible that a plugin could be causing this, and if so, is there a consistent way to disable them without complete removal?
• J

  IPv6 unbound problem
  • jsphgttgns

  5
  0
  Votes
  5
  Posts
  214
  Views

  J

  It seems as if radvd is not working properly. Either there is no routing info, or unbound marches to a different drummer. I think the next step is to find out what the ISP actually sends and evaluate that with Wireshark. It could be problem a problem with the subnets and prefix sizes.
• 

  2.4.4 ICMPv6 Firewall Rules?
  • beremonavabi

  20
  0
  Votes
  20
  Posts
  416
  Views

  

  @sigi said in 2.4.4 ICMPv6 Firewall Rules?: @beremonavabi Maybe you should go once to cli or "Diagnostics / Command Prompt" and execute "pfctl -s rules" this will help you understand about hidden rules.. Thanks. According to that: Shell Output - pfctl -s rules ... pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state ... That makes much of this discussion moot. It looks like fSense defaults to allowing (with various restrictions): Packet Too Big Destination Unreachable Echo Reply Echo Request Neighbor Advertisement Neighbor Solicitation Router Advertisement Router Solicitation Oddly, of the Neighbor Discovery subset, it doesn't default to allowing Redirect. I wonder why? Of course, if it defaults to allowing those ICMPv6 subtypes into the system, why not those other "must pass" subtypes: Parameter Problem (invalid IP header) Time Exceeded?
• F

  What is my ISP using for IPV6?
  • FTLN46

  5
  0
  Votes
  5
  Posts
  248
  Views

  

  @ftln46 said in What is my ISP using for IPV6?: What I was having a hard time figuring out is why does my WAN interface get no global IPV6 address ? From a technical standpoint, it's not needed. A global IPv6 address on the WAN interface wouldn't be used for anything beyond testing (ping, etc.) or management. On IPv6, routing is normally done with the link local addresses. As for your ISP, you'll have to ask them if they provided an IPv6 address for the WAN interface. .
• A

  Replaced Modem, No Longer Acquiring IPv6 Address
  • AboveUnrefined

  5
  0
  Votes
  5
  Posts
  318
  Views

  A

  @mircolino I wish I could give a better answer but I did what I previously described and my problem hasn't come back since. I think there was some sort of setting persisting that shouldn't have and what I did was clear it out...
• I

  dhdcpv6 does not add forward mappings for static ipv6 entries
  • ivarh

  1
  0
  Votes
  1
  Posts
  111
  Views

  No one has replied

• R

  IPv6 DHCP error when I'm trying to get prefix from ISP
  • Roally

  2
  0
  Votes
  2
  Posts
  141
  Views

  B

  @roally Are you certain your ISP delegates a /48?
• A

  Static LAN IPv6 not assigning to device
  • attewell

  7
  0
  Votes
  7
  Posts
  190
  Views

  A

  Doesn't say much? ND entry? how do I delete?
• F

  When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface
  • fabianburpf

  36
  0
  Votes
  36
  Posts
  603
  Views

  F

  @bepo I know that it is not a payment service @bepo, thanks for remembering it. I also know that there are comments that allow progress and others that do not. Thank you for your comment.
• X

  Hyper-v & IPv6 = crash when enable track interface on LAN?
  • xbryan

  2
  0
  Votes
  2
  Posts
  182
  Views

  X

  Is anyone running Hyper-v w/ v6 dhcp working from ISP on this latest pfsense??
• S

  IPv6 for a single client ?
  • Satras

  4
  0
  Votes
  4
  Posts
  211
  Views

  

  Overall, IPv6 works the same as IPv4, but there are some differences. One great benefit is getting rid of NAT. If you want a consistent address, you just have to turn off privacy addresses. The way you do that depends on your operating system.