Charter will allow you a /56 if you select that on the "DHCPv6 Prefix Delegation size" config on the WAN interface. Then as stated you can use a 0-ff for the prefix ID on your internal interfaces to assign a /64 to that network.
So open a ticket - https://redmine.pfsense.org/issues/10364 - and was rejected asking for more information to be provided here.
Not sure what information to provide, but on the ISPs side all is working, as with two pfSenses works without any issues. Only when consolidating to one box is that the problem appears.
@jimp If states are not to be preserved, then a disable/enable (via a heartbeat mechanism or otherwise) might do the trick.. of course with a disruption of the IPv6 connectivity while the tunnel is re-establishing itself.
To the ones that may have the same problem as me, I managed to go a little further. To allow incoming ICMPv6 ping messages I had to uncheck those two options on my interface:
8d0c7aec-55ca-44c1-a620-957d549360ae-image.png
I'm still having a problem with my Cisco SG250-26 which does not let some IPv6 packets passing through...
I think it's being blocked by the default deny rule. Make a rule on that VLAN3_HB interface for tcp port 22 and set it to accept.
If you assign a new interface there aren't any rules applied to it so everything will be blocked by default. Also if the machine your connecting to is on another segment make sure a firewall rule that will let that traffic pass is applied.
I assume ssh to pfsense is working because pfsense has anti lockout rules for local ssh managment.
Sounds like a similar issue to what happens when devices use NIC teaming or similar to impersonate one another's addresses in non-standard ways.
I don't see a sysctl to affect that directly but you might try adjusting the value of the net.inet6.ip6.log_interval tunable. You can make an entry for it under System > Advanced on the tunables tab. It controls the number of seconds between log messages. So you could maybe try -1 or 0 to disable, or a much higher value so it happens less frequently (e.g. 120, 3600, 86400...)
Alright so that is working, but now the LAN VM's have no access to the WAN. I have been troubleshooting for a while now on what this could be but cannot find anything on it... I have no gateway for LAN nor routing setup.
As noted, so long as you have zero-loss connection, fragmentation is not an issue. For example, my HE.NET connection is a corporate one and out of the peak times (around 3 p.m. work days) it passes all tests for any MTU <= 1472 and MSS <= MTU - 20. Problems arise only under heavy load.
By the way, the harder targets (to me) are those in Eastern Europe, Latin America, and Africa.
There are enough /48s to give every single person on earth over 4000 of them. This is with only 1/8 of the IPv6 address space assigned to GUAs. Over 3/4 of the address space isn't even allocated to anything.
<devils advocate>
This is true, but it is not reflected in the price ARIN charges for v6 space. For a small provider, the annual fee doubles when you go from a /40 (256 customer allocations) to a /36 (4096 customer sites), and doubles again when you go to a /32 (65,536 sites). Probably smaller shops are trying to cut costs on v6 deployment, as it offers little benefit to them if they have sufficient v4 space.
</devils advocate>
known by me, but the "internal routing" within the pfsense from LAN to WAN and vice-versa is a mystery in that case to me.
We have a normal business DSL by DTAG, WAN is PPPoE, DHCP6, DHCPv6 Prefix of /56, LAN with Trackinterface WAN. All is static. It's like dynamic but always the same IPs. Maybe it helps, don't know if its different with other connection types.
pfadmin
