@aljames said in radvd.conf - invalid all-zeros prefix:

I’ll need to educate myself more on it.

IPv6 Essentials is an excellent reference. In addition to the things mentioned above, there are also some things that go to improved performance, such as fixed length headers and more.

Here is another excellent reason to move to IPv6.

Despite clear warnings, Europe is out of IP addresses—again

There haven't been enough IPv4 addresses for several years and the situation is getting worse.

Dear all,

Thank you. I will keep plugging at this; will keep posted as need arises.

Cheers!

@DraNick

The link local address normally comes from the MAC, but can be changed, for example my LAN gateway address. However, what you can try is changing the MAC address, so that it will provide the correct link local address. That can be done on the WAN interface page. I suspect what you're seeing is pfSense is not allowing you to set a 2nd link local address, as only one is allowed. I don't know if there's a way to change the WAN link local address directly, as happens on the LAN side.

When a link local address is created from the MAC, fffe is inserted in the middle and the 7th bit is inverted.

Also, the link local address only has to be unique on the local connection. You could use the exact same one on another interface. For example, I have fe80::1:1 on 2 interfaces as shown below.

inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x2
inet6 fe80::1:1%bge0 prefixlen 64 scopeid 0x1

The difference is the interface ID.

As I mentioned, link local addresses are often used for routing, as a router only has to know how to reach the next hop. In fact, with point to point links you don't even need any IP address. All you need is the interface that connects to the next router.

Like I said turn off default logging and only log what you want... So you can set it up to block and log your tcp stuff, but not the multicast

@chrcoluk I downloaded 2.5 and tested this today.

Based on my results i created https://redmine.pfsense.org/issues/9893

If you have any information you could add to the new bug it would be appreciated.

Or ignore the logs.

Or make rules that suppress the logs.

Whether or not you enable IPv6 really depends on whether or not you have IPv6.

@JKnott I finally figured it out. "Track Interface" is the option that seems to be the right way to solve my problem.

@adhodgson said in IPV6 working on LAN but not pfSense box itself:

Could I potentially use one of the /64s on the WAN side?

No point in doing that. You already have a /128 address on the WAN and the link local address is used for routing. That's all you need.

I had a problem with my ISP a few months ago. I used Wireshark and Packet Capture to see what was happening. I also tethered my notebook computer to my cell phone so that I could test from outside my network. With that, I was able to determine that the problem was not on my network and was even able to identify, by host name, the failing system at my ISP.

One thing I did, which helped is I used a 5 port switch, configured as a data tap, to monitor the traffic between my modem and firewall, when pfSense was booting up.

after losing 2 days of sleep
the problem was solved after disabling "Block private networks and loopback addresses" and/or "Block bogon networks" that i had on the WAN interface
it was mentioned here
https://redmine.pfsense.org/issues/9631
also a route come out of nowhere after cheking the routing table i had the ip from general settings / DNS inside the routing table

@amello said in IPv6 address allocated but not working:

It is u-verse, so DSL on dry line.

A couple of my friends have ADSL and get IPv6. I don't know the details though.

For what I read so far. It seems that that Aris can handle IP Passthrough and Default Server, and as I understood the latter is like putting a host in DMZ.

Perhaps the people in the forums can help with that.

@JKnott They could set dummy addresses (albeit not practical) not needing to know if they're assigned to a host or not. But it's academic at this point. It's technically possible but not practical.

It does require the ISP to delegate the reverse records but my ISP is not going to do that.

@lohphat said in pfsense and IPv6 default behavior:

I understand that and agree however multicast is intrinsic to IPv6 not optional with IPv4. IPv6 internal consistency of multicast groups replacing broadcast and other functionality means that it should either be enabled fully or a clear, clean setting to enable multimedia multicast.

For stuff directly on the LAN, multicast works fine and pfSense is not involved, except for it's own needs. It's only when you go beyond that you have to enable it. This is the same for every just about everything. By default, firewalls block everything coming in.

@Derelict 😌 Would you believe it. That was the last place I never check. Doh ! Thanks. 😖

@Derelict I think it's a CPE issue not Spectrum, but that's just a guess.

@johnpoz said in Can`t get provided /56 prefix:

Plus multicast ....

Ok, so I'm saved by the fact that DHCP traffic is passed upfront, before the bogon rule list (example).
Thanks for the explanation.

just installed a pci network card, and RA is working out of the box :)

thank you
resolved.

@johnpoz

It's a Lenovo E520 ThinkPad. It's whatever driver comes with Windows 10, as I haven't installed any other. It originally came with Windows 7. I just took a quick look and didn't see any I could download.

@tomeq82 well aware that interfaces may be set to prefixes longer than /64 in certain router-to-router links, etc. That is not what is being discussed here. Interfaces with hosts on them need to be /64.

Sounds to me like the ISP has implemented a brain-damaged provisioning. I'd tell them to fix it.