@ofloo route get -inet6 default show the correct gateway, .. I've disabled the rule from the firewall that is making it use a this gateway.

Still it uses the wrong interface.

So I removed he.net from that gateway group. And still it uses he.net.

Even when route get -inet6 default shows a different IPv6 gateway. This is not just broken, but seems impossible to me.

@fabrizior Nope, no setting for IAID in static mappings in 2.5.0...Sounds like a good feature request though... assuming dhcp6d has a way to use it...

@virgiliomi said in Configuration IPV6:

Easier until you start assigning IP ..........
I don't see any case where DHCPv6-PD would be desirable over a static IPv6 block. But maybe that's just me.

Noop, you got a point.

I have to add that I'm using a static IPv6 setup myself, as my ISP

doesn't know what IPv6 is. and if they do, they come up with a single /64 or a /56 but only the first /64 is routable or ..... (whatever, their BOX has just one LAN so they don't understand the fuzz - not even that some clients are actually companies and they could have more then 1 LAN ....)

with he.net, the one I'm using, the price is : not worlds fastest ISP, but free and rock solid. And very static.

@virgiliomi said in Configuration IPV6:

My prefix was rock solid on my last ISP (Comcast). .....
unplugging the interface or rebooting.

A pretty solid proof that '$$$€€€' and 'Mbits/sec' is just a part of the equation.
Good 'protocol' support is as important. And this one doesn't need the reading of their promises on paper. It will always be "Hands on testing for 6 months" ;)

@virgiliomi said in Configuration IPV6:

But they don't. Because my DUID hasn't changed...

They probably cleared out their DHCPv6 server cache and settings.
As you said : they are probably in the implementing phase.

@pmisch Well that's the thing. More and more the answer is "just use a competing product". What is Pfsense even for anymore if they can't fix years old bugs and they can't do IPv6 under realistic real world scenarios? Pfsense looks like a dying project to me so I've personally been steering people away from it.

No further issues since upgrading to 2.5.0. Looks like the bugs have been squashed!

@viktor_g I have a static IP (via DHCP4/6) from my ISP. The IPv4 works with no problems. IPv6 gets an IP ok, but the resolv.conf.never updates.
Rebooted multiple times.
The other day I was looking at the scripts that update the resolv.conf for IPv6.
If I am not mistaken, they only do so if the IP changes.
Which it won't with a static IP.
Although I could be misinterpreting.
I gave up and added the DNS entries via the General Setup to get around this issue for now.

@tadao I forgot to mention that the WAN Interface Address of the pfSense must be set to DMZ IP on the ISP router/modem.

@jknott Thanks for your help! I am gonna try that when I have the day off. I'll let you know if I got it to work!

I upgraded this morning my main 'company' pfSense to 2.5.0.
I'm using he.net for my my IPv6 'needs'.

I had nothing to do.

Everything came up and was working fine.
( + captive portal using FreeRadius - OpenVPN server for my remote access).

Even a non-native package I installed many years ago was upgraded and kept on running.

@virgiliomi said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:

There's a bug in 2.5.0 that has been found that requires a monitoring address to be manually added in the System > Routing settings for the IPv6 gateway. The gateway will show as "Pending" until a monitoring address is manually set. For whatever reason, 2.5.0 is not automatically getting the gateway address and monitoring it. Try adding a monitoring address (you can make it anything valid/reachable for the purpose of testing) and see if that fixes things for you.

If you want to add the exact gateway address as the monitor address, go to Diagnostics > Routes and copy the default gateway from the IPv6 table. Just know that this could change if your ISP does maintenance before the bug is fixed.

Hopefully that helps...

This worked for me, thanks!

@andrew_241 Yeah, those look like "policy routing" rules since you were specifying a gateway (rather than letting pfSense use the default gateway). But if you only have one WAN connection, or you don't want to route specific traffic in a specific way, you don't really need those rules, because everything can just route through the default gateway.

But since you had those rules... there is a deeper issue with the IPv6 gateway behind the scenes, so the IPv6 rule was not functional because of the bug, and was preventing your IPv6 traffic from flowing as a result.

I got it working again, by restoring a previous config.

@virgiliomi does re-saving the interface fix the issue? That seems to be the case with me.

Edit: did some testing and it seems that my interface got corrupted, deleted it and re made it and now its all good, survives reboots, looked in the logs and saw that the dhcp6c precess couldn’t find the interface and then it would quit.

I just did another test with a second LAN Track Interface on WAN2.

There i used Prefix 1 and after a reboot (why is this necessary?) the second LAN also get it's IPv6 prefix.

So it seems you just can use it with increasing values. So why is this the case?

@jefftee
If I unblock private networks and loopback addresses on my WAN, the gateway comes back as up.
Try that

@gary201 The issue from July 2019 was resolved without them really going into detail about what was happening during their large maintenance/migration. When I got in touch with them they were still in the "putting out fires" mode. They made a note of my issue, emailed me a few days later when they had a fix in place for me to verify, and all was good.

Around December 2nd of 2020 I did have an IPv6 outage after a maintenance window. No IPv6 traffic was routing. I also tried different machines directly wired to the ONT at that time to verify it wasn't something on my end (not that I had changed anything). I reached out to them and they were able to in their words, "remove a filter" and it fixed my issue. I'm not sure how helpful that is, but it's all they told me.

@viktor_g said in IPv6 PPPoE MSS incorrect:

@bm118

Could you test this patch: 135.diff

You need to install System Patches pkg:
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

Works a treat, thank you very much!

Redmine issue created:
https://redmine.pfsense.org/issues/11415

@hescominsoon

I'm not sure what to say other than maybe try Comcast's forums or other ISP community sites on the internet for settings that will work. It's been over a year since I had Comcast service, but I used pfSense with IPv6 and had no issues for over four years using the settings I provided earlier.

If you have a gateway (modem+router) in gateway mode, pfSense won't work for IPv6 because the gateway will acquire a single /64 for its own use. I don't know if their gateways will sub-delegate additional /64's or not.

If you have a gateway that is in bridge mode, or have just a regular modem (I used both Motorola/Zoom and Arris modems over my time on Comcast), you should be able to request a /60 unless they've changed things since I left.

OK i think I found the "issue". The first interface I ipv6 enabled gave itself the entire /56 delegation, I had to change the prefix id and change it back to make it only grant itself a /64.