• How to setup IPv6 for Comcast or similar ISP?

    6
    0 Votes
    6 Posts
    6k Views
    M

    I'm using pfSense + 24.11 .

    The menu/settings structure is not exactly the same.

    I believe I found the equivalents, and tried to apply them. I just could not get IPv6 to work on my LAN.

    I even did a full factory reset of pfSense and started from scratch, following instructions in this thread. It's a no go.

    I'm using a Comcast XB8 in bridge mode, but don't think the modem makes any difference. IPv4 works great, including inbound for my Wireguard VPN.

  • fios ipv6 down NJ

    2
    0 Votes
    2 Posts
    371 Views
    D

    working now

    New GUAs

  • 0 Votes
    4 Posts
    506 Views
    B

    https://redmine.pfsense.org/issues/15808

    Should be in the next release 2.8/25.03
    I think NAT64 might also come in that release.

    I'm hoping for custom dhcp options in KEA, but the old dhcp is a fallback.

    Then i need to wait for CLAT in Windows, which was talked about in a blog post last year, radio silence sinse then from MS

  • Anyone ever seen fe80 src address trying to access internet port 443?

    8
    0 Votes
    8 Posts
    985 Views
    johnpozJ

    @Gertjan the alexas can dos my pihole all they want ;) that has zero to do with the cameras talking to the nvr, which is on an isolated network behind the nvr.

    And they could cut the power to the house as well. The nvr is on a ups and the cameras are poe - so while it won't last days should be able to get good 30 minutes or so of run time.

    Alexas in the landfill, what you have me do touch a light switch like a savage? ;)

  • 0 Votes
    3 Posts
    587 Views
    D

    @Bob-Dig That looks like it worked! Is there a limitation I should be aware of with how quickly those rules will update? I just don't want to leave an open hole in my firewall whenever my ISP drops the ball.

  • IPv6 static route ignored based on firewall rule placement

    1
    0 Votes
    1 Posts
    225 Views
    No one has replied
  • Routing: radvd: exiting, failed to read config file

    5
    0 Votes
    5 Posts
    586 Views
    D

    @Gertjan

    Oh - good observation - you know, my ISP had many issues recently, and my modem had to be restarted.

    Also, I added some new devices and reconfigured my DHCP server (new static mappings) several times recently.

    It seems like it might correspond to those events. Could it simply be a remnant of that? Since it hasn't happened in several days, might everything be OK?

    FYI:

    root 69058 0.0 0.1 13024 2796 - Ss 24Jan25 1:10.52 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog

    Yes, just one instance, dating back.

  • IPv6 firewall incoming rule - host IP relative to delegated prefix?

    4
    0 Votes
    4 Posts
    497 Views
    J

    @Gertjan

    OK, now I think I've hit a Heisenbug

    I noticed the rule specified the same port in the "From" and "To" port range, and the surrounding text said to leave the "To" port blank for a single port. I blanked out the "To" port and committed the change, and the ipv6 ssh forwarding started working.

    I made no other changes, and now the form fills in the "to" port with the same number, so it looks exactly like it did when it wasn't working.

    It appears the rule just needed to be updated, but I have no idea why since the update didn't actually change anything.

  • Alias tables don't contain IPv6 addresses anymore

    20
    1 Votes
    20 Posts
    2k Views
    I

    @JonathanLee said in Alias tables don't contain IPv6 addresses anymore:

    Is your zone transparent ? I had an issue with mine set to (type transparent) and it was causing issues

    Zone type is at default "transparent" not "type transparent".

  • Solution for dhcp6c problems after hardware change

    2
    0 Votes
    2 Posts
    291 Views
    JKnottJ

    @jhg

    Curious. I replaced the computer I originally ran pfSense on a few years ago. Other than changing the interface assignments, it just worked. I'm still using that new computer today. I'm on Rogers and they use a lot of the same hardware as Comcast. The first computer I ran pfSense on was a refurb HP compact computer and when it died I replaced it with the mini PC described in my sig.

  • Received delegated /64 prefix, ipv6 outgoing but no incoming?

    19
    0 Votes
    19 Posts
    2k Views
    J

    Solved, and it's not pretty.

    A debug message pointed me to /var/db/dhcp6c_duid containing text. So I removed the file to give DHCP6 a chance to start fresh. Then I disabled and re-enabled the WAN interface, and now everything's working.

    When I look at that file now, it's binary, not text. Somehow, that file was preventing IPv6 connectivity.

    Now all I have to do is reboot a few LAN devices that are hanging on to their old delegated prefix :-)

  • WiFi user don't get IPv6, cable users do... on the same VLAN

    10
    0 Votes
    10 Posts
    969 Views
    A

    @JKnott After coming back to this a few days later all the wifi clients are now getting ipv6. Must of been some sort of delay from when the ISP gives out the ip addresses.

  • Slow to get LAN side IPv6 addresses

    1
    0 Votes
    1 Posts
    149 Views
    No one has replied
  • Dynv6 with pfsense

    7
    0 Votes
    7 Posts
    4k Views
    JKnottJ

    @haunted

    If your prefix is consistent, you don't need DynDNS. I've had the same prefix for almost 6 years and just use a regular DNS server.

  • Multiple IPv6 bugs / quirks in pfSense

    7
    0 Votes
    7 Posts
    1k Views
    M

    Issue still present exactly as described above. Confirmed via wireshark that pfsense will relay ULA requests from a GUA to active directory and AD will ignore it since no scope is establish for my GUA.

  • High Availability LAN Party Setup: IPv6 VPN for CGNAT Bypass Question

    1
    0 Votes
    1 Posts
    212 Views
    No one has replied
  • Using Unique Local Addresses

    23
    5 Votes
    23 Posts
    6k Views
    D

    @JKnott

    I was younger than you when I got mine, but based upon your other historical background, I suspect that you're a few years older than me as well. Too bad we didn't know each other back then. I think we would have had a lot of fun.

    Thank you again for engaging with me in this discussion, and for keeping it civil. I've enjoyed the discussion, and look forward to communicating with you again.

  • Supressing logs blocking IPv6 mutlicast and broadcast addresses

    5
    0 Votes
    5 Posts
    392 Views
    JKnottJ

    @CatSpecial202

    There's no such thing as broadcasts on IPv6. The closest to it is all nodes multicast, which is an ICMP6 message. FF00::/8 is multicast. Since IPv6 relies on multicasts for a lot, you want to be careful of what in that range you filter. For example I just saw a multicast to ff02::1, which is a router advertisement to all nodes. If you block that, you'll kill your network. FE80 the link local range and those shouldn't even be passing through pfSense. However, they are also critical to the operation of IPv6, so again be very careful of what you filter.

  • UPnP& NAT-PMP IPv6 ACL?

    2
    1 Votes
    2 Posts
    254 Views
    jimpJ

    No, there isn't. miniupnpd itself doesn't support IPv6 ACLs.

    https://github.com/miniupnp/miniupnp/issues/694

  • Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?

    13
    0 Votes
    13 Posts
    2k Views
    leresL

    @tibere86 said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

    Hello @keyser and @leres .Were either of you able to resolve this issue?

    I to get both DHCP6 and autoconf addresses with the autoconf address usually before the DHCP6 address so it's the one that gets used. I found I can change the order by manually removing and adding ones of the addresses but this reverts after awhile so I gave up and just live with the order I end up with.

    [anonymized addresses]

    pylon 724 # ifconfig mvneta0 mvneta0: flags=1008b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 58:9c:fc:01:02:03 inet 99.105.88.5 netmask 0xfffffe00 broadcast 99.105.88.255 inet6 fe80::29c:fcff:fe01:7f15%mvneta0 prefixlen 64 scopeid 0x1 inet6 2600:1700:c01b:5700:29c:fcff:fe01:7f15 prefixlen 64 autoconf pltime 3600 vltime 3600 inet6 2600:1700:c01b:5700::36 prefixlen 128 pltime 3600 vltime 3600 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.